Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

+16

Documentation/devicetree/bindings/crypto/artpec6-crypto.txt

··· 1 + Axis crypto engine with PDMA interface. 2 + 3 + Required properties: 4 + - compatible : Should be one of the following strings: 5 + "axis,artpec6-crypto" for the version in the Axis ARTPEC-6 SoC 6 + "axis,artpec7-crypto" for the version in the Axis ARTPEC-7 SoC. 7 + - reg: Base address and size for the PDMA register area. 8 + - interrupts: Interrupt handle for the PDMA interrupt line. 9 + 10 + Example: 11 + 12 + crypto@f4264000 { 13 + compatible = "axis,artpec6-crypto"; 14 + reg = <0xf4264000 0x1000>; 15 + interrupts = <GIC_SPI 19 IRQ_TYPE_LEVEL_HIGH>; 16 + };

+13

Documentation/devicetree/bindings/crypto/atmel-crypto.txt

··· 66 66 dmas = <&dma1 2 17>; 67 67 dma-names = "tx"; 68 68 }; 69 + 70 + * Eliptic Curve Cryptography (I2C) 71 + 72 + Required properties: 73 + - compatible : must be "atmel,atecc508a". 74 + - reg: I2C bus address of the device. 75 + - clock-frequency: must be present in the i2c controller node. 76 + 77 + Example: 78 + atecc508a@C0 { 79 + compatible = "atmel,atecc508a"; 80 + reg = <0xC0>; 81 + };

+30

Documentation/devicetree/bindings/crypto/st,stm32-hash.txt

··· 1 + * STMicroelectronics STM32 HASH 2 + 3 + Required properties: 4 + - compatible: Should contain entries for this and backward compatible 5 + HASH versions: 6 + - "st,stm32f456-hash" for stm32 F456. 7 + - "st,stm32f756-hash" for stm32 F756. 8 + - reg: The address and length of the peripheral registers space 9 + - interrupts: the interrupt specifier for the HASH 10 + - clocks: The input clock of the HASH instance 11 + 12 + Optional properties: 13 + - resets: The input reset of the HASH instance 14 + - dmas: DMA specifiers for the HASH. See the DMA client binding, 15 + Documentation/devicetree/bindings/dma/dma.txt 16 + - dma-names: DMA request name. Should be "in" if a dma is present. 17 + - dma-maxburst: Set number of maximum dma burst supported 18 + 19 + Example: 20 + 21 + hash1: hash@50060400 { 22 + compatible = "st,stm32f756-hash"; 23 + reg = <0x50060400 0x400>; 24 + interrupts = <80>; 25 + clocks = <&rcc 0 STM32F7_AHB2_CLOCK(HASH)>; 26 + resets = <&rcc STM32F7_AHB2_RESET(HASH)>; 27 + dmas = <&dma2 7 2 0x400 0x0>; 28 + dma-names = "in"; 29 + dma-maxburst = <0>; 30 + };

+21

Documentation/devicetree/bindings/rng/imx-rngc.txt

··· 1 + Freescale RNGC (Random Number Generator Version C) 2 + 3 + The driver also supports version B, which is mostly compatible 4 + to version C. 5 + 6 + Required properties: 7 + - compatible : should be one of 8 + "fsl,imx25-rngb" 9 + "fsl,imx35-rngc" 10 + - reg : offset and length of the register set of this block 11 + - interrupts : the interrupt number for the RNGC block 12 + - clocks : the RNGC clk source 13 + 14 + Example: 15 + 16 + rng@53fb0000 { 17 + compatible = "fsl,imx25-rngb"; 18 + reg = <0x53fb0000 0x4000>; 19 + interrupts = <22>; 20 + clocks = <&trng_clk>; 21 + };

+7

MAINTAINERS

··· 1162 1162 F: arch/arm/mach-artpec 1163 1163 F: arch/arm/boot/dts/artpec6* 1164 1164 F: drivers/clk/axis 1165 + F: drivers/crypto/axis 1165 1166 F: drivers/pinctrl/pinctrl-artpec* 1166 1167 F: Documentation/devicetree/bindings/pinctrl/axis,artpec6-pinctrl.txt 1167 1168 ··· 8770 8769 F: drivers/dma/at_hdmac.c 8771 8770 F: drivers/dma/at_hdmac_regs.h 8772 8771 F: include/linux/platform_data/dma-atmel.h 8772 + 8773 + MICROCHIP / ATMEL ECC DRIVER 8774 + M: Tudor Ambarus <tudor.ambarus@microchip.com> 8775 + L: linux-crypto@vger.kernel.org 8776 + S: Maintained 8777 + F: drivers/crypto/atmel-ecc.* 8773 8778 8774 8779 MICROCHIP / ATMEL ISC DRIVER 8775 8780 M: Songjun Wu <songjun.wu@microchip.com>

+3 -2

arch/arm/crypto/Kconfig

··· 94 94 ARMv8 Crypto Extensions 95 95 96 96 config CRYPTO_GHASH_ARM_CE 97 - tristate "PMULL-accelerated GHASH using ARMv8 Crypto Extensions" 97 + tristate "PMULL-accelerated GHASH using NEON/ARMv8 Crypto Extensions" 98 98 depends on KERNEL_MODE_NEON 99 99 select CRYPTO_HASH 100 100 select CRYPTO_CRYPTD 101 101 help 102 102 Use an implementation of GHASH (used by the GCM AEAD chaining mode) 103 103 that uses the 64x64 to 128 bit polynomial multiplication (vmull.p64) 104 - that is part of the ARMv8 Crypto Extensions 104 + that is part of the ARMv8 Crypto Extensions, or a slower variant that 105 + uses the vmull.p8 instruction that is part of the basic NEON ISA. 105 106 106 107 config CRYPTO_CRCT10DIF_ARM_CE 107 108 tristate "CRCT10DIF digest algorithm using PMULL instructions"

+1 -3

arch/arm/crypto/aes-ce-glue.c

··· 285 285 286 286 ce_aes_ctr_encrypt(tail, NULL, (u8 *)ctx->key_enc, 287 287 num_rounds(ctx), blocks, walk.iv); 288 - if (tdst != tsrc) 289 - memcpy(tdst, tsrc, nbytes); 290 - crypto_xor(tdst, tail, nbytes); 288 + crypto_xor_cpy(tdst, tsrc, tail, nbytes); 291 289 err = skcipher_walk_done(&walk, 0); 292 290 } 293 291 kernel_neon_end();

+65 -23

arch/arm/crypto/aes-cipher-core.S

··· 10 10 */ 11 11 12 12 #include <linux/linkage.h> 13 + #include <asm/cache.h> 13 14 14 15 .text 15 16 .align 5 ··· 33 32 .endif 34 33 .endm 35 34 36 - .macro __load, out, in, idx 35 + .macro __load, out, in, idx, sz, op 37 36 .if __LINUX_ARM_ARCH__ < 7 && \idx > 0 38 - ldr \out, [ttab, \in, lsr #(8 * \idx) - 2] 37 + ldr\op \out, [ttab, \in, lsr #(8 * \idx) - \sz] 39 38 .else 40 - ldr \out, [ttab, \in, lsl #2] 39 + ldr\op \out, [ttab, \in, lsl #\sz] 41 40 .endif 42 41 .endm 43 42 44 - .macro __hround, out0, out1, in0, in1, in2, in3, t3, t4, enc 43 + .macro __hround, out0, out1, in0, in1, in2, in3, t3, t4, enc, sz, op 45 44 __select \out0, \in0, 0 46 45 __select t0, \in1, 1 47 - __load \out0, \out0, 0 48 - __load t0, t0, 1 46 + __load \out0, \out0, 0, \sz, \op 47 + __load t0, t0, 1, \sz, \op 49 48 50 49 .if \enc 51 50 __select \out1, \in1, 0 ··· 54 53 __select \out1, \in3, 0 55 54 __select t1, \in0, 1 56 55 .endif 57 - __load \out1, \out1, 0 56 + __load \out1, \out1, 0, \sz, \op 58 57 __select t2, \in2, 2 59 - __load t1, t1, 1 60 - __load t2, t2, 2 58 + __load t1, t1, 1, \sz, \op 59 + __load t2, t2, 2, \sz, \op 61 60 62 61 eor \out0, \out0, t0, ror #24 63 62 ··· 69 68 __select \t3, \in1, 2 70 69 __select \t4, \in2, 3 71 70 .endif 72 - __load \t3, \t3, 2 73 - __load t0, t0, 3 74 - __load \t4, \t4, 3 71 + __load \t3, \t3, 2, \sz, \op 72 + __load t0, t0, 3, \sz, \op 73 + __load \t4, \t4, 3, \sz, \op 75 74 76 75 eor \out1, \out1, t1, ror #24 77 76 eor \out0, \out0, t2, ror #16 ··· 83 82 eor \out1, \out1, t2 84 83 .endm 85 84 86 - .macro fround, out0, out1, out2, out3, in0, in1, in2, in3 87 - __hround \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1 88 - __hround \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1 85 + .macro fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op 86 + __hround \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op 87 + __hround \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op 89 88 .endm 90 89 91 - .macro iround, out0, out1, out2, out3, in0, in1, in2, in3 92 - __hround \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0 93 - __hround \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0 90 + .macro iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op 91 + __hround \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op 92 + __hround \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op 94 93 .endm 95 94 96 95 .macro __rev, out, in ··· 115 114 .endif 116 115 .endm 117 116 118 - .macro do_crypt, round, ttab, ltab 117 + .macro do_crypt, round, ttab, ltab, bsz 119 118 push {r3-r11, lr} 120 119 121 120 ldr r4, [in] ··· 147 146 148 147 1: subs rounds, rounds, #4 149 148 \round r8, r9, r10, r11, r4, r5, r6, r7 150 - __adrl ttab, \ltab, ls 149 + bls 2f 151 150 \round r4, r5, r6, r7, r8, r9, r10, r11 152 - bhi 0b 151 + b 0b 152 + 153 + 2: __adrl ttab, \ltab 154 + \round r4, r5, r6, r7, r8, r9, r10, r11, \bsz, b 153 155 154 156 #ifdef CONFIG_CPU_BIG_ENDIAN 155 157 __rev r4, r4 ··· 174 170 .ltorg 175 171 .endm 176 172 173 + .align L1_CACHE_SHIFT 174 + .type __aes_arm_inverse_sbox, %object 175 + __aes_arm_inverse_sbox: 176 + .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 177 + .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb 178 + .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 179 + .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb 180 + .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d 181 + .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e 182 + .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 183 + .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 184 + .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 185 + .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 186 + .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda 187 + .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 188 + .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a 189 + .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 190 + .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 191 + .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b 192 + .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea 193 + .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 194 + .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 195 + .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e 196 + .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 197 + .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b 198 + .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 199 + .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 200 + .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 201 + .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f 202 + .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d 203 + .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef 204 + .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 205 + .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 206 + .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 207 + .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d 208 + .size __aes_arm_inverse_sbox, . - __aes_arm_inverse_sbox 209 + 177 210 ENTRY(__aes_arm_encrypt) 178 - do_crypt fround, crypto_ft_tab, crypto_fl_tab 211 + do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 179 212 ENDPROC(__aes_arm_encrypt) 180 213 214 + .align 5 181 215 ENTRY(__aes_arm_decrypt) 182 - do_crypt iround, crypto_it_tab, crypto_il_tab 216 + do_crypt iround, crypto_it_tab, __aes_arm_inverse_sbox, 0 183 217 ENDPROC(__aes_arm_decrypt)

+2 -3

arch/arm/crypto/aes-neonbs-glue.c

··· 221 221 u8 *dst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE; 222 222 u8 *src = walk.src.virt.addr + blocks * AES_BLOCK_SIZE; 223 223 224 - if (dst != src) 225 - memcpy(dst, src, walk.total % AES_BLOCK_SIZE); 226 - crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE); 224 + crypto_xor_cpy(dst, src, final, 225 + walk.total % AES_BLOCK_SIZE); 227 226 228 227 err = skcipher_walk_done(&walk, 0); 229 228 break;

+191 -43

arch/arm/crypto/ghash-ce-core.S

··· 1 1 /* 2 - * Accelerated GHASH implementation with ARMv8 vmull.p64 instructions. 2 + * Accelerated GHASH implementation with NEON/ARMv8 vmull.p8/64 instructions. 3 3 * 4 - * Copyright (C) 2015 Linaro Ltd. <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2015 - 2017 Linaro Ltd. <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify it 7 7 * under the terms of the GNU General Public License version 2 as published ··· 12 12 #include <asm/assembler.h> 13 13 14 14 SHASH .req q0 15 - SHASH2 .req q1 16 - T1 .req q2 17 - T2 .req q3 18 - MASK .req q4 19 - XL .req q5 20 - XM .req q6 21 - XH .req q7 22 - IN1 .req q7 15 + T1 .req q1 16 + XL .req q2 17 + XM .req q3 18 + XH .req q4 19 + IN1 .req q4 23 20 24 21 SHASH_L .req d0 25 22 SHASH_H .req d1 26 - SHASH2_L .req d2 27 - T1_L .req d4 28 - MASK_L .req d8 29 - XL_L .req d10 30 - XL_H .req d11 31 - XM_L .req d12 32 - XM_H .req d13 33 - XH_L .req d14 23 + T1_L .req d2 24 + T1_H .req d3 25 + XL_L .req d4 26 + XL_H .req d5 27 + XM_L .req d6 28 + XM_H .req d7 29 + XH_L .req d8 30 + 31 + t0l .req d10 32 + t0h .req d11 33 + t1l .req d12 34 + t1h .req d13 35 + t2l .req d14 36 + t2h .req d15 37 + t3l .req d16 38 + t3h .req d17 39 + t4l .req d18 40 + t4h .req d19 41 + 42 + t0q .req q5 43 + t1q .req q6 44 + t2q .req q7 45 + t3q .req q8 46 + t4q .req q9 47 + T2 .req q9 48 + 49 + s1l .req d20 50 + s1h .req d21 51 + s2l .req d22 52 + s2h .req d23 53 + s3l .req d24 54 + s3h .req d25 55 + s4l .req d26 56 + s4h .req d27 57 + 58 + MASK .req d28 59 + SHASH2_p8 .req d28 60 + 61 + k16 .req d29 62 + k32 .req d30 63 + k48 .req d31 64 + SHASH2_p64 .req d31 34 65 35 66 .text 36 67 .fpu crypto-neon-fp-armv8 37 68 69 + .macro __pmull_p64, rd, rn, rm, b1, b2, b3, b4 70 + vmull.p64 \rd, \rn, \rm 71 + .endm 72 + 38 73 /* 39 - * void pmull_ghash_update(int blocks, u64 dg[], const char *src, 40 - * struct ghash_key const *k, const char *head) 74 + * This implementation of 64x64 -> 128 bit polynomial multiplication 75 + * using vmull.p8 instructions (8x8 -> 16) is taken from the paper 76 + * "Fast Software Polynomial Multiplication on ARM Processors Using 77 + * the NEON Engine" by Danilo Camara, Conrado Gouvea, Julio Lopez and 78 + * Ricardo Dahab (https://hal.inria.fr/hal-01506572) 79 + * 80 + * It has been slightly tweaked for in-order performance, and to allow 81 + * 'rq' to overlap with 'ad' or 'bd'. 41 82 */ 42 - ENTRY(pmull_ghash_update) 43 - vld1.64 {SHASH}, [r3] 83 + .macro __pmull_p8, rq, ad, bd, b1=t4l, b2=t3l, b3=t4l, b4=t3l 84 + vext.8 t0l, \ad, \ad, #1 @ A1 85 + .ifc \b1, t4l 86 + vext.8 t4l, \bd, \bd, #1 @ B1 87 + .endif 88 + vmull.p8 t0q, t0l, \bd @ F = A1*B 89 + vext.8 t1l, \ad, \ad, #2 @ A2 90 + vmull.p8 t4q, \ad, \b1 @ E = A*B1 91 + .ifc \b2, t3l 92 + vext.8 t3l, \bd, \bd, #2 @ B2 93 + .endif 94 + vmull.p8 t1q, t1l, \bd @ H = A2*B 95 + vext.8 t2l, \ad, \ad, #3 @ A3 96 + vmull.p8 t3q, \ad, \b2 @ G = A*B2 97 + veor t0q, t0q, t4q @ L = E + F 98 + .ifc \b3, t4l 99 + vext.8 t4l, \bd, \bd, #3 @ B3 100 + .endif 101 + vmull.p8 t2q, t2l, \bd @ J = A3*B 102 + veor t0l, t0l, t0h @ t0 = (L) (P0 + P1) << 8 103 + veor t1q, t1q, t3q @ M = G + H 104 + .ifc \b4, t3l 105 + vext.8 t3l, \bd, \bd, #4 @ B4 106 + .endif 107 + vmull.p8 t4q, \ad, \b3 @ I = A*B3 108 + veor t1l, t1l, t1h @ t1 = (M) (P2 + P3) << 16 109 + vmull.p8 t3q, \ad, \b4 @ K = A*B4 110 + vand t0h, t0h, k48 111 + vand t1h, t1h, k32 112 + veor t2q, t2q, t4q @ N = I + J 113 + veor t0l, t0l, t0h 114 + veor t1l, t1l, t1h 115 + veor t2l, t2l, t2h @ t2 = (N) (P4 + P5) << 24 116 + vand t2h, t2h, k16 117 + veor t3l, t3l, t3h @ t3 = (K) (P6 + P7) << 32 118 + vmov.i64 t3h, #0 119 + vext.8 t0q, t0q, t0q, #15 120 + veor t2l, t2l, t2h 121 + vext.8 t1q, t1q, t1q, #14 122 + vmull.p8 \rq, \ad, \bd @ D = A*B 123 + vext.8 t2q, t2q, t2q, #13 124 + vext.8 t3q, t3q, t3q, #12 125 + veor t0q, t0q, t1q 126 + veor t2q, t2q, t3q 127 + veor \rq, \rq, t0q 128 + veor \rq, \rq, t2q 129 + .endm 130 + 131 + // 132 + // PMULL (64x64->128) based reduction for CPUs that can do 133 + // it in a single instruction. 134 + // 135 + .macro __pmull_reduce_p64 136 + vmull.p64 T1, XL_L, MASK 137 + 138 + veor XH_L, XH_L, XM_H 139 + vext.8 T1, T1, T1, #8 140 + veor XL_H, XL_H, XM_L 141 + veor T1, T1, XL 142 + 143 + vmull.p64 XL, T1_H, MASK 144 + .endm 145 + 146 + // 147 + // Alternative reduction for CPUs that lack support for the 148 + // 64x64->128 PMULL instruction 149 + // 150 + .macro __pmull_reduce_p8 151 + veor XL_H, XL_H, XM_L 152 + veor XH_L, XH_L, XM_H 153 + 154 + vshl.i64 T1, XL, #57 155 + vshl.i64 T2, XL, #62 156 + veor T1, T1, T2 157 + vshl.i64 T2, XL, #63 158 + veor T1, T1, T2 159 + veor XL_H, XL_H, T1_L 160 + veor XH_L, XH_L, T1_H 161 + 162 + vshr.u64 T1, XL, #1 163 + veor XH, XH, XL 164 + veor XL, XL, T1 165 + vshr.u64 T1, T1, #6 166 + vshr.u64 XL, XL, #1 167 + .endm 168 + 169 + .macro ghash_update, pn 44 170 vld1.64 {XL}, [r1] 45 - vmov.i8 MASK, #0xe1 46 - vext.8 SHASH2, SHASH, SHASH, #8 47 - vshl.u64 MASK, MASK, #57 48 - veor SHASH2, SHASH2, SHASH 49 171 50 172 /* do the head block first, if supplied */ 51 173 ldr ip, [sp] ··· 184 62 #ifndef CONFIG_CPU_BIG_ENDIAN 185 63 vrev64.8 T1, T1 186 64 #endif 187 - vext.8 T2, XL, XL, #8 188 65 vext.8 IN1, T1, T1, #8 189 - veor T1, T1, T2 66 + veor T1_L, T1_L, XL_H 190 67 veor XL, XL, IN1 191 68 192 - vmull.p64 XH, SHASH_H, XL_H @ a1 * b1 69 + __pmull_\pn XH, XL_H, SHASH_H, s1h, s2h, s3h, s4h @ a1 * b1 193 70 veor T1, T1, XL 194 - vmull.p64 XL, SHASH_L, XL_L @ a0 * b0 195 - vmull.p64 XM, SHASH2_L, T1_L @ (a1 + a0)(b1 + b0) 71 + __pmull_\pn XL, XL_L, SHASH_L, s1l, s2l, s3l, s4l @ a0 * b0 72 + __pmull_\pn XM, T1_L, SHASH2_\pn @ (a1+a0)(b1+b0) 196 73 197 - vext.8 T1, XL, XH, #8 198 - veor T2, XL, XH 74 + veor T1, XL, XH 199 75 veor XM, XM, T1 200 - veor XM, XM, T2 201 - vmull.p64 T2, XL_L, MASK_L 202 76 203 - vmov XH_L, XM_H 204 - vmov XM_H, XL_L 77 + __pmull_reduce_\pn 205 78 206 - veor XL, XM, T2 207 - vext.8 T2, XL, XL, #8 208 - vmull.p64 XL, XL_L, MASK_L 209 - veor T2, T2, XH 210 - veor XL, XL, T2 79 + veor T1, T1, XH 80 + veor XL, XL, T1 211 81 212 82 bne 0b 213 83 214 84 vst1.64 {XL}, [r1] 215 85 bx lr 216 - ENDPROC(pmull_ghash_update) 86 + .endm 87 + 88 + /* 89 + * void pmull_ghash_update(int blocks, u64 dg[], const char *src, 90 + * struct ghash_key const *k, const char *head) 91 + */ 92 + ENTRY(pmull_ghash_update_p64) 93 + vld1.64 {SHASH}, [r3] 94 + veor SHASH2_p64, SHASH_L, SHASH_H 95 + 96 + vmov.i8 MASK, #0xe1 97 + vshl.u64 MASK, MASK, #57 98 + 99 + ghash_update p64 100 + ENDPROC(pmull_ghash_update_p64) 101 + 102 + ENTRY(pmull_ghash_update_p8) 103 + vld1.64 {SHASH}, [r3] 104 + veor SHASH2_p8, SHASH_L, SHASH_H 105 + 106 + vext.8 s1l, SHASH_L, SHASH_L, #1 107 + vext.8 s2l, SHASH_L, SHASH_L, #2 108 + vext.8 s3l, SHASH_L, SHASH_L, #3 109 + vext.8 s4l, SHASH_L, SHASH_L, #4 110 + vext.8 s1h, SHASH_H, SHASH_H, #1 111 + vext.8 s2h, SHASH_H, SHASH_H, #2 112 + vext.8 s3h, SHASH_H, SHASH_H, #3 113 + vext.8 s4h, SHASH_H, SHASH_H, #4 114 + 115 + vmov.i64 k16, #0xffff 116 + vmov.i64 k32, #0xffffffff 117 + vmov.i64 k48, #0xffffffffffff 118 + 119 + ghash_update p8 120 + ENDPROC(pmull_ghash_update_p8)

+21 -3

arch/arm/crypto/ghash-ce-glue.c

··· 22 22 MODULE_DESCRIPTION("GHASH secure hash using ARMv8 Crypto Extensions"); 23 23 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); 24 24 MODULE_LICENSE("GPL v2"); 25 + MODULE_ALIAS_CRYPTO("ghash"); 25 26 26 27 #define GHASH_BLOCK_SIZE 16 27 28 #define GHASH_DIGEST_SIZE 16 ··· 42 41 struct cryptd_ahash *cryptd_tfm; 43 42 }; 44 43 45 - asmlinkage void pmull_ghash_update(int blocks, u64 dg[], const char *src, 46 - struct ghash_key const *k, const char *head); 44 + asmlinkage void pmull_ghash_update_p64(int blocks, u64 dg[], const char *src, 45 + struct ghash_key const *k, 46 + const char *head); 47 + 48 + asmlinkage void pmull_ghash_update_p8(int blocks, u64 dg[], const char *src, 49 + struct ghash_key const *k, 50 + const char *head); 51 + 52 + static void (*pmull_ghash_update)(int blocks, u64 dg[], const char *src, 53 + struct ghash_key const *k, 54 + const char *head); 47 55 48 56 static int ghash_init(struct shash_desc *desc) 49 57 { ··· 322 312 { 323 313 int err; 324 314 315 + if (!(elf_hwcap & HWCAP_NEON)) 316 + return -ENODEV; 317 + 318 + if (elf_hwcap2 & HWCAP2_PMULL) 319 + pmull_ghash_update = pmull_ghash_update_p64; 320 + else 321 + pmull_ghash_update = pmull_ghash_update_p8; 322 + 325 323 err = crypto_register_shash(&ghash_alg); 326 324 if (err) 327 325 return err; ··· 350 332 crypto_unregister_shash(&ghash_alg); 351 333 } 352 334 353 - module_cpu_feature_match(PMULL, ghash_ce_mod_init); 335 + module_init(ghash_ce_mod_init); 354 336 module_exit(ghash_ce_mod_exit);

+16 -6

arch/arm64/crypto/Kconfig

··· 18 18 19 19 config CRYPTO_SHA1_ARM64_CE 20 20 tristate "SHA-1 digest algorithm (ARMv8 Crypto Extensions)" 21 - depends on ARM64 && KERNEL_MODE_NEON 21 + depends on KERNEL_MODE_NEON 22 22 select CRYPTO_HASH 23 + select CRYPTO_SHA1 23 24 24 25 config CRYPTO_SHA2_ARM64_CE 25 26 tristate "SHA-224/SHA-256 digest algorithm (ARMv8 Crypto Extensions)" 26 - depends on ARM64 && KERNEL_MODE_NEON 27 + depends on KERNEL_MODE_NEON 27 28 select CRYPTO_HASH 29 + select CRYPTO_SHA256_ARM64 28 30 29 31 config CRYPTO_GHASH_ARM64_CE 30 - tristate "GHASH (for GCM chaining mode) using ARMv8 Crypto Extensions" 31 - depends on ARM64 && KERNEL_MODE_NEON 32 + tristate "GHASH/AES-GCM using ARMv8 Crypto Extensions" 33 + depends on KERNEL_MODE_NEON 32 34 select CRYPTO_HASH 35 + select CRYPTO_GF128MUL 36 + select CRYPTO_AES 37 + select CRYPTO_AES_ARM64 33 38 34 39 config CRYPTO_CRCT10DIF_ARM64_CE 35 40 tristate "CRCT10DIF digest algorithm using PMULL instructions" ··· 54 49 tristate "AES core cipher using ARMv8 Crypto Extensions" 55 50 depends on ARM64 && KERNEL_MODE_NEON 56 51 select CRYPTO_ALGAPI 52 + select CRYPTO_AES_ARM64 57 53 58 54 config CRYPTO_AES_ARM64_CE_CCM 59 55 tristate "AES in CCM mode using ARMv8 Crypto Extensions" 60 56 depends on ARM64 && KERNEL_MODE_NEON 61 57 select CRYPTO_ALGAPI 62 58 select CRYPTO_AES_ARM64_CE 59 + select CRYPTO_AES_ARM64 63 60 select CRYPTO_AEAD 64 61 65 62 config CRYPTO_AES_ARM64_CE_BLK 66 63 tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions" 67 - depends on ARM64 && KERNEL_MODE_NEON 64 + depends on KERNEL_MODE_NEON 68 65 select CRYPTO_BLKCIPHER 69 66 select CRYPTO_AES_ARM64_CE 67 + select CRYPTO_AES_ARM64 70 68 select CRYPTO_SIMD 71 69 72 70 config CRYPTO_AES_ARM64_NEON_BLK 73 71 tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions" 74 - depends on ARM64 && KERNEL_MODE_NEON 72 + depends on KERNEL_MODE_NEON 75 73 select CRYPTO_BLKCIPHER 74 + select CRYPTO_AES_ARM64 76 75 select CRYPTO_AES 77 76 select CRYPTO_SIMD 78 77 ··· 91 82 depends on KERNEL_MODE_NEON 92 83 select CRYPTO_BLKCIPHER 93 84 select CRYPTO_AES_ARM64_NEON_BLK 85 + select CRYPTO_AES_ARM64 94 86 select CRYPTO_SIMD 95 87 96 88 endif

+15 -15

arch/arm64/crypto/aes-ce-ccm-core.S

··· 1 1 /* 2 2 * aesce-ccm-core.S - AES-CCM transform for ARMv8 with Crypto Extensions 3 3 * 4 - * Copyright (C) 2013 - 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 32 32 beq 8f /* out of input? */ 33 33 cbnz w8, 0b 34 34 eor v0.16b, v0.16b, v1.16b 35 - 1: ld1 {v3.16b}, [x4] /* load first round key */ 35 + 1: ld1 {v3.4s}, [x4] /* load first round key */ 36 36 prfm pldl1strm, [x1] 37 37 cmp w5, #12 /* which key size? */ 38 38 add x6, x4, #16 ··· 42 42 mov v5.16b, v3.16b 43 43 b 4f 44 44 2: mov v4.16b, v3.16b 45 - ld1 {v5.16b}, [x6], #16 /* load 2nd round key */ 45 + ld1 {v5.4s}, [x6], #16 /* load 2nd round key */ 46 46 3: aese v0.16b, v4.16b 47 47 aesmc v0.16b, v0.16b 48 - 4: ld1 {v3.16b}, [x6], #16 /* load next round key */ 48 + 4: ld1 {v3.4s}, [x6], #16 /* load next round key */ 49 49 aese v0.16b, v5.16b 50 50 aesmc v0.16b, v0.16b 51 - 5: ld1 {v4.16b}, [x6], #16 /* load next round key */ 51 + 5: ld1 {v4.4s}, [x6], #16 /* load next round key */ 52 52 subs w7, w7, #3 53 53 aese v0.16b, v3.16b 54 54 aesmc v0.16b, v0.16b 55 - ld1 {v5.16b}, [x6], #16 /* load next round key */ 55 + ld1 {v5.4s}, [x6], #16 /* load next round key */ 56 56 bpl 3b 57 57 aese v0.16b, v4.16b 58 58 subs w2, w2, #16 /* last data? */ ··· 90 90 * u32 rounds); 91 91 */ 92 92 ENTRY(ce_aes_ccm_final) 93 - ld1 {v3.16b}, [x2], #16 /* load first round key */ 93 + ld1 {v3.4s}, [x2], #16 /* load first round key */ 94 94 ld1 {v0.16b}, [x0] /* load mac */ 95 95 cmp w3, #12 /* which key size? */ 96 96 sub w3, w3, #2 /* modified # of rounds */ ··· 100 100 mov v5.16b, v3.16b 101 101 b 2f 102 102 0: mov v4.16b, v3.16b 103 - 1: ld1 {v5.16b}, [x2], #16 /* load next round key */ 103 + 1: ld1 {v5.4s}, [x2], #16 /* load next round key */ 104 104 aese v0.16b, v4.16b 105 105 aesmc v0.16b, v0.16b 106 106 aese v1.16b, v4.16b 107 107 aesmc v1.16b, v1.16b 108 - 2: ld1 {v3.16b}, [x2], #16 /* load next round key */ 108 + 2: ld1 {v3.4s}, [x2], #16 /* load next round key */ 109 109 aese v0.16b, v5.16b 110 110 aesmc v0.16b, v0.16b 111 111 aese v1.16b, v5.16b 112 112 aesmc v1.16b, v1.16b 113 - 3: ld1 {v4.16b}, [x2], #16 /* load next round key */ 113 + 3: ld1 {v4.4s}, [x2], #16 /* load next round key */ 114 114 subs w3, w3, #3 115 115 aese v0.16b, v3.16b 116 116 aesmc v0.16b, v0.16b ··· 137 137 cmp w4, #12 /* which key size? */ 138 138 sub w7, w4, #2 /* get modified # of rounds */ 139 139 ins v1.d[1], x9 /* no carry in lower ctr */ 140 - ld1 {v3.16b}, [x3] /* load first round key */ 140 + ld1 {v3.4s}, [x3] /* load first round key */ 141 141 add x10, x3, #16 142 142 bmi 1f 143 143 bne 4f 144 144 mov v5.16b, v3.16b 145 145 b 3f 146 146 1: mov v4.16b, v3.16b 147 - ld1 {v5.16b}, [x10], #16 /* load 2nd round key */ 147 + ld1 {v5.4s}, [x10], #16 /* load 2nd round key */ 148 148 2: /* inner loop: 3 rounds, 2x interleaved */ 149 149 aese v0.16b, v4.16b 150 150 aesmc v0.16b, v0.16b 151 151 aese v1.16b, v4.16b 152 152 aesmc v1.16b, v1.16b 153 - 3: ld1 {v3.16b}, [x10], #16 /* load next round key */ 153 + 3: ld1 {v3.4s}, [x10], #16 /* load next round key */ 154 154 aese v0.16b, v5.16b 155 155 aesmc v0.16b, v0.16b 156 156 aese v1.16b, v5.16b 157 157 aesmc v1.16b, v1.16b 158 - 4: ld1 {v4.16b}, [x10], #16 /* load next round key */ 158 + 4: ld1 {v4.4s}, [x10], #16 /* load next round key */ 159 159 subs w7, w7, #3 160 160 aese v0.16b, v3.16b 161 161 aesmc v0.16b, v0.16b 162 162 aese v1.16b, v3.16b 163 163 aesmc v1.16b, v1.16b 164 - ld1 {v5.16b}, [x10], #16 /* load next round key */ 164 + ld1 {v5.4s}, [x10], #16 /* load next round key */ 165 165 bpl 2b 166 166 aese v0.16b, v4.16b 167 167 aese v1.16b, v4.16b

+139 -35

arch/arm64/crypto/aes-ce-ccm-glue.c

··· 1 1 /* 2 2 * aes-ccm-glue.c - AES-CCM transform for ARMv8 with Crypto Extensions 3 3 * 4 - * Copyright (C) 2013 - 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 12 13 #include <asm/unaligned.h> 13 14 #include <crypto/aes.h> 14 15 #include <crypto/scatterwalk.h> ··· 44 43 45 44 asmlinkage void ce_aes_ccm_final(u8 mac[], u8 const ctr[], u32 const rk[], 46 45 u32 rounds); 46 + 47 + asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); 47 48 48 49 static int ccm_setkey(struct crypto_aead *tfm, const u8 *in_key, 49 50 unsigned int key_len) ··· 106 103 return 0; 107 104 } 108 105 109 - static void ccm_calculate_auth_mac(struct aead_request *req, u8 mac[]) 106 + static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[], 107 + u32 abytes, u32 *macp, bool use_neon) 108 + { 109 + if (likely(use_neon)) { 110 + ce_aes_ccm_auth_data(mac, in, abytes, macp, key->key_enc, 111 + num_rounds(key)); 112 + } else { 113 + if (*macp > 0 && *macp < AES_BLOCK_SIZE) { 114 + int added = min(abytes, AES_BLOCK_SIZE - *macp); 115 + 116 + crypto_xor(&mac[*macp], in, added); 117 + 118 + *macp += added; 119 + in += added; 120 + abytes -= added; 121 + } 122 + 123 + while (abytes > AES_BLOCK_SIZE) { 124 + __aes_arm64_encrypt(key->key_enc, mac, mac, 125 + num_rounds(key)); 126 + crypto_xor(mac, in, AES_BLOCK_SIZE); 127 + 128 + in += AES_BLOCK_SIZE; 129 + abytes -= AES_BLOCK_SIZE; 130 + } 131 + 132 + if (abytes > 0) { 133 + __aes_arm64_encrypt(key->key_enc, mac, mac, 134 + num_rounds(key)); 135 + crypto_xor(mac, in, abytes); 136 + *macp = abytes; 137 + } else { 138 + *macp = 0; 139 + } 140 + } 141 + } 142 + 143 + static void ccm_calculate_auth_mac(struct aead_request *req, u8 mac[], 144 + bool use_neon) 110 145 { 111 146 struct crypto_aead *aead = crypto_aead_reqtfm(req); 112 147 struct crypto_aes_ctx *ctx = crypto_aead_ctx(aead); ··· 163 122 ltag.len = 6; 164 123 } 165 124 166 - ce_aes_ccm_auth_data(mac, (u8 *)&ltag, ltag.len, &macp, ctx->key_enc, 167 - num_rounds(ctx)); 125 + ccm_update_mac(ctx, mac, (u8 *)&ltag, ltag.len, &macp, use_neon); 168 126 scatterwalk_start(&walk, req->src); 169 127 170 128 do { ··· 175 135 n = scatterwalk_clamp(&walk, len); 176 136 } 177 137 p = scatterwalk_map(&walk); 178 - ce_aes_ccm_auth_data(mac, p, n, &macp, ctx->key_enc, 179 - num_rounds(ctx)); 138 + ccm_update_mac(ctx, mac, p, n, &macp, use_neon); 180 139 len -= n; 181 140 182 141 scatterwalk_unmap(p); 183 142 scatterwalk_advance(&walk, n); 184 143 scatterwalk_done(&walk, 0, len); 185 144 } while (len); 145 + } 146 + 147 + static int ccm_crypt_fallback(struct skcipher_walk *walk, u8 mac[], u8 iv0[], 148 + struct crypto_aes_ctx *ctx, bool enc) 149 + { 150 + u8 buf[AES_BLOCK_SIZE]; 151 + int err = 0; 152 + 153 + while (walk->nbytes) { 154 + int blocks = walk->nbytes / AES_BLOCK_SIZE; 155 + u32 tail = walk->nbytes % AES_BLOCK_SIZE; 156 + u8 *dst = walk->dst.virt.addr; 157 + u8 *src = walk->src.virt.addr; 158 + u32 nbytes = walk->nbytes; 159 + 160 + if (nbytes == walk->total && tail > 0) { 161 + blocks++; 162 + tail = 0; 163 + } 164 + 165 + do { 166 + u32 bsize = AES_BLOCK_SIZE; 167 + 168 + if (nbytes < AES_BLOCK_SIZE) 169 + bsize = nbytes; 170 + 171 + crypto_inc(walk->iv, AES_BLOCK_SIZE); 172 + __aes_arm64_encrypt(ctx->key_enc, buf, walk->iv, 173 + num_rounds(ctx)); 174 + __aes_arm64_encrypt(ctx->key_enc, mac, mac, 175 + num_rounds(ctx)); 176 + if (enc) 177 + crypto_xor(mac, src, bsize); 178 + crypto_xor_cpy(dst, src, buf, bsize); 179 + if (!enc) 180 + crypto_xor(mac, dst, bsize); 181 + dst += bsize; 182 + src += bsize; 183 + nbytes -= bsize; 184 + } while (--blocks); 185 + 186 + err = skcipher_walk_done(walk, tail); 187 + } 188 + 189 + if (!err) { 190 + __aes_arm64_encrypt(ctx->key_enc, buf, iv0, num_rounds(ctx)); 191 + __aes_arm64_encrypt(ctx->key_enc, mac, mac, num_rounds(ctx)); 192 + crypto_xor(mac, buf, AES_BLOCK_SIZE); 193 + } 194 + return err; 186 195 } 187 196 188 197 static int ccm_encrypt(struct aead_request *req) ··· 242 153 u8 __aligned(8) mac[AES_BLOCK_SIZE]; 243 154 u8 buf[AES_BLOCK_SIZE]; 244 155 u32 len = req->cryptlen; 156 + bool use_neon = may_use_simd(); 245 157 int err; 246 158 247 159 err = ccm_init_mac(req, mac, len); 248 160 if (err) 249 161 return err; 250 162 251 - kernel_neon_begin_partial(6); 163 + if (likely(use_neon)) 164 + kernel_neon_begin(); 252 165 253 166 if (req->assoclen) 254 - ccm_calculate_auth_mac(req, mac); 167 + ccm_calculate_auth_mac(req, mac, use_neon); 255 168 256 169 /* preserve the original iv for the final round */ 257 170 memcpy(buf, req->iv, AES_BLOCK_SIZE); 258 171 259 172 err = skcipher_walk_aead_encrypt(&walk, req, true); 260 173 261 - while (walk.nbytes) { 262 - u32 tail = walk.nbytes % AES_BLOCK_SIZE; 174 + if (likely(use_neon)) { 175 + while (walk.nbytes) { 176 + u32 tail = walk.nbytes % AES_BLOCK_SIZE; 263 177 264 - if (walk.nbytes == walk.total) 265 - tail = 0; 178 + if (walk.nbytes == walk.total) 179 + tail = 0; 266 180 267 - ce_aes_ccm_encrypt(walk.dst.virt.addr, walk.src.virt.addr, 268 - walk.nbytes - tail, ctx->key_enc, 269 - num_rounds(ctx), mac, walk.iv); 181 + ce_aes_ccm_encrypt(walk.dst.virt.addr, 182 + walk.src.virt.addr, 183 + walk.nbytes - tail, ctx->key_enc, 184 + num_rounds(ctx), mac, walk.iv); 270 185 271 - err = skcipher_walk_done(&walk, tail); 186 + err = skcipher_walk_done(&walk, tail); 187 + } 188 + if (!err) 189 + ce_aes_ccm_final(mac, buf, ctx->key_enc, 190 + num_rounds(ctx)); 191 + 192 + kernel_neon_end(); 193 + } else { 194 + err = ccm_crypt_fallback(&walk, mac, buf, ctx, true); 272 195 } 273 - if (!err) 274 - ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); 275 - 276 - kernel_neon_end(); 277 - 278 196 if (err) 279 197 return err; 280 198 ··· 301 205 u8 __aligned(8) mac[AES_BLOCK_SIZE]; 302 206 u8 buf[AES_BLOCK_SIZE]; 303 207 u32 len = req->cryptlen - authsize; 208 + bool use_neon = may_use_simd(); 304 209 int err; 305 210 306 211 err = ccm_init_mac(req, mac, len); 307 212 if (err) 308 213 return err; 309 214 310 - kernel_neon_begin_partial(6); 215 + if (likely(use_neon)) 216 + kernel_neon_begin(); 311 217 312 218 if (req->assoclen) 313 - ccm_calculate_auth_mac(req, mac); 219 + ccm_calculate_auth_mac(req, mac, use_neon); 314 220 315 221 /* preserve the original iv for the final round */ 316 222 memcpy(buf, req->iv, AES_BLOCK_SIZE); 317 223 318 224 err = skcipher_walk_aead_decrypt(&walk, req, true); 319 225 320 - while (walk.nbytes) { 321 - u32 tail = walk.nbytes % AES_BLOCK_SIZE; 226 + if (likely(use_neon)) { 227 + while (walk.nbytes) { 228 + u32 tail = walk.nbytes % AES_BLOCK_SIZE; 322 229 323 - if (walk.nbytes == walk.total) 324 - tail = 0; 230 + if (walk.nbytes == walk.total) 231 + tail = 0; 325 232 326 - ce_aes_ccm_decrypt(walk.dst.virt.addr, walk.src.virt.addr, 327 - walk.nbytes - tail, ctx->key_enc, 328 - num_rounds(ctx), mac, walk.iv); 233 + ce_aes_ccm_decrypt(walk.dst.virt.addr, 234 + walk.src.virt.addr, 235 + walk.nbytes - tail, ctx->key_enc, 236 + num_rounds(ctx), mac, walk.iv); 329 237 330 - err = skcipher_walk_done(&walk, tail); 238 + err = skcipher_walk_done(&walk, tail); 239 + } 240 + if (!err) 241 + ce_aes_ccm_final(mac, buf, ctx->key_enc, 242 + num_rounds(ctx)); 243 + 244 + kernel_neon_end(); 245 + } else { 246 + err = ccm_crypt_fallback(&walk, mac, buf, ctx, false); 331 247 } 332 - if (!err) 333 - ce_aes_ccm_final(mac, buf, ctx->key_enc, num_rounds(ctx)); 334 - 335 - kernel_neon_end(); 336 248 337 249 if (err) 338 250 return err;

+33 -22

arch/arm64/crypto/aes-ce-cipher.c

··· 1 1 /* 2 2 * aes-ce-cipher.c - core AES cipher using ARMv8 Crypto Extensions 3 3 * 4 - * Copyright (C) 2013 - 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 13 + #include <asm/unaligned.h> 12 14 #include <crypto/aes.h> 13 15 #include <linux/cpufeature.h> 14 16 #include <linux/crypto.h> ··· 21 19 MODULE_DESCRIPTION("Synchronous AES cipher using ARMv8 Crypto Extensions"); 22 20 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); 23 21 MODULE_LICENSE("GPL v2"); 22 + 23 + asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); 24 + asmlinkage void __aes_arm64_decrypt(u32 *rk, u8 *out, const u8 *in, int rounds); 24 25 25 26 struct aes_block { 26 27 u8 b[AES_BLOCK_SIZE]; ··· 49 44 void *dummy0; 50 45 int dummy1; 51 46 52 - kernel_neon_begin_partial(4); 47 + if (!may_use_simd()) { 48 + __aes_arm64_encrypt(ctx->key_enc, dst, src, num_rounds(ctx)); 49 + return; 50 + } 51 + 52 + kernel_neon_begin(); 53 53 54 54 __asm__(" ld1 {v0.16b}, %[in] ;" 55 - " ld1 {v1.16b}, [%[key]], #16 ;" 55 + " ld1 {v1.4s}, [%[key]], #16 ;" 56 56 " cmp %w[rounds], #10 ;" 57 57 " bmi 0f ;" 58 58 " bne 3f ;" 59 59 " mov v3.16b, v1.16b ;" 60 60 " b 2f ;" 61 61 "0: mov v2.16b, v1.16b ;" 62 - " ld1 {v3.16b}, [%[key]], #16 ;" 62 + " ld1 {v3.4s}, [%[key]], #16 ;" 63 63 "1: aese v0.16b, v2.16b ;" 64 64 " aesmc v0.16b, v0.16b ;" 65 - "2: ld1 {v1.16b}, [%[key]], #16 ;" 65 + "2: ld1 {v1.4s}, [%[key]], #16 ;" 66 66 " aese v0.16b, v3.16b ;" 67 67 " aesmc v0.16b, v0.16b ;" 68 - "3: ld1 {v2.16b}, [%[key]], #16 ;" 68 + "3: ld1 {v2.4s}, [%[key]], #16 ;" 69 69 " subs %w[rounds], %w[rounds], #3 ;" 70 70 " aese v0.16b, v1.16b ;" 71 71 " aesmc v0.16b, v0.16b ;" 72 - " ld1 {v3.16b}, [%[key]], #16 ;" 72 + " ld1 {v3.4s}, [%[key]], #16 ;" 73 73 " bpl 1b ;" 74 74 " aese v0.16b, v2.16b ;" 75 75 " eor v0.16b, v0.16b, v3.16b ;" ··· 99 89 void *dummy0; 100 90 int dummy1; 101 91 102 - kernel_neon_begin_partial(4); 92 + if (!may_use_simd()) { 93 + __aes_arm64_decrypt(ctx->key_dec, dst, src, num_rounds(ctx)); 94 + return; 95 + } 96 + 97 + kernel_neon_begin(); 103 98 104 99 __asm__(" ld1 {v0.16b}, %[in] ;" 105 - " ld1 {v1.16b}, [%[key]], #16 ;" 100 + " ld1 {v1.4s}, [%[key]], #16 ;" 106 101 " cmp %w[rounds], #10 ;" 107 102 " bmi 0f ;" 108 103 " bne 3f ;" 109 104 " mov v3.16b, v1.16b ;" 110 105 " b 2f ;" 111 106 "0: mov v2.16b, v1.16b ;" 112 - " ld1 {v3.16b}, [%[key]], #16 ;" 107 + " ld1 {v3.4s}, [%[key]], #16 ;" 113 108 "1: aesd v0.16b, v2.16b ;" 114 109 " aesimc v0.16b, v0.16b ;" 115 - "2: ld1 {v1.16b}, [%[key]], #16 ;" 110 + "2: ld1 {v1.4s}, [%[key]], #16 ;" 116 111 " aesd v0.16b, v3.16b ;" 117 112 " aesimc v0.16b, v0.16b ;" 118 - "3: ld1 {v2.16b}, [%[key]], #16 ;" 113 + "3: ld1 {v2.4s}, [%[key]], #16 ;" 119 114 " subs %w[rounds], %w[rounds], #3 ;" 120 115 " aesd v0.16b, v1.16b ;" 121 116 " aesimc v0.16b, v0.16b ;" 122 - " ld1 {v3.16b}, [%[key]], #16 ;" 117 + " ld1 {v3.4s}, [%[key]], #16 ;" 123 118 " bpl 1b ;" 124 119 " aesd v0.16b, v2.16b ;" 125 120 " eor v0.16b, v0.16b, v3.16b ;" ··· 180 165 key_len != AES_KEYSIZE_256) 181 166 return -EINVAL; 182 167 183 - memcpy(ctx->key_enc, in_key, key_len); 184 168 ctx->key_length = key_len; 169 + for (i = 0; i < kwords; i++) 170 + ctx->key_enc[i] = get_unaligned_le32(in_key + i * sizeof(u32)); 185 171 186 - kernel_neon_begin_partial(2); 172 + kernel_neon_begin(); 187 173 for (i = 0; i < sizeof(rcon); i++) { 188 174 u32 *rki = ctx->key_enc + (i * kwords); 189 175 u32 *rko = rki + kwords; 190 176 191 - #ifndef CONFIG_CPU_BIG_ENDIAN 192 177 rko[0] = ror32(aes_sub(rki[kwords - 1]), 8) ^ rcon[i] ^ rki[0]; 193 - #else 194 - rko[0] = rol32(aes_sub(rki[kwords - 1]), 8) ^ (rcon[i] << 24) ^ 195 - rki[0]; 196 - #endif 197 178 rko[1] = rko[0] ^ rki[1]; 198 179 rko[2] = rko[1] ^ rki[2]; 199 180 rko[3] = rko[2] ^ rki[3]; ··· 221 210 222 211 key_dec[0] = key_enc[j]; 223 212 for (i = 1, j--; j > 0; i++, j--) 224 - __asm__("ld1 {v0.16b}, %[in] ;" 213 + __asm__("ld1 {v0.4s}, %[in] ;" 225 214 "aesimc v1.16b, v0.16b ;" 226 - "st1 {v1.16b}, %[out] ;" 215 + "st1 {v1.4s}, %[out] ;" 227 216 228 217 : [out] "=Q"(key_dec[i]) 229 218 : [in] "Q"(key_enc[j])

+6 -6

arch/arm64/crypto/aes-ce.S

··· 2 2 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with 3 3 * Crypto Extensions 4 4 * 5 - * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org> 5 + * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 6 6 * 7 7 * This program is free software; you can redistribute it and/or modify 8 8 * it under the terms of the GNU General Public License version 2 as ··· 22 22 cmp \rounds, #12 23 23 blo 2222f /* 128 bits */ 24 24 beq 1111f /* 192 bits */ 25 - ld1 {v17.16b-v18.16b}, [\rk], #32 26 - 1111: ld1 {v19.16b-v20.16b}, [\rk], #32 27 - 2222: ld1 {v21.16b-v24.16b}, [\rk], #64 28 - ld1 {v25.16b-v28.16b}, [\rk], #64 29 - ld1 {v29.16b-v31.16b}, [\rk] 25 + ld1 {v17.4s-v18.4s}, [\rk], #32 26 + 1111: ld1 {v19.4s-v20.4s}, [\rk], #32 27 + 2222: ld1 {v21.4s-v24.4s}, [\rk], #64 28 + ld1 {v25.4s-v28.4s}, [\rk], #64 29 + ld1 {v29.4s-v31.4s}, [\rk] 30 30 .endm 31 31 32 32 /* prepare for encryption with key in rk[] */

+106 -44

arch/arm64/crypto/aes-cipher-core.S

··· 10 10 11 11 #include <linux/linkage.h> 12 12 #include <asm/assembler.h> 13 + #include <asm/cache.h> 13 14 14 15 .text 15 16 ··· 18 17 out .req x1 19 18 in .req x2 20 19 rounds .req x3 21 - tt .req x4 22 - lt .req x2 20 + tt .req x2 23 21 24 - .macro __pair, enc, reg0, reg1, in0, in1e, in1d, shift 25 - ubfx \reg0, \in0, #\shift, #8 26 - .if \enc 27 - ubfx \reg1, \in1e, #\shift, #8 22 + .macro __pair1, sz, op, reg0, reg1, in0, in1e, in1d, shift 23 + .ifc \op\shift, b0 24 + ubfiz \reg0, \in0, #2, #8 25 + ubfiz \reg1, \in1e, #2, #8 28 26 .else 29 - ubfx \reg1, \in1d, #\shift, #8 27 + ubfx \reg0, \in0, #\shift, #8 28 + ubfx \reg1, \in1e, #\shift, #8 30 29 .endif 30 + 31 + /* 32 + * AArch64 cannot do byte size indexed loads from a table containing 33 + * 32-bit quantities, i.e., 'ldrb w12, [tt, w12, uxtw #2]' is not a 34 + * valid instruction. So perform the shift explicitly first for the 35 + * high bytes (the low byte is shifted implicitly by using ubfiz rather 36 + * than ubfx above) 37 + */ 38 + .ifnc \op, b 31 39 ldr \reg0, [tt, \reg0, uxtw #2] 32 40 ldr \reg1, [tt, \reg1, uxtw #2] 41 + .else 42 + .if \shift > 0 43 + lsl \reg0, \reg0, #2 44 + lsl \reg1, \reg1, #2 45 + .endif 46 + ldrb \reg0, [tt, \reg0, uxtw] 47 + ldrb \reg1, [tt, \reg1, uxtw] 48 + .endif 33 49 .endm 34 50 35 - .macro __hround, out0, out1, in0, in1, in2, in3, t0, t1, enc 51 + .macro __pair0, sz, op, reg0, reg1, in0, in1e, in1d, shift 52 + ubfx \reg0, \in0, #\shift, #8 53 + ubfx \reg1, \in1d, #\shift, #8 54 + ldr\op \reg0, [tt, \reg0, uxtw #\sz] 55 + ldr\op \reg1, [tt, \reg1, uxtw #\sz] 56 + .endm 57 + 58 + .macro __hround, out0, out1, in0, in1, in2, in3, t0, t1, enc, sz, op 36 59 ldp \out0, \out1, [rk], #8 37 60 38 - __pair \enc, w13, w14, \in0, \in1, \in3, 0 39 - __pair \enc, w15, w16, \in1, \in2, \in0, 8 40 - __pair \enc, w17, w18, \in2, \in3, \in1, 16 41 - __pair \enc, \t0, \t1, \in3, \in0, \in2, 24 61 + __pair\enc \sz, \op, w12, w13, \in0, \in1, \in3, 0 62 + __pair\enc \sz, \op, w14, w15, \in1, \in2, \in0, 8 63 + __pair\enc \sz, \op, w16, w17, \in2, \in3, \in1, 16 64 + __pair\enc \sz, \op, \t0, \t1, \in3, \in0, \in2, 24 42 65 43 - eor \out0, \out0, w13 44 - eor \out1, \out1, w14 45 - eor \out0, \out0, w15, ror #24 46 - eor \out1, \out1, w16, ror #24 47 - eor \out0, \out0, w17, ror #16 48 - eor \out1, \out1, w18, ror #16 66 + eor \out0, \out0, w12 67 + eor \out1, \out1, w13 68 + eor \out0, \out0, w14, ror #24 69 + eor \out1, \out1, w15, ror #24 70 + eor \out0, \out0, w16, ror #16 71 + eor \out1, \out1, w17, ror #16 49 72 eor \out0, \out0, \t0, ror #8 50 73 eor \out1, \out1, \t1, ror #8 51 74 .endm 52 75 53 - .macro fround, out0, out1, out2, out3, in0, in1, in2, in3 54 - __hround \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1 55 - __hround \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1 76 + .macro fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op 77 + __hround \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op 78 + __hround \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op 56 79 .endm 57 80 58 - .macro iround, out0, out1, out2, out3, in0, in1, in2, in3 59 - __hround \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0 60 - __hround \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0 81 + .macro iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op 82 + __hround \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op 83 + __hround \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op 61 84 .endm 62 85 63 - .macro do_crypt, round, ttab, ltab 64 - ldp w5, w6, [in] 65 - ldp w7, w8, [in, #8] 66 - ldp w9, w10, [rk], #16 67 - ldp w11, w12, [rk, #-8] 86 + .macro do_crypt, round, ttab, ltab, bsz 87 + ldp w4, w5, [in] 88 + ldp w6, w7, [in, #8] 89 + ldp w8, w9, [rk], #16 90 + ldp w10, w11, [rk, #-8] 68 91 92 + CPU_BE( rev w4, w4 ) 69 93 CPU_BE( rev w5, w5 ) 70 94 CPU_BE( rev w6, w6 ) 71 95 CPU_BE( rev w7, w7 ) 72 - CPU_BE( rev w8, w8 ) 73 96 97 + eor w4, w4, w8 74 98 eor w5, w5, w9 75 99 eor w6, w6, w10 76 100 eor w7, w7, w11 77 - eor w8, w8, w12 78 101 79 102 adr_l tt, \ttab 80 - adr_l lt, \ltab 81 103 82 104 tbnz rounds, #1, 1f 83 105 84 - 0: \round w9, w10, w11, w12, w5, w6, w7, w8 85 - \round w5, w6, w7, w8, w9, w10, w11, w12 106 + 0: \round w8, w9, w10, w11, w4, w5, w6, w7 107 + \round w4, w5, w6, w7, w8, w9, w10, w11 86 108 87 109 1: subs rounds, rounds, #4 88 - \round w9, w10, w11, w12, w5, w6, w7, w8 89 - csel tt, tt, lt, hi 90 - \round w5, w6, w7, w8, w9, w10, w11, w12 91 - b.hi 0b 110 + \round w8, w9, w10, w11, w4, w5, w6, w7 111 + b.ls 3f 112 + 2: \round w4, w5, w6, w7, w8, w9, w10, w11 113 + b 0b 114 + 3: adr_l tt, \ltab 115 + \round w4, w5, w6, w7, w8, w9, w10, w11, \bsz, b 92 116 117 + CPU_BE( rev w4, w4 ) 93 118 CPU_BE( rev w5, w5 ) 94 119 CPU_BE( rev w6, w6 ) 95 120 CPU_BE( rev w7, w7 ) 96 - CPU_BE( rev w8, w8 ) 97 121 98 - stp w5, w6, [out] 99 - stp w7, w8, [out, #8] 122 + stp w4, w5, [out] 123 + stp w6, w7, [out, #8] 100 124 ret 101 125 .endm 102 126 103 - .align 5 127 + .align L1_CACHE_SHIFT 128 + .type __aes_arm64_inverse_sbox, %object 129 + __aes_arm64_inverse_sbox: 130 + .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 131 + .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb 132 + .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 133 + .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb 134 + .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d 135 + .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e 136 + .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 137 + .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 138 + .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 139 + .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 140 + .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda 141 + .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 142 + .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a 143 + .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 144 + .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 145 + .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b 146 + .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea 147 + .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 148 + .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 149 + .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e 150 + .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 151 + .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b 152 + .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 153 + .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 154 + .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 155 + .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f 156 + .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d 157 + .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef 158 + .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 159 + .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 160 + .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 161 + .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d 162 + .size __aes_arm64_inverse_sbox, . - __aes_arm64_inverse_sbox 163 + 104 164 ENTRY(__aes_arm64_encrypt) 105 - do_crypt fround, crypto_ft_tab, crypto_fl_tab 165 + do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 106 166 ENDPROC(__aes_arm64_encrypt) 107 167 108 168 .align 5 109 169 ENTRY(__aes_arm64_decrypt) 110 - do_crypt iround, crypto_it_tab, crypto_il_tab 170 + do_crypt iround, crypto_it_tab, __aes_arm64_inverse_sbox, 0 111 171 ENDPROC(__aes_arm64_decrypt)

+53

arch/arm64/crypto/aes-ctr-fallback.h

··· 1 + /* 2 + * Fallback for sync aes(ctr) in contexts where kernel mode NEON 3 + * is not allowed 4 + * 5 + * Copyright (C) 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 6 + * 7 + * This program is free software; you can redistribute it and/or modify 8 + * it under the terms of the GNU General Public License version 2 as 9 + * published by the Free Software Foundation. 10 + */ 11 + 12 + #include <crypto/aes.h> 13 + #include <crypto/internal/skcipher.h> 14 + 15 + asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); 16 + 17 + static inline int aes_ctr_encrypt_fallback(struct crypto_aes_ctx *ctx, 18 + struct skcipher_request *req) 19 + { 20 + struct skcipher_walk walk; 21 + u8 buf[AES_BLOCK_SIZE]; 22 + int err; 23 + 24 + err = skcipher_walk_virt(&walk, req, true); 25 + 26 + while (walk.nbytes > 0) { 27 + u8 *dst = walk.dst.virt.addr; 28 + u8 *src = walk.src.virt.addr; 29 + int nbytes = walk.nbytes; 30 + int tail = 0; 31 + 32 + if (nbytes < walk.total) { 33 + nbytes = round_down(nbytes, AES_BLOCK_SIZE); 34 + tail = walk.nbytes % AES_BLOCK_SIZE; 35 + } 36 + 37 + do { 38 + int bsize = min(nbytes, AES_BLOCK_SIZE); 39 + 40 + __aes_arm64_encrypt(ctx->key_enc, buf, walk.iv, 41 + 6 + ctx->key_length / 4); 42 + crypto_xor_cpy(dst, src, buf, bsize); 43 + crypto_inc(walk.iv, AES_BLOCK_SIZE); 44 + 45 + dst += AES_BLOCK_SIZE; 46 + src += AES_BLOCK_SIZE; 47 + nbytes -= AES_BLOCK_SIZE; 48 + } while (nbytes > 0); 49 + 50 + err = skcipher_walk_done(&walk, tail); 51 + } 52 + return err; 53 + }

+45 -18

arch/arm64/crypto/aes-glue.c

··· 10 10 11 11 #include <asm/neon.h> 12 12 #include <asm/hwcap.h> 13 + #include <asm/simd.h> 13 14 #include <crypto/aes.h> 14 15 #include <crypto/internal/hash.h> 15 16 #include <crypto/internal/simd.h> ··· 20 19 #include <crypto/xts.h> 21 20 22 21 #include "aes-ce-setkey.h" 22 + #include "aes-ctr-fallback.h" 23 23 24 24 #ifdef USE_V8_CRYPTO_EXTENSIONS 25 25 #define MODE "ce" ··· 243 241 244 242 aes_ctr_encrypt(tail, NULL, (u8 *)ctx->key_enc, rounds, 245 243 blocks, walk.iv, first); 246 - if (tdst != tsrc) 247 - memcpy(tdst, tsrc, nbytes); 248 - crypto_xor(tdst, tail, nbytes); 244 + crypto_xor_cpy(tdst, tsrc, tail, nbytes); 249 245 err = skcipher_walk_done(&walk, 0); 250 246 } 251 247 kernel_neon_end(); 252 248 253 249 return err; 250 + } 251 + 252 + static int ctr_encrypt_sync(struct skcipher_request *req) 253 + { 254 + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 255 + struct crypto_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 256 + 257 + if (!may_use_simd()) 258 + return aes_ctr_encrypt_fallback(ctx, req); 259 + 260 + return ctr_encrypt(req); 254 261 } 255 262 256 263 static int xts_encrypt(struct skcipher_request *req) ··· 368 357 .ivsize = AES_BLOCK_SIZE, 369 358 .chunksize = AES_BLOCK_SIZE, 370 359 .setkey = skcipher_aes_setkey, 371 - .encrypt = ctr_encrypt, 372 - .decrypt = ctr_encrypt, 360 + .encrypt = ctr_encrypt_sync, 361 + .decrypt = ctr_encrypt_sync, 373 362 }, { 374 363 .base = { 375 364 .cra_name = "__xts(aes)", ··· 471 460 return 0; 472 461 } 473 462 463 + static void mac_do_update(struct crypto_aes_ctx *ctx, u8 const in[], int blocks, 464 + u8 dg[], int enc_before, int enc_after) 465 + { 466 + int rounds = 6 + ctx->key_length / 4; 467 + 468 + if (may_use_simd()) { 469 + kernel_neon_begin(); 470 + aes_mac_update(in, ctx->key_enc, rounds, blocks, dg, enc_before, 471 + enc_after); 472 + kernel_neon_end(); 473 + } else { 474 + if (enc_before) 475 + __aes_arm64_encrypt(ctx->key_enc, dg, dg, rounds); 476 + 477 + while (blocks--) { 478 + crypto_xor(dg, in, AES_BLOCK_SIZE); 479 + in += AES_BLOCK_SIZE; 480 + 481 + if (blocks || enc_after) 482 + __aes_arm64_encrypt(ctx->key_enc, dg, dg, 483 + rounds); 484 + } 485 + } 486 + } 487 + 474 488 static int mac_update(struct shash_desc *desc, const u8 *p, unsigned int len) 475 489 { 476 490 struct mac_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 477 491 struct mac_desc_ctx *ctx = shash_desc_ctx(desc); 478 - int rounds = 6 + tctx->key.key_length / 4; 479 492 480 493 while (len > 0) { 481 494 unsigned int l; ··· 511 476 512 477 len %= AES_BLOCK_SIZE; 513 478 514 - kernel_neon_begin(); 515 - aes_mac_update(p, tctx->key.key_enc, rounds, blocks, 516 - ctx->dg, (ctx->len != 0), (len != 0)); 517 - kernel_neon_end(); 479 + mac_do_update(&tctx->key, p, blocks, ctx->dg, 480 + (ctx->len != 0), (len != 0)); 518 481 519 482 p += blocks * AES_BLOCK_SIZE; 520 483 ··· 540 507 { 541 508 struct mac_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 542 509 struct mac_desc_ctx *ctx = shash_desc_ctx(desc); 543 - int rounds = 6 + tctx->key.key_length / 4; 544 510 545 - kernel_neon_begin(); 546 - aes_mac_update(NULL, tctx->key.key_enc, rounds, 0, ctx->dg, 1, 0); 547 - kernel_neon_end(); 511 + mac_do_update(&tctx->key, NULL, 0, ctx->dg, 1, 0); 548 512 549 513 memcpy(out, ctx->dg, AES_BLOCK_SIZE); 550 514 ··· 552 522 { 553 523 struct mac_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm); 554 524 struct mac_desc_ctx *ctx = shash_desc_ctx(desc); 555 - int rounds = 6 + tctx->key.key_length / 4; 556 525 u8 *consts = tctx->consts; 557 526 558 527 if (ctx->len != AES_BLOCK_SIZE) { ··· 559 530 consts += AES_BLOCK_SIZE; 560 531 } 561 532 562 - kernel_neon_begin(); 563 - aes_mac_update(consts, tctx->key.key_enc, rounds, 1, ctx->dg, 0, 1); 564 - kernel_neon_end(); 533 + mac_do_update(&tctx->key, consts, 1, ctx->dg, 0, 1); 565 534 566 535 memcpy(out, ctx->dg, AES_BLOCK_SIZE); 567 536

+45 -8

arch/arm64/crypto/aes-neonbs-glue.c

··· 1 1 /* 2 2 * Bit sliced AES using NEON instructions 3 3 * 4 - * Copyright (C) 2016 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2016 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 12 13 #include <crypto/aes.h> 13 14 #include <crypto/internal/simd.h> 14 15 #include <crypto/internal/skcipher.h> 15 16 #include <crypto/xts.h> 16 17 #include <linux/module.h> 18 + 19 + #include "aes-ctr-fallback.h" 17 20 18 21 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); 19 22 MODULE_LICENSE("GPL v2"); ··· 59 56 struct aesbs_cbc_ctx { 60 57 struct aesbs_ctx key; 61 58 u32 enc[AES_MAX_KEYLENGTH_U32]; 59 + }; 60 + 61 + struct aesbs_ctr_ctx { 62 + struct aesbs_ctx key; /* must be first member */ 63 + struct crypto_aes_ctx fallback; 62 64 }; 63 65 64 66 struct aesbs_xts_ctx { ··· 204 196 return err; 205 197 } 206 198 199 + static int aesbs_ctr_setkey_sync(struct crypto_skcipher *tfm, const u8 *in_key, 200 + unsigned int key_len) 201 + { 202 + struct aesbs_ctr_ctx *ctx = crypto_skcipher_ctx(tfm); 203 + int err; 204 + 205 + err = crypto_aes_expand_key(&ctx->fallback, in_key, key_len); 206 + if (err) 207 + return err; 208 + 209 + ctx->key.rounds = 6 + key_len / 4; 210 + 211 + kernel_neon_begin(); 212 + aesbs_convert_key(ctx->key.rk, ctx->fallback.key_enc, ctx->key.rounds); 213 + kernel_neon_end(); 214 + 215 + return 0; 216 + } 217 + 207 218 static int ctr_encrypt(struct skcipher_request *req) 208 219 { 209 220 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); ··· 251 224 u8 *dst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE; 252 225 u8 *src = walk.src.virt.addr + blocks * AES_BLOCK_SIZE; 253 226 254 - if (dst != src) 255 - memcpy(dst, src, walk.total % AES_BLOCK_SIZE); 256 - crypto_xor(dst, final, walk.total % AES_BLOCK_SIZE); 227 + crypto_xor_cpy(dst, src, final, 228 + walk.total % AES_BLOCK_SIZE); 257 229 258 230 err = skcipher_walk_done(&walk, 0); 259 231 break; ··· 284 258 memcpy(ctx->twkey, rk.key_enc, sizeof(ctx->twkey)); 285 259 286 260 return aesbs_setkey(tfm, in_key, key_len); 261 + } 262 + 263 + static int ctr_encrypt_sync(struct skcipher_request *req) 264 + { 265 + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 266 + struct aesbs_ctr_ctx *ctx = crypto_skcipher_ctx(tfm); 267 + 268 + if (!may_use_simd()) 269 + return aes_ctr_encrypt_fallback(&ctx->fallback, req); 270 + 271 + return ctr_encrypt(req); 287 272 } 288 273 289 274 static int __xts_crypt(struct skcipher_request *req, ··· 393 356 .base.cra_driver_name = "ctr-aes-neonbs", 394 357 .base.cra_priority = 250 - 1, 395 358 .base.cra_blocksize = 1, 396 - .base.cra_ctxsize = sizeof(struct aesbs_ctx), 359 + .base.cra_ctxsize = sizeof(struct aesbs_ctr_ctx), 397 360 .base.cra_module = THIS_MODULE, 398 361 399 362 .min_keysize = AES_MIN_KEY_SIZE, ··· 401 364 .chunksize = AES_BLOCK_SIZE, 402 365 .walksize = 8 * AES_BLOCK_SIZE, 403 366 .ivsize = AES_BLOCK_SIZE, 404 - .setkey = aesbs_setkey, 405 - .encrypt = ctr_encrypt, 406 - .decrypt = ctr_encrypt, 367 + .setkey = aesbs_ctr_setkey_sync, 368 + .encrypt = ctr_encrypt_sync, 369 + .decrypt = ctr_encrypt_sync, 407 370 }, { 408 371 .base.cra_name = "__xts(aes)", 409 372 .base.cra_driver_name = "__xts-aes-neonbs",

+3 -2

arch/arm64/crypto/chacha20-neon-glue.c

··· 1 1 /* 2 2 * ChaCha20 256-bit cipher algorithm, RFC7539, arm64 NEON functions 3 3 * 4 - * Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2016 - 2017 Linaro, Ltd. <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 26 26 27 27 #include <asm/hwcap.h> 28 28 #include <asm/neon.h> 29 + #include <asm/simd.h> 29 30 30 31 asmlinkage void chacha20_block_xor_neon(u32 *state, u8 *dst, const u8 *src); 31 32 asmlinkage void chacha20_4block_xor_neon(u32 *state, u8 *dst, const u8 *src); ··· 65 64 u32 state[16]; 66 65 int err; 67 66 68 - if (req->cryptlen <= CHACHA20_BLOCK_SIZE) 67 + if (!may_use_simd() || req->cryptlen <= CHACHA20_BLOCK_SIZE) 69 68 return crypto_chacha20_crypt(req); 70 69 71 70 err = skcipher_walk_virt(&walk, req, true);

+6 -5

arch/arm64/crypto/crc32-ce-glue.c

··· 1 1 /* 2 2 * Accelerated CRC32(C) using arm64 NEON and Crypto Extensions instructions 3 3 * 4 - * Copyright (C) 2016 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2016 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 19 19 20 20 #include <asm/hwcap.h> 21 21 #include <asm/neon.h> 22 + #include <asm/simd.h> 22 23 #include <asm/unaligned.h> 23 24 24 25 #define PMULL_MIN_LEN 64L /* minimum size of buffer ··· 106 105 length -= l; 107 106 } 108 107 109 - if (length >= PMULL_MIN_LEN) { 108 + if (length >= PMULL_MIN_LEN && may_use_simd()) { 110 109 l = round_down(length, SCALE_F); 111 110 112 - kernel_neon_begin_partial(10); 111 + kernel_neon_begin(); 113 112 *crc = crc32_pmull_le(data, l, *crc); 114 113 kernel_neon_end(); 115 114 ··· 138 137 length -= l; 139 138 } 140 139 141 - if (length >= PMULL_MIN_LEN) { 140 + if (length >= PMULL_MIN_LEN && may_use_simd()) { 142 141 l = round_down(length, SCALE_F); 143 142 144 - kernel_neon_begin_partial(10); 143 + kernel_neon_begin(); 145 144 *crc = crc32c_pmull_le(data, l, *crc); 146 145 kernel_neon_end(); 147 146

+9 -4

arch/arm64/crypto/crct10dif-ce-glue.c

··· 1 1 /* 2 2 * Accelerated CRC-T10DIF using arm64 NEON and Crypto Extensions instructions 3 3 * 4 - * Copyright (C) 2016 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2016 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 18 18 #include <crypto/internal/hash.h> 19 19 20 20 #include <asm/neon.h> 21 + #include <asm/simd.h> 21 22 22 23 #define CRC_T10DIF_PMULL_CHUNK_SIZE 16U 23 24 ··· 49 48 } 50 49 51 50 if (length > 0) { 52 - kernel_neon_begin_partial(14); 53 - *crc = crc_t10dif_pmull(*crc, data, length); 54 - kernel_neon_end(); 51 + if (may_use_simd()) { 52 + kernel_neon_begin(); 53 + *crc = crc_t10dif_pmull(*crc, data, length); 54 + kernel_neon_end(); 55 + } else { 56 + *crc = crc_t10dif_generic(*crc, data, length); 57 + } 55 58 } 56 59 57 60 return 0;

+394 -29

arch/arm64/crypto/ghash-ce-core.S

··· 1 1 /* 2 2 * Accelerated GHASH implementation with ARMv8 PMULL instructions. 3 3 * 4 - * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2014 - 2017 Linaro Ltd. <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify it 7 7 * under the terms of the GNU General Public License version 2 as published ··· 11 11 #include <linux/linkage.h> 12 12 #include <asm/assembler.h> 13 13 14 - SHASH .req v0 15 - SHASH2 .req v1 16 - T1 .req v2 17 - T2 .req v3 18 - MASK .req v4 19 - XL .req v5 20 - XM .req v6 21 - XH .req v7 22 - IN1 .req v7 14 + SHASH .req v0 15 + SHASH2 .req v1 16 + T1 .req v2 17 + T2 .req v3 18 + MASK .req v4 19 + XL .req v5 20 + XM .req v6 21 + XH .req v7 22 + IN1 .req v7 23 + 24 + k00_16 .req v8 25 + k32_48 .req v9 26 + 27 + t3 .req v10 28 + t4 .req v11 29 + t5 .req v12 30 + t6 .req v13 31 + t7 .req v14 32 + t8 .req v15 33 + t9 .req v16 34 + 35 + perm1 .req v17 36 + perm2 .req v18 37 + perm3 .req v19 38 + 39 + sh1 .req v20 40 + sh2 .req v21 41 + sh3 .req v22 42 + sh4 .req v23 43 + 44 + ss1 .req v24 45 + ss2 .req v25 46 + ss3 .req v26 47 + ss4 .req v27 23 48 24 49 .text 25 50 .arch armv8-a+crypto 26 51 27 - /* 28 - * void pmull_ghash_update(int blocks, u64 dg[], const char *src, 29 - * struct ghash_key const *k, const char *head) 30 - */ 31 - ENTRY(pmull_ghash_update) 52 + .macro __pmull_p64, rd, rn, rm 53 + pmull \rd\().1q, \rn\().1d, \rm\().1d 54 + .endm 55 + 56 + .macro __pmull2_p64, rd, rn, rm 57 + pmull2 \rd\().1q, \rn\().2d, \rm\().2d 58 + .endm 59 + 60 + .macro __pmull_p8, rq, ad, bd 61 + ext t3.8b, \ad\().8b, \ad\().8b, #1 // A1 62 + ext t5.8b, \ad\().8b, \ad\().8b, #2 // A2 63 + ext t7.8b, \ad\().8b, \ad\().8b, #3 // A3 64 + 65 + __pmull_p8_\bd \rq, \ad 66 + .endm 67 + 68 + .macro __pmull2_p8, rq, ad, bd 69 + tbl t3.16b, {\ad\().16b}, perm1.16b // A1 70 + tbl t5.16b, {\ad\().16b}, perm2.16b // A2 71 + tbl t7.16b, {\ad\().16b}, perm3.16b // A3 72 + 73 + __pmull2_p8_\bd \rq, \ad 74 + .endm 75 + 76 + .macro __pmull_p8_SHASH, rq, ad 77 + __pmull_p8_tail \rq, \ad\().8b, SHASH.8b, 8b,, sh1, sh2, sh3, sh4 78 + .endm 79 + 80 + .macro __pmull_p8_SHASH2, rq, ad 81 + __pmull_p8_tail \rq, \ad\().8b, SHASH2.8b, 8b,, ss1, ss2, ss3, ss4 82 + .endm 83 + 84 + .macro __pmull2_p8_SHASH, rq, ad 85 + __pmull_p8_tail \rq, \ad\().16b, SHASH.16b, 16b, 2, sh1, sh2, sh3, sh4 86 + .endm 87 + 88 + .macro __pmull_p8_tail, rq, ad, bd, nb, t, b1, b2, b3, b4 89 + pmull\t t3.8h, t3.\nb, \bd // F = A1*B 90 + pmull\t t4.8h, \ad, \b1\().\nb // E = A*B1 91 + pmull\t t5.8h, t5.\nb, \bd // H = A2*B 92 + pmull\t t6.8h, \ad, \b2\().\nb // G = A*B2 93 + pmull\t t7.8h, t7.\nb, \bd // J = A3*B 94 + pmull\t t8.8h, \ad, \b3\().\nb // I = A*B3 95 + pmull\t t9.8h, \ad, \b4\().\nb // K = A*B4 96 + pmull\t \rq\().8h, \ad, \bd // D = A*B 97 + 98 + eor t3.16b, t3.16b, t4.16b // L = E + F 99 + eor t5.16b, t5.16b, t6.16b // M = G + H 100 + eor t7.16b, t7.16b, t8.16b // N = I + J 101 + 102 + uzp1 t4.2d, t3.2d, t5.2d 103 + uzp2 t3.2d, t3.2d, t5.2d 104 + uzp1 t6.2d, t7.2d, t9.2d 105 + uzp2 t7.2d, t7.2d, t9.2d 106 + 107 + // t3 = (L) (P0 + P1) << 8 108 + // t5 = (M) (P2 + P3) << 16 109 + eor t4.16b, t4.16b, t3.16b 110 + and t3.16b, t3.16b, k32_48.16b 111 + 112 + // t7 = (N) (P4 + P5) << 24 113 + // t9 = (K) (P6 + P7) << 32 114 + eor t6.16b, t6.16b, t7.16b 115 + and t7.16b, t7.16b, k00_16.16b 116 + 117 + eor t4.16b, t4.16b, t3.16b 118 + eor t6.16b, t6.16b, t7.16b 119 + 120 + zip2 t5.2d, t4.2d, t3.2d 121 + zip1 t3.2d, t4.2d, t3.2d 122 + zip2 t9.2d, t6.2d, t7.2d 123 + zip1 t7.2d, t6.2d, t7.2d 124 + 125 + ext t3.16b, t3.16b, t3.16b, #15 126 + ext t5.16b, t5.16b, t5.16b, #14 127 + ext t7.16b, t7.16b, t7.16b, #13 128 + ext t9.16b, t9.16b, t9.16b, #12 129 + 130 + eor t3.16b, t3.16b, t5.16b 131 + eor t7.16b, t7.16b, t9.16b 132 + eor \rq\().16b, \rq\().16b, t3.16b 133 + eor \rq\().16b, \rq\().16b, t7.16b 134 + .endm 135 + 136 + .macro __pmull_pre_p64 137 + movi MASK.16b, #0xe1 138 + shl MASK.2d, MASK.2d, #57 139 + .endm 140 + 141 + .macro __pmull_pre_p8 142 + // k00_16 := 0x0000000000000000_000000000000ffff 143 + // k32_48 := 0x00000000ffffffff_0000ffffffffffff 144 + movi k32_48.2d, #0xffffffff 145 + mov k32_48.h[2], k32_48.h[0] 146 + ushr k00_16.2d, k32_48.2d, #32 147 + 148 + // prepare the permutation vectors 149 + mov_q x5, 0x080f0e0d0c0b0a09 150 + movi T1.8b, #8 151 + dup perm1.2d, x5 152 + eor perm1.16b, perm1.16b, T1.16b 153 + ushr perm2.2d, perm1.2d, #8 154 + ushr perm3.2d, perm1.2d, #16 155 + ushr T1.2d, perm1.2d, #24 156 + sli perm2.2d, perm1.2d, #56 157 + sli perm3.2d, perm1.2d, #48 158 + sli T1.2d, perm1.2d, #40 159 + 160 + // precompute loop invariants 161 + tbl sh1.16b, {SHASH.16b}, perm1.16b 162 + tbl sh2.16b, {SHASH.16b}, perm2.16b 163 + tbl sh3.16b, {SHASH.16b}, perm3.16b 164 + tbl sh4.16b, {SHASH.16b}, T1.16b 165 + ext ss1.8b, SHASH2.8b, SHASH2.8b, #1 166 + ext ss2.8b, SHASH2.8b, SHASH2.8b, #2 167 + ext ss3.8b, SHASH2.8b, SHASH2.8b, #3 168 + ext ss4.8b, SHASH2.8b, SHASH2.8b, #4 169 + .endm 170 + 171 + // 172 + // PMULL (64x64->128) based reduction for CPUs that can do 173 + // it in a single instruction. 174 + // 175 + .macro __pmull_reduce_p64 176 + pmull T2.1q, XL.1d, MASK.1d 177 + eor XM.16b, XM.16b, T1.16b 178 + 179 + mov XH.d[0], XM.d[1] 180 + mov XM.d[1], XL.d[0] 181 + 182 + eor XL.16b, XM.16b, T2.16b 183 + ext T2.16b, XL.16b, XL.16b, #8 184 + pmull XL.1q, XL.1d, MASK.1d 185 + .endm 186 + 187 + // 188 + // Alternative reduction for CPUs that lack support for the 189 + // 64x64->128 PMULL instruction 190 + // 191 + .macro __pmull_reduce_p8 192 + eor XM.16b, XM.16b, T1.16b 193 + 194 + mov XL.d[1], XM.d[0] 195 + mov XH.d[0], XM.d[1] 196 + 197 + shl T1.2d, XL.2d, #57 198 + shl T2.2d, XL.2d, #62 199 + eor T2.16b, T2.16b, T1.16b 200 + shl T1.2d, XL.2d, #63 201 + eor T2.16b, T2.16b, T1.16b 202 + ext T1.16b, XL.16b, XH.16b, #8 203 + eor T2.16b, T2.16b, T1.16b 204 + 205 + mov XL.d[1], T2.d[0] 206 + mov XH.d[0], T2.d[1] 207 + 208 + ushr T2.2d, XL.2d, #1 209 + eor XH.16b, XH.16b, XL.16b 210 + eor XL.16b, XL.16b, T2.16b 211 + ushr T2.2d, T2.2d, #6 212 + ushr XL.2d, XL.2d, #1 213 + .endm 214 + 215 + .macro __pmull_ghash, pn 32 216 ld1 {SHASH.2d}, [x3] 33 217 ld1 {XL.2d}, [x1] 34 - movi MASK.16b, #0xe1 35 218 ext SHASH2.16b, SHASH.16b, SHASH.16b, #8 36 - shl MASK.2d, MASK.2d, #57 37 219 eor SHASH2.16b, SHASH2.16b, SHASH.16b 220 + 221 + __pmull_pre_\pn 38 222 39 223 /* do the head block first, if supplied */ 40 224 cbz x4, 0f ··· 236 52 eor T1.16b, T1.16b, T2.16b 237 53 eor XL.16b, XL.16b, IN1.16b 238 54 239 - pmull2 XH.1q, SHASH.2d, XL.2d // a1 * b1 55 + __pmull2_\pn XH, XL, SHASH // a1 * b1 240 56 eor T1.16b, T1.16b, XL.16b 241 - pmull XL.1q, SHASH.1d, XL.1d // a0 * b0 242 - pmull XM.1q, SHASH2.1d, T1.1d // (a1 + a0)(b1 + b0) 57 + __pmull_\pn XL, XL, SHASH // a0 * b0 58 + __pmull_\pn XM, T1, SHASH2 // (a1 + a0)(b1 + b0) 243 59 244 - ext T1.16b, XL.16b, XH.16b, #8 245 60 eor T2.16b, XL.16b, XH.16b 246 - eor XM.16b, XM.16b, T1.16b 61 + ext T1.16b, XL.16b, XH.16b, #8 247 62 eor XM.16b, XM.16b, T2.16b 248 - pmull T2.1q, XL.1d, MASK.1d 249 63 250 - mov XH.d[0], XM.d[1] 251 - mov XM.d[1], XL.d[0] 64 + __pmull_reduce_\pn 252 65 253 - eor XL.16b, XM.16b, T2.16b 254 - ext T2.16b, XL.16b, XL.16b, #8 255 - pmull XL.1q, XL.1d, MASK.1d 256 66 eor T2.16b, T2.16b, XH.16b 257 67 eor XL.16b, XL.16b, T2.16b 258 68 ··· 254 76 255 77 st1 {XL.2d}, [x1] 256 78 ret 257 - ENDPROC(pmull_ghash_update) 79 + .endm 80 + 81 + /* 82 + * void pmull_ghash_update(int blocks, u64 dg[], const char *src, 83 + * struct ghash_key const *k, const char *head) 84 + */ 85 + ENTRY(pmull_ghash_update_p64) 86 + __pmull_ghash p64 87 + ENDPROC(pmull_ghash_update_p64) 88 + 89 + ENTRY(pmull_ghash_update_p8) 90 + __pmull_ghash p8 91 + ENDPROC(pmull_ghash_update_p8) 92 + 93 + KS .req v8 94 + CTR .req v9 95 + INP .req v10 96 + 97 + .macro load_round_keys, rounds, rk 98 + cmp \rounds, #12 99 + blo 2222f /* 128 bits */ 100 + beq 1111f /* 192 bits */ 101 + ld1 {v17.4s-v18.4s}, [\rk], #32 102 + 1111: ld1 {v19.4s-v20.4s}, [\rk], #32 103 + 2222: ld1 {v21.4s-v24.4s}, [\rk], #64 104 + ld1 {v25.4s-v28.4s}, [\rk], #64 105 + ld1 {v29.4s-v31.4s}, [\rk] 106 + .endm 107 + 108 + .macro enc_round, state, key 109 + aese \state\().16b, \key\().16b 110 + aesmc \state\().16b, \state\().16b 111 + .endm 112 + 113 + .macro enc_block, state, rounds 114 + cmp \rounds, #12 115 + b.lo 2222f /* 128 bits */ 116 + b.eq 1111f /* 192 bits */ 117 + enc_round \state, v17 118 + enc_round \state, v18 119 + 1111: enc_round \state, v19 120 + enc_round \state, v20 121 + 2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 122 + enc_round \state, \key 123 + .endr 124 + aese \state\().16b, v30.16b 125 + eor \state\().16b, \state\().16b, v31.16b 126 + .endm 127 + 128 + .macro pmull_gcm_do_crypt, enc 129 + ld1 {SHASH.2d}, [x4] 130 + ld1 {XL.2d}, [x1] 131 + ldr x8, [x5, #8] // load lower counter 132 + 133 + movi MASK.16b, #0xe1 134 + ext SHASH2.16b, SHASH.16b, SHASH.16b, #8 135 + CPU_LE( rev x8, x8 ) 136 + shl MASK.2d, MASK.2d, #57 137 + eor SHASH2.16b, SHASH2.16b, SHASH.16b 138 + 139 + .if \enc == 1 140 + ld1 {KS.16b}, [x7] 141 + .endif 142 + 143 + 0: ld1 {CTR.8b}, [x5] // load upper counter 144 + ld1 {INP.16b}, [x3], #16 145 + rev x9, x8 146 + add x8, x8, #1 147 + sub w0, w0, #1 148 + ins CTR.d[1], x9 // set lower counter 149 + 150 + .if \enc == 1 151 + eor INP.16b, INP.16b, KS.16b // encrypt input 152 + st1 {INP.16b}, [x2], #16 153 + .endif 154 + 155 + rev64 T1.16b, INP.16b 156 + 157 + cmp w6, #12 158 + b.ge 2f // AES-192/256? 159 + 160 + 1: enc_round CTR, v21 161 + 162 + ext T2.16b, XL.16b, XL.16b, #8 163 + ext IN1.16b, T1.16b, T1.16b, #8 164 + 165 + enc_round CTR, v22 166 + 167 + eor T1.16b, T1.16b, T2.16b 168 + eor XL.16b, XL.16b, IN1.16b 169 + 170 + enc_round CTR, v23 171 + 172 + pmull2 XH.1q, SHASH.2d, XL.2d // a1 * b1 173 + eor T1.16b, T1.16b, XL.16b 174 + 175 + enc_round CTR, v24 176 + 177 + pmull XL.1q, SHASH.1d, XL.1d // a0 * b0 178 + pmull XM.1q, SHASH2.1d, T1.1d // (a1 + a0)(b1 + b0) 179 + 180 + enc_round CTR, v25 181 + 182 + ext T1.16b, XL.16b, XH.16b, #8 183 + eor T2.16b, XL.16b, XH.16b 184 + eor XM.16b, XM.16b, T1.16b 185 + 186 + enc_round CTR, v26 187 + 188 + eor XM.16b, XM.16b, T2.16b 189 + pmull T2.1q, XL.1d, MASK.1d 190 + 191 + enc_round CTR, v27 192 + 193 + mov XH.d[0], XM.d[1] 194 + mov XM.d[1], XL.d[0] 195 + 196 + enc_round CTR, v28 197 + 198 + eor XL.16b, XM.16b, T2.16b 199 + 200 + enc_round CTR, v29 201 + 202 + ext T2.16b, XL.16b, XL.16b, #8 203 + 204 + aese CTR.16b, v30.16b 205 + 206 + pmull XL.1q, XL.1d, MASK.1d 207 + eor T2.16b, T2.16b, XH.16b 208 + 209 + eor KS.16b, CTR.16b, v31.16b 210 + 211 + eor XL.16b, XL.16b, T2.16b 212 + 213 + .if \enc == 0 214 + eor INP.16b, INP.16b, KS.16b 215 + st1 {INP.16b}, [x2], #16 216 + .endif 217 + 218 + cbnz w0, 0b 219 + 220 + CPU_LE( rev x8, x8 ) 221 + st1 {XL.2d}, [x1] 222 + str x8, [x5, #8] // store lower counter 223 + 224 + .if \enc == 1 225 + st1 {KS.16b}, [x7] 226 + .endif 227 + 228 + ret 229 + 230 + 2: b.eq 3f // AES-192? 231 + enc_round CTR, v17 232 + enc_round CTR, v18 233 + 3: enc_round CTR, v19 234 + enc_round CTR, v20 235 + b 1b 236 + .endm 237 + 238 + /* 239 + * void pmull_gcm_encrypt(int blocks, u64 dg[], u8 dst[], const u8 src[], 240 + * struct ghash_key const *k, u8 ctr[], 241 + * int rounds, u8 ks[]) 242 + */ 243 + ENTRY(pmull_gcm_encrypt) 244 + pmull_gcm_do_crypt 1 245 + ENDPROC(pmull_gcm_encrypt) 246 + 247 + /* 248 + * void pmull_gcm_decrypt(int blocks, u64 dg[], u8 dst[], const u8 src[], 249 + * struct ghash_key const *k, u8 ctr[], 250 + * int rounds) 251 + */ 252 + ENTRY(pmull_gcm_decrypt) 253 + pmull_gcm_do_crypt 0 254 + ENDPROC(pmull_gcm_decrypt) 255 + 256 + /* 257 + * void pmull_gcm_encrypt_block(u8 dst[], u8 src[], u8 rk[], int rounds) 258 + */ 259 + ENTRY(pmull_gcm_encrypt_block) 260 + cbz x2, 0f 261 + load_round_keys w3, x2 262 + 0: ld1 {v0.16b}, [x1] 263 + enc_block v0, w3 264 + st1 {v0.16b}, [x0] 265 + ret 266 + ENDPROC(pmull_gcm_encrypt_block)

+482 -35

arch/arm64/crypto/ghash-ce-glue.c

··· 1 1 /* 2 2 * Accelerated GHASH implementation with ARMv8 PMULL instructions. 3 3 * 4 - * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2014 - 2017 Linaro Ltd. <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify it 7 7 * under the terms of the GNU General Public License version 2 as published ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 12 13 #include <asm/unaligned.h> 14 + #include <crypto/aes.h> 15 + #include <crypto/algapi.h> 16 + #include <crypto/b128ops.h> 17 + #include <crypto/gf128mul.h> 18 + #include <crypto/internal/aead.h> 13 19 #include <crypto/internal/hash.h> 20 + #include <crypto/internal/skcipher.h> 21 + #include <crypto/scatterwalk.h> 14 22 #include <linux/cpufeature.h> 15 23 #include <linux/crypto.h> 16 24 #include <linux/module.h> 17 25 18 - MODULE_DESCRIPTION("GHASH secure hash using ARMv8 Crypto Extensions"); 26 + MODULE_DESCRIPTION("GHASH and AES-GCM using ARMv8 Crypto Extensions"); 19 27 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>"); 20 28 MODULE_LICENSE("GPL v2"); 29 + MODULE_ALIAS_CRYPTO("ghash"); 21 30 22 31 #define GHASH_BLOCK_SIZE 16 23 32 #define GHASH_DIGEST_SIZE 16 33 + #define GCM_IV_SIZE 12 24 34 25 35 struct ghash_key { 26 36 u64 a; 27 37 u64 b; 38 + be128 k; 28 39 }; 29 40 30 41 struct ghash_desc_ctx { ··· 44 33 u32 count; 45 34 }; 46 35 47 - asmlinkage void pmull_ghash_update(int blocks, u64 dg[], const char *src, 48 - struct ghash_key const *k, const char *head); 36 + struct gcm_aes_ctx { 37 + struct crypto_aes_ctx aes_key; 38 + struct ghash_key ghash_key; 39 + }; 40 + 41 + asmlinkage void pmull_ghash_update_p64(int blocks, u64 dg[], const char *src, 42 + struct ghash_key const *k, 43 + const char *head); 44 + 45 + asmlinkage void pmull_ghash_update_p8(int blocks, u64 dg[], const char *src, 46 + struct ghash_key const *k, 47 + const char *head); 48 + 49 + static void (*pmull_ghash_update)(int blocks, u64 dg[], const char *src, 50 + struct ghash_key const *k, 51 + const char *head); 52 + 53 + asmlinkage void pmull_gcm_encrypt(int blocks, u64 dg[], u8 dst[], 54 + const u8 src[], struct ghash_key const *k, 55 + u8 ctr[], int rounds, u8 ks[]); 56 + 57 + asmlinkage void pmull_gcm_decrypt(int blocks, u64 dg[], u8 dst[], 58 + const u8 src[], struct ghash_key const *k, 59 + u8 ctr[], int rounds); 60 + 61 + asmlinkage void pmull_gcm_encrypt_block(u8 dst[], u8 const src[], 62 + u32 const rk[], int rounds); 63 + 64 + asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); 49 65 50 66 static int ghash_init(struct shash_desc *desc) 51 67 { ··· 80 42 81 43 *ctx = (struct ghash_desc_ctx){}; 82 44 return 0; 45 + } 46 + 47 + static void ghash_do_update(int blocks, u64 dg[], const char *src, 48 + struct ghash_key *key, const char *head) 49 + { 50 + if (likely(may_use_simd())) { 51 + kernel_neon_begin(); 52 + pmull_ghash_update(blocks, dg, src, key, head); 53 + kernel_neon_end(); 54 + } else { 55 + be128 dst = { cpu_to_be64(dg[1]), cpu_to_be64(dg[0]) }; 56 + 57 + do { 58 + const u8 *in = src; 59 + 60 + if (head) { 61 + in = head; 62 + blocks++; 63 + head = NULL; 64 + } else { 65 + src += GHASH_BLOCK_SIZE; 66 + } 67 + 68 + crypto_xor((u8 *)&dst, in, GHASH_BLOCK_SIZE); 69 + gf128mul_lle(&dst, &key->k); 70 + } while (--blocks); 71 + 72 + dg[0] = be64_to_cpu(dst.b); 73 + dg[1] = be64_to_cpu(dst.a); 74 + } 83 75 } 84 76 85 77 static int ghash_update(struct shash_desc *desc, const u8 *src, ··· 135 67 blocks = len / GHASH_BLOCK_SIZE; 136 68 len %= GHASH_BLOCK_SIZE; 137 69 138 - kernel_neon_begin_partial(8); 139 - pmull_ghash_update(blocks, ctx->digest, src, key, 140 - partial ? ctx->buf : NULL); 141 - kernel_neon_end(); 70 + ghash_do_update(blocks, ctx->digest, src, key, 71 + partial ? ctx->buf : NULL); 72 + 142 73 src += blocks * GHASH_BLOCK_SIZE; 143 74 partial = 0; 144 75 } ··· 156 89 157 90 memset(ctx->buf + partial, 0, GHASH_BLOCK_SIZE - partial); 158 91 159 - kernel_neon_begin_partial(8); 160 - pmull_ghash_update(1, ctx->digest, ctx->buf, key, NULL); 161 - kernel_neon_end(); 92 + ghash_do_update(1, ctx->digest, ctx->buf, key, NULL); 162 93 } 163 94 put_unaligned_be64(ctx->digest[1], dst); 164 95 put_unaligned_be64(ctx->digest[0], dst + 8); ··· 165 100 return 0; 166 101 } 167 102 168 - static int ghash_setkey(struct crypto_shash *tfm, 169 - const u8 *inkey, unsigned int keylen) 103 + static int __ghash_setkey(struct ghash_key *key, 104 + const u8 *inkey, unsigned int keylen) 170 105 { 171 - struct ghash_key *key = crypto_shash_ctx(tfm); 172 106 u64 a, b; 173 107 174 - if (keylen != GHASH_BLOCK_SIZE) { 175 - crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 176 - return -EINVAL; 177 - } 108 + /* needed for the fallback */ 109 + memcpy(&key->k, inkey, GHASH_BLOCK_SIZE); 178 110 179 111 /* perform multiplication by 'x' in GF(2^128) */ 180 112 b = get_unaligned_be64(inkey); ··· 186 124 return 0; 187 125 } 188 126 127 + static int ghash_setkey(struct crypto_shash *tfm, 128 + const u8 *inkey, unsigned int keylen) 129 + { 130 + struct ghash_key *key = crypto_shash_ctx(tfm); 131 + 132 + if (keylen != GHASH_BLOCK_SIZE) { 133 + crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 134 + return -EINVAL; 135 + } 136 + 137 + return __ghash_setkey(key, inkey, keylen); 138 + } 139 + 189 140 static struct shash_alg ghash_alg = { 190 - .digestsize = GHASH_DIGEST_SIZE, 191 - .init = ghash_init, 192 - .update = ghash_update, 193 - .final = ghash_final, 194 - .setkey = ghash_setkey, 195 - .descsize = sizeof(struct ghash_desc_ctx), 196 - .base = { 197 - .cra_name = "ghash", 198 - .cra_driver_name = "ghash-ce", 199 - .cra_priority = 200, 200 - .cra_flags = CRYPTO_ALG_TYPE_SHASH, 201 - .cra_blocksize = GHASH_BLOCK_SIZE, 202 - .cra_ctxsize = sizeof(struct ghash_key), 203 - .cra_module = THIS_MODULE, 204 - }, 141 + .base.cra_name = "ghash", 142 + .base.cra_driver_name = "ghash-ce", 143 + .base.cra_priority = 200, 144 + .base.cra_flags = CRYPTO_ALG_TYPE_SHASH, 145 + .base.cra_blocksize = GHASH_BLOCK_SIZE, 146 + .base.cra_ctxsize = sizeof(struct ghash_key), 147 + .base.cra_module = THIS_MODULE, 148 + 149 + .digestsize = GHASH_DIGEST_SIZE, 150 + .init = ghash_init, 151 + .update = ghash_update, 152 + .final = ghash_final, 153 + .setkey = ghash_setkey, 154 + .descsize = sizeof(struct ghash_desc_ctx), 155 + }; 156 + 157 + static int num_rounds(struct crypto_aes_ctx *ctx) 158 + { 159 + /* 160 + * # of rounds specified by AES: 161 + * 128 bit key 10 rounds 162 + * 192 bit key 12 rounds 163 + * 256 bit key 14 rounds 164 + * => n byte key => 6 + (n/4) rounds 165 + */ 166 + return 6 + ctx->key_length / 4; 167 + } 168 + 169 + static int gcm_setkey(struct crypto_aead *tfm, const u8 *inkey, 170 + unsigned int keylen) 171 + { 172 + struct gcm_aes_ctx *ctx = crypto_aead_ctx(tfm); 173 + u8 key[GHASH_BLOCK_SIZE]; 174 + int ret; 175 + 176 + ret = crypto_aes_expand_key(&ctx->aes_key, inkey, keylen); 177 + if (ret) { 178 + tfm->base.crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; 179 + return -EINVAL; 180 + } 181 + 182 + __aes_arm64_encrypt(ctx->aes_key.key_enc, key, (u8[AES_BLOCK_SIZE]){}, 183 + num_rounds(&ctx->aes_key)); 184 + 185 + return __ghash_setkey(&ctx->ghash_key, key, sizeof(key)); 186 + } 187 + 188 + static int gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 189 + { 190 + switch (authsize) { 191 + case 4: 192 + case 8: 193 + case 12 ... 16: 194 + break; 195 + default: 196 + return -EINVAL; 197 + } 198 + return 0; 199 + } 200 + 201 + static void gcm_update_mac(u64 dg[], const u8 *src, int count, u8 buf[], 202 + int *buf_count, struct gcm_aes_ctx *ctx) 203 + { 204 + if (*buf_count > 0) { 205 + int buf_added = min(count, GHASH_BLOCK_SIZE - *buf_count); 206 + 207 + memcpy(&buf[*buf_count], src, buf_added); 208 + 209 + *buf_count += buf_added; 210 + src += buf_added; 211 + count -= buf_added; 212 + } 213 + 214 + if (count >= GHASH_BLOCK_SIZE || *buf_count == GHASH_BLOCK_SIZE) { 215 + int blocks = count / GHASH_BLOCK_SIZE; 216 + 217 + ghash_do_update(blocks, dg, src, &ctx->ghash_key, 218 + *buf_count ? buf : NULL); 219 + 220 + src += blocks * GHASH_BLOCK_SIZE; 221 + count %= GHASH_BLOCK_SIZE; 222 + *buf_count = 0; 223 + } 224 + 225 + if (count > 0) { 226 + memcpy(buf, src, count); 227 + *buf_count = count; 228 + } 229 + } 230 + 231 + static void gcm_calculate_auth_mac(struct aead_request *req, u64 dg[]) 232 + { 233 + struct crypto_aead *aead = crypto_aead_reqtfm(req); 234 + struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); 235 + u8 buf[GHASH_BLOCK_SIZE]; 236 + struct scatter_walk walk; 237 + u32 len = req->assoclen; 238 + int buf_count = 0; 239 + 240 + scatterwalk_start(&walk, req->src); 241 + 242 + do { 243 + u32 n = scatterwalk_clamp(&walk, len); 244 + u8 *p; 245 + 246 + if (!n) { 247 + scatterwalk_start(&walk, sg_next(walk.sg)); 248 + n = scatterwalk_clamp(&walk, len); 249 + } 250 + p = scatterwalk_map(&walk); 251 + 252 + gcm_update_mac(dg, p, n, buf, &buf_count, ctx); 253 + len -= n; 254 + 255 + scatterwalk_unmap(p); 256 + scatterwalk_advance(&walk, n); 257 + scatterwalk_done(&walk, 0, len); 258 + } while (len); 259 + 260 + if (buf_count) { 261 + memset(&buf[buf_count], 0, GHASH_BLOCK_SIZE - buf_count); 262 + ghash_do_update(1, dg, buf, &ctx->ghash_key, NULL); 263 + } 264 + } 265 + 266 + static void gcm_final(struct aead_request *req, struct gcm_aes_ctx *ctx, 267 + u64 dg[], u8 tag[], int cryptlen) 268 + { 269 + u8 mac[AES_BLOCK_SIZE]; 270 + u128 lengths; 271 + 272 + lengths.a = cpu_to_be64(req->assoclen * 8); 273 + lengths.b = cpu_to_be64(cryptlen * 8); 274 + 275 + ghash_do_update(1, dg, (void *)&lengths, &ctx->ghash_key, NULL); 276 + 277 + put_unaligned_be64(dg[1], mac); 278 + put_unaligned_be64(dg[0], mac + 8); 279 + 280 + crypto_xor(tag, mac, AES_BLOCK_SIZE); 281 + } 282 + 283 + static int gcm_encrypt(struct aead_request *req) 284 + { 285 + struct crypto_aead *aead = crypto_aead_reqtfm(req); 286 + struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); 287 + struct skcipher_walk walk; 288 + u8 iv[AES_BLOCK_SIZE]; 289 + u8 ks[AES_BLOCK_SIZE]; 290 + u8 tag[AES_BLOCK_SIZE]; 291 + u64 dg[2] = {}; 292 + int err; 293 + 294 + if (req->assoclen) 295 + gcm_calculate_auth_mac(req, dg); 296 + 297 + memcpy(iv, req->iv, GCM_IV_SIZE); 298 + put_unaligned_be32(1, iv + GCM_IV_SIZE); 299 + 300 + if (likely(may_use_simd())) { 301 + kernel_neon_begin(); 302 + 303 + pmull_gcm_encrypt_block(tag, iv, ctx->aes_key.key_enc, 304 + num_rounds(&ctx->aes_key)); 305 + put_unaligned_be32(2, iv + GCM_IV_SIZE); 306 + pmull_gcm_encrypt_block(ks, iv, NULL, 307 + num_rounds(&ctx->aes_key)); 308 + put_unaligned_be32(3, iv + GCM_IV_SIZE); 309 + 310 + err = skcipher_walk_aead_encrypt(&walk, req, true); 311 + 312 + while (walk.nbytes >= AES_BLOCK_SIZE) { 313 + int blocks = walk.nbytes / AES_BLOCK_SIZE; 314 + 315 + pmull_gcm_encrypt(blocks, dg, walk.dst.virt.addr, 316 + walk.src.virt.addr, &ctx->ghash_key, 317 + iv, num_rounds(&ctx->aes_key), ks); 318 + 319 + err = skcipher_walk_done(&walk, 320 + walk.nbytes % AES_BLOCK_SIZE); 321 + } 322 + kernel_neon_end(); 323 + } else { 324 + __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv, 325 + num_rounds(&ctx->aes_key)); 326 + put_unaligned_be32(2, iv + GCM_IV_SIZE); 327 + 328 + err = skcipher_walk_aead_encrypt(&walk, req, true); 329 + 330 + while (walk.nbytes >= AES_BLOCK_SIZE) { 331 + int blocks = walk.nbytes / AES_BLOCK_SIZE; 332 + u8 *dst = walk.dst.virt.addr; 333 + u8 *src = walk.src.virt.addr; 334 + 335 + do { 336 + __aes_arm64_encrypt(ctx->aes_key.key_enc, 337 + ks, iv, 338 + num_rounds(&ctx->aes_key)); 339 + crypto_xor_cpy(dst, src, ks, AES_BLOCK_SIZE); 340 + crypto_inc(iv, AES_BLOCK_SIZE); 341 + 342 + dst += AES_BLOCK_SIZE; 343 + src += AES_BLOCK_SIZE; 344 + } while (--blocks > 0); 345 + 346 + ghash_do_update(walk.nbytes / AES_BLOCK_SIZE, dg, 347 + walk.dst.virt.addr, &ctx->ghash_key, 348 + NULL); 349 + 350 + err = skcipher_walk_done(&walk, 351 + walk.nbytes % AES_BLOCK_SIZE); 352 + } 353 + if (walk.nbytes) 354 + __aes_arm64_encrypt(ctx->aes_key.key_enc, ks, iv, 355 + num_rounds(&ctx->aes_key)); 356 + } 357 + 358 + /* handle the tail */ 359 + if (walk.nbytes) { 360 + u8 buf[GHASH_BLOCK_SIZE]; 361 + 362 + crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, ks, 363 + walk.nbytes); 364 + 365 + memcpy(buf, walk.dst.virt.addr, walk.nbytes); 366 + memset(buf + walk.nbytes, 0, GHASH_BLOCK_SIZE - walk.nbytes); 367 + ghash_do_update(1, dg, buf, &ctx->ghash_key, NULL); 368 + 369 + err = skcipher_walk_done(&walk, 0); 370 + } 371 + 372 + if (err) 373 + return err; 374 + 375 + gcm_final(req, ctx, dg, tag, req->cryptlen); 376 + 377 + /* copy authtag to end of dst */ 378 + scatterwalk_map_and_copy(tag, req->dst, req->assoclen + req->cryptlen, 379 + crypto_aead_authsize(aead), 1); 380 + 381 + return 0; 382 + } 383 + 384 + static int gcm_decrypt(struct aead_request *req) 385 + { 386 + struct crypto_aead *aead = crypto_aead_reqtfm(req); 387 + struct gcm_aes_ctx *ctx = crypto_aead_ctx(aead); 388 + unsigned int authsize = crypto_aead_authsize(aead); 389 + struct skcipher_walk walk; 390 + u8 iv[AES_BLOCK_SIZE]; 391 + u8 tag[AES_BLOCK_SIZE]; 392 + u8 buf[GHASH_BLOCK_SIZE]; 393 + u64 dg[2] = {}; 394 + int err; 395 + 396 + if (req->assoclen) 397 + gcm_calculate_auth_mac(req, dg); 398 + 399 + memcpy(iv, req->iv, GCM_IV_SIZE); 400 + put_unaligned_be32(1, iv + GCM_IV_SIZE); 401 + 402 + if (likely(may_use_simd())) { 403 + kernel_neon_begin(); 404 + 405 + pmull_gcm_encrypt_block(tag, iv, ctx->aes_key.key_enc, 406 + num_rounds(&ctx->aes_key)); 407 + put_unaligned_be32(2, iv + GCM_IV_SIZE); 408 + 409 + err = skcipher_walk_aead_decrypt(&walk, req, true); 410 + 411 + while (walk.nbytes >= AES_BLOCK_SIZE) { 412 + int blocks = walk.nbytes / AES_BLOCK_SIZE; 413 + 414 + pmull_gcm_decrypt(blocks, dg, walk.dst.virt.addr, 415 + walk.src.virt.addr, &ctx->ghash_key, 416 + iv, num_rounds(&ctx->aes_key)); 417 + 418 + err = skcipher_walk_done(&walk, 419 + walk.nbytes % AES_BLOCK_SIZE); 420 + } 421 + if (walk.nbytes) 422 + pmull_gcm_encrypt_block(iv, iv, NULL, 423 + num_rounds(&ctx->aes_key)); 424 + 425 + kernel_neon_end(); 426 + } else { 427 + __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv, 428 + num_rounds(&ctx->aes_key)); 429 + put_unaligned_be32(2, iv + GCM_IV_SIZE); 430 + 431 + err = skcipher_walk_aead_decrypt(&walk, req, true); 432 + 433 + while (walk.nbytes >= AES_BLOCK_SIZE) { 434 + int blocks = walk.nbytes / AES_BLOCK_SIZE; 435 + u8 *dst = walk.dst.virt.addr; 436 + u8 *src = walk.src.virt.addr; 437 + 438 + ghash_do_update(blocks, dg, walk.src.virt.addr, 439 + &ctx->ghash_key, NULL); 440 + 441 + do { 442 + __aes_arm64_encrypt(ctx->aes_key.key_enc, 443 + buf, iv, 444 + num_rounds(&ctx->aes_key)); 445 + crypto_xor_cpy(dst, src, buf, AES_BLOCK_SIZE); 446 + crypto_inc(iv, AES_BLOCK_SIZE); 447 + 448 + dst += AES_BLOCK_SIZE; 449 + src += AES_BLOCK_SIZE; 450 + } while (--blocks > 0); 451 + 452 + err = skcipher_walk_done(&walk, 453 + walk.nbytes % AES_BLOCK_SIZE); 454 + } 455 + if (walk.nbytes) 456 + __aes_arm64_encrypt(ctx->aes_key.key_enc, iv, iv, 457 + num_rounds(&ctx->aes_key)); 458 + } 459 + 460 + /* handle the tail */ 461 + if (walk.nbytes) { 462 + memcpy(buf, walk.src.virt.addr, walk.nbytes); 463 + memset(buf + walk.nbytes, 0, GHASH_BLOCK_SIZE - walk.nbytes); 464 + ghash_do_update(1, dg, buf, &ctx->ghash_key, NULL); 465 + 466 + crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, iv, 467 + walk.nbytes); 468 + 469 + err = skcipher_walk_done(&walk, 0); 470 + } 471 + 472 + if (err) 473 + return err; 474 + 475 + gcm_final(req, ctx, dg, tag, req->cryptlen - authsize); 476 + 477 + /* compare calculated auth tag with the stored one */ 478 + scatterwalk_map_and_copy(buf, req->src, 479 + req->assoclen + req->cryptlen - authsize, 480 + authsize, 0); 481 + 482 + if (crypto_memneq(tag, buf, authsize)) 483 + return -EBADMSG; 484 + return 0; 485 + } 486 + 487 + static struct aead_alg gcm_aes_alg = { 488 + .ivsize = GCM_IV_SIZE, 489 + .chunksize = AES_BLOCK_SIZE, 490 + .maxauthsize = AES_BLOCK_SIZE, 491 + .setkey = gcm_setkey, 492 + .setauthsize = gcm_setauthsize, 493 + .encrypt = gcm_encrypt, 494 + .decrypt = gcm_decrypt, 495 + 496 + .base.cra_name = "gcm(aes)", 497 + .base.cra_driver_name = "gcm-aes-ce", 498 + .base.cra_priority = 300, 499 + .base.cra_blocksize = 1, 500 + .base.cra_ctxsize = sizeof(struct gcm_aes_ctx), 501 + .base.cra_module = THIS_MODULE, 205 502 }; 206 503 207 504 static int __init ghash_ce_mod_init(void) 208 505 { 209 - return crypto_register_shash(&ghash_alg); 506 + int ret; 507 + 508 + if (!(elf_hwcap & HWCAP_ASIMD)) 509 + return -ENODEV; 510 + 511 + if (elf_hwcap & HWCAP_PMULL) 512 + pmull_ghash_update = pmull_ghash_update_p64; 513 + 514 + else 515 + pmull_ghash_update = pmull_ghash_update_p8; 516 + 517 + ret = crypto_register_shash(&ghash_alg); 518 + if (ret) 519 + return ret; 520 + 521 + if (elf_hwcap & HWCAP_PMULL) { 522 + ret = crypto_register_aead(&gcm_aes_alg); 523 + if (ret) 524 + crypto_unregister_shash(&ghash_alg); 525 + } 526 + return ret; 210 527 } 211 528 212 529 static void __exit ghash_ce_mod_exit(void) 213 530 { 214 531 crypto_unregister_shash(&ghash_alg); 532 + crypto_unregister_aead(&gcm_aes_alg); 215 533 } 216 534 217 - module_cpu_feature_match(PMULL, ghash_ce_mod_init); 535 + static const struct cpu_feature ghash_cpu_feature[] = { 536 + { cpu_feature(PMULL) }, { } 537 + }; 538 + MODULE_DEVICE_TABLE(cpu, ghash_cpu_feature); 539 + 540 + module_init(ghash_ce_mod_init); 218 541 module_exit(ghash_ce_mod_exit);

+14 -4

arch/arm64/crypto/sha1-ce-glue.c

··· 1 1 /* 2 2 * sha1-ce-glue.c - SHA-1 secure hash using ARMv8 Crypto Extensions 3 3 * 4 - * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2014 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 12 13 #include <asm/unaligned.h> 13 14 #include <crypto/internal/hash.h> 14 15 #include <crypto/sha.h> ··· 38 37 { 39 38 struct sha1_ce_state *sctx = shash_desc_ctx(desc); 40 39 40 + if (!may_use_simd()) 41 + return crypto_sha1_update(desc, data, len); 42 + 41 43 sctx->finalize = 0; 42 - kernel_neon_begin_partial(16); 44 + kernel_neon_begin(); 43 45 sha1_base_do_update(desc, data, len, 44 46 (sha1_block_fn *)sha1_ce_transform); 45 47 kernel_neon_end(); ··· 56 52 struct sha1_ce_state *sctx = shash_desc_ctx(desc); 57 53 bool finalize = !sctx->sst.count && !(len % SHA1_BLOCK_SIZE); 58 54 55 + if (!may_use_simd()) 56 + return crypto_sha1_finup(desc, data, len, out); 57 + 59 58 /* 60 59 * Allow the asm code to perform the finalization if there is no 61 60 * partial data and the input is a round multiple of the block size. 62 61 */ 63 62 sctx->finalize = finalize; 64 63 65 - kernel_neon_begin_partial(16); 64 + kernel_neon_begin(); 66 65 sha1_base_do_update(desc, data, len, 67 66 (sha1_block_fn *)sha1_ce_transform); 68 67 if (!finalize) ··· 78 71 { 79 72 struct sha1_ce_state *sctx = shash_desc_ctx(desc); 80 73 74 + if (!may_use_simd()) 75 + return crypto_sha1_finup(desc, NULL, 0, out); 76 + 81 77 sctx->finalize = 0; 82 - kernel_neon_begin_partial(16); 78 + kernel_neon_begin(); 83 79 sha1_base_do_finalize(desc, (sha1_block_fn *)sha1_ce_transform); 84 80 kernel_neon_end(); 85 81 return sha1_base_finish(desc, out);

+26 -4

arch/arm64/crypto/sha2-ce-glue.c

··· 1 1 /* 2 2 * sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions 3 3 * 4 - * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 4 + * Copyright (C) 2014 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org> 5 5 * 6 6 * This program is free software; you can redistribute it and/or modify 7 7 * it under the terms of the GNU General Public License version 2 as ··· 9 9 */ 10 10 11 11 #include <asm/neon.h> 12 + #include <asm/simd.h> 12 13 #include <asm/unaligned.h> 13 14 #include <crypto/internal/hash.h> 14 15 #include <crypto/sha.h> ··· 35 34 const u32 sha256_ce_offsetof_finalize = offsetof(struct sha256_ce_state, 36 35 finalize); 37 36 37 + asmlinkage void sha256_block_data_order(u32 *digest, u8 const *src, int blocks); 38 + 38 39 static int sha256_ce_update(struct shash_desc *desc, const u8 *data, 39 40 unsigned int len) 40 41 { 41 42 struct sha256_ce_state *sctx = shash_desc_ctx(desc); 42 43 44 + if (!may_use_simd()) 45 + return sha256_base_do_update(desc, data, len, 46 + (sha256_block_fn *)sha256_block_data_order); 47 + 43 48 sctx->finalize = 0; 44 - kernel_neon_begin_partial(28); 49 + kernel_neon_begin(); 45 50 sha256_base_do_update(desc, data, len, 46 51 (sha256_block_fn *)sha2_ce_transform); 47 52 kernel_neon_end(); ··· 61 54 struct sha256_ce_state *sctx = shash_desc_ctx(desc); 62 55 bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE); 63 56 57 + if (!may_use_simd()) { 58 + if (len) 59 + sha256_base_do_update(desc, data, len, 60 + (sha256_block_fn *)sha256_block_data_order); 61 + sha256_base_do_finalize(desc, 62 + (sha256_block_fn *)sha256_block_data_order); 63 + return sha256_base_finish(desc, out); 64 + } 65 + 64 66 /* 65 67 * Allow the asm code to perform the finalization if there is no 66 68 * partial data and the input is a round multiple of the block size. 67 69 */ 68 70 sctx->finalize = finalize; 69 71 70 - kernel_neon_begin_partial(28); 72 + kernel_neon_begin(); 71 73 sha256_base_do_update(desc, data, len, 72 74 (sha256_block_fn *)sha2_ce_transform); 73 75 if (!finalize) ··· 90 74 { 91 75 struct sha256_ce_state *sctx = shash_desc_ctx(desc); 92 76 77 + if (!may_use_simd()) { 78 + sha256_base_do_finalize(desc, 79 + (sha256_block_fn *)sha256_block_data_order); 80 + return sha256_base_finish(desc, out); 81 + } 82 + 93 83 sctx->finalize = 0; 94 - kernel_neon_begin_partial(28); 84 + kernel_neon_begin(); 95 85 sha256_base_do_finalize(desc, (sha256_block_fn *)sha2_ce_transform); 96 86 kernel_neon_end(); 97 87 return sha256_base_finish(desc, out);

+1

arch/arm64/crypto/sha256-glue.c

··· 29 29 30 30 asmlinkage void sha256_block_data_order(u32 *digest, const void *data, 31 31 unsigned int num_blks); 32 + EXPORT_SYMBOL(sha256_block_data_order); 32 33 33 34 asmlinkage void sha256_block_neon(u32 *digest, const void *data, 34 35 unsigned int num_blks);

+1 -2

arch/sparc/crypto/aes_glue.c

··· 344 344 345 345 ctx->ops->ecb_encrypt(&ctx->key[0], (const u64 *)ctrblk, 346 346 keystream, AES_BLOCK_SIZE); 347 - crypto_xor((u8 *) keystream, src, nbytes); 348 - memcpy(dst, keystream, nbytes); 347 + crypto_xor_cpy(dst, (u8 *) keystream, src, nbytes); 349 348 crypto_inc(ctrblk, AES_BLOCK_SIZE); 350 349 } 351 350

+2 -2

arch/x86/crypto/aesni-intel_glue.c

··· 475 475 unsigned int nbytes = walk->nbytes; 476 476 477 477 aesni_enc(ctx, keystream, ctrblk); 478 - crypto_xor(keystream, src, nbytes); 479 - memcpy(dst, keystream, nbytes); 478 + crypto_xor_cpy(dst, keystream, src, nbytes); 479 + 480 480 crypto_inc(ctrblk, AES_BLOCK_SIZE); 481 481 } 482 482

+1 -2

arch/x86/crypto/blowfish_glue.c

··· 271 271 unsigned int nbytes = walk->nbytes; 272 272 273 273 blowfish_enc_blk(ctx, keystream, ctrblk); 274 - crypto_xor(keystream, src, nbytes); 275 - memcpy(dst, keystream, nbytes); 274 + crypto_xor_cpy(dst, keystream, src, nbytes); 276 275 277 276 crypto_inc(ctrblk, BF_BLOCK_SIZE); 278 277 }

+1 -2

arch/x86/crypto/cast5_avx_glue.c

··· 256 256 unsigned int nbytes = walk->nbytes; 257 257 258 258 __cast5_encrypt(ctx, keystream, ctrblk); 259 - crypto_xor(keystream, src, nbytes); 260 - memcpy(dst, keystream, nbytes); 259 + crypto_xor_cpy(dst, keystream, src, nbytes); 261 260 262 261 crypto_inc(ctrblk, CAST5_BLOCK_SIZE); 263 262 }

+1 -2

arch/x86/crypto/des3_ede_glue.c

··· 277 277 unsigned int nbytes = walk->nbytes; 278 278 279 279 des3_ede_enc_blk(ctx, keystream, ctrblk); 280 - crypto_xor(keystream, src, nbytes); 281 - memcpy(dst, keystream, nbytes); 280 + crypto_xor_cpy(dst, keystream, src, nbytes); 282 281 283 282 crypto_inc(ctrblk, DES3_EDE_BLOCK_SIZE); 284 283 }

+2

crypto/Kconfig

··· 1753 1753 tristate "User-space interface for AEAD cipher algorithms" 1754 1754 depends on NET 1755 1755 select CRYPTO_AEAD 1756 + select CRYPTO_BLKCIPHER 1757 + select CRYPTO_NULL 1756 1758 select CRYPTO_USER_API 1757 1759 help 1758 1760 This option enables the user-spaces interface for AEAD

+691

crypto/af_alg.c

··· 21 21 #include <linux/module.h> 22 22 #include <linux/net.h> 23 23 #include <linux/rwsem.h> 24 + #include <linux/sched/signal.h> 24 25 #include <linux/security.h> 25 26 26 27 struct alg_type_list { ··· 507 506 complete(&completion->completion); 508 507 } 509 508 EXPORT_SYMBOL_GPL(af_alg_complete); 509 + 510 + /** 511 + * af_alg_alloc_tsgl - allocate the TX SGL 512 + * 513 + * @sk socket of connection to user space 514 + * @return: 0 upon success, < 0 upon error 515 + */ 516 + int af_alg_alloc_tsgl(struct sock *sk) 517 + { 518 + struct alg_sock *ask = alg_sk(sk); 519 + struct af_alg_ctx *ctx = ask->private; 520 + struct af_alg_tsgl *sgl; 521 + struct scatterlist *sg = NULL; 522 + 523 + sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 524 + if (!list_empty(&ctx->tsgl_list)) 525 + sg = sgl->sg; 526 + 527 + if (!sg || sgl->cur >= MAX_SGL_ENTS) { 528 + sgl = sock_kmalloc(sk, sizeof(*sgl) + 529 + sizeof(sgl->sg[0]) * (MAX_SGL_ENTS + 1), 530 + GFP_KERNEL); 531 + if (!sgl) 532 + return -ENOMEM; 533 + 534 + sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); 535 + sgl->cur = 0; 536 + 537 + if (sg) 538 + sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); 539 + 540 + list_add_tail(&sgl->list, &ctx->tsgl_list); 541 + } 542 + 543 + return 0; 544 + } 545 + EXPORT_SYMBOL_GPL(af_alg_alloc_tsgl); 546 + 547 + /** 548 + * aead_count_tsgl - Count number of TX SG entries 549 + * 550 + * The counting starts from the beginning of the SGL to @bytes. If 551 + * an offset is provided, the counting of the SG entries starts at the offset. 552 + * 553 + * @sk socket of connection to user space 554 + * @bytes Count the number of SG entries holding given number of bytes. 555 + * @offset Start the counting of SG entries from the given offset. 556 + * @return Number of TX SG entries found given the constraints 557 + */ 558 + unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) 559 + { 560 + struct alg_sock *ask = alg_sk(sk); 561 + struct af_alg_ctx *ctx = ask->private; 562 + struct af_alg_tsgl *sgl, *tmp; 563 + unsigned int i; 564 + unsigned int sgl_count = 0; 565 + 566 + if (!bytes) 567 + return 0; 568 + 569 + list_for_each_entry_safe(sgl, tmp, &ctx->tsgl_list, list) { 570 + struct scatterlist *sg = sgl->sg; 571 + 572 + for (i = 0; i < sgl->cur; i++) { 573 + size_t bytes_count; 574 + 575 + /* Skip offset */ 576 + if (offset >= sg[i].length) { 577 + offset -= sg[i].length; 578 + bytes -= sg[i].length; 579 + continue; 580 + } 581 + 582 + bytes_count = sg[i].length - offset; 583 + 584 + offset = 0; 585 + sgl_count++; 586 + 587 + /* If we have seen requested number of bytes, stop */ 588 + if (bytes_count >= bytes) 589 + return sgl_count; 590 + 591 + bytes -= bytes_count; 592 + } 593 + } 594 + 595 + return sgl_count; 596 + } 597 + EXPORT_SYMBOL_GPL(af_alg_count_tsgl); 598 + 599 + /** 600 + * aead_pull_tsgl - Release the specified buffers from TX SGL 601 + * 602 + * If @dst is non-null, reassign the pages to dst. The caller must release 603 + * the pages. If @dst_offset is given only reassign the pages to @dst starting 604 + * at the @dst_offset (byte). The caller must ensure that @dst is large 605 + * enough (e.g. by using af_alg_count_tsgl with the same offset). 606 + * 607 + * @sk socket of connection to user space 608 + * @used Number of bytes to pull from TX SGL 609 + * @dst If non-NULL, buffer is reassigned to dst SGL instead of releasing. The 610 + * caller must release the buffers in dst. 611 + * @dst_offset Reassign the TX SGL from given offset. All buffers before 612 + * reaching the offset is released. 613 + */ 614 + void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, 615 + size_t dst_offset) 616 + { 617 + struct alg_sock *ask = alg_sk(sk); 618 + struct af_alg_ctx *ctx = ask->private; 619 + struct af_alg_tsgl *sgl; 620 + struct scatterlist *sg; 621 + unsigned int i, j; 622 + 623 + while (!list_empty(&ctx->tsgl_list)) { 624 + sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, 625 + list); 626 + sg = sgl->sg; 627 + 628 + for (i = 0, j = 0; i < sgl->cur; i++) { 629 + size_t plen = min_t(size_t, used, sg[i].length); 630 + struct page *page = sg_page(sg + i); 631 + 632 + if (!page) 633 + continue; 634 + 635 + /* 636 + * Assumption: caller created af_alg_count_tsgl(len) 637 + * SG entries in dst. 638 + */ 639 + if (dst) { 640 + if (dst_offset >= plen) { 641 + /* discard page before offset */ 642 + dst_offset -= plen; 643 + } else { 644 + /* reassign page to dst after offset */ 645 + get_page(page); 646 + sg_set_page(dst + j, page, 647 + plen - dst_offset, 648 + sg[i].offset + dst_offset); 649 + dst_offset = 0; 650 + j++; 651 + } 652 + } 653 + 654 + sg[i].length -= plen; 655 + sg[i].offset += plen; 656 + 657 + used -= plen; 658 + ctx->used -= plen; 659 + 660 + if (sg[i].length) 661 + return; 662 + 663 + put_page(page); 664 + sg_assign_page(sg + i, NULL); 665 + } 666 + 667 + list_del(&sgl->list); 668 + sock_kfree_s(sk, sgl, sizeof(*sgl) + sizeof(sgl->sg[0]) * 669 + (MAX_SGL_ENTS + 1)); 670 + } 671 + 672 + if (!ctx->used) 673 + ctx->merge = 0; 674 + } 675 + EXPORT_SYMBOL_GPL(af_alg_pull_tsgl); 676 + 677 + /** 678 + * af_alg_free_areq_sgls - Release TX and RX SGLs of the request 679 + * 680 + * @areq Request holding the TX and RX SGL 681 + */ 682 + void af_alg_free_areq_sgls(struct af_alg_async_req *areq) 683 + { 684 + struct sock *sk = areq->sk; 685 + struct alg_sock *ask = alg_sk(sk); 686 + struct af_alg_ctx *ctx = ask->private; 687 + struct af_alg_rsgl *rsgl, *tmp; 688 + struct scatterlist *tsgl; 689 + struct scatterlist *sg; 690 + unsigned int i; 691 + 692 + list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) { 693 + ctx->rcvused -= rsgl->sg_num_bytes; 694 + af_alg_free_sg(&rsgl->sgl); 695 + list_del(&rsgl->list); 696 + if (rsgl != &areq->first_rsgl) 697 + sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 698 + } 699 + 700 + tsgl = areq->tsgl; 701 + for_each_sg(tsgl, sg, areq->tsgl_entries, i) { 702 + if (!sg_page(sg)) 703 + continue; 704 + put_page(sg_page(sg)); 705 + } 706 + 707 + if (areq->tsgl && areq->tsgl_entries) 708 + sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); 709 + } 710 + EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls); 711 + 712 + /** 713 + * af_alg_wait_for_wmem - wait for availability of writable memory 714 + * 715 + * @sk socket of connection to user space 716 + * @flags If MSG_DONTWAIT is set, then only report if function would sleep 717 + * @return 0 when writable memory is available, < 0 upon error 718 + */ 719 + int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) 720 + { 721 + DEFINE_WAIT_FUNC(wait, woken_wake_function); 722 + int err = -ERESTARTSYS; 723 + long timeout; 724 + 725 + if (flags & MSG_DONTWAIT) 726 + return -EAGAIN; 727 + 728 + sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); 729 + 730 + add_wait_queue(sk_sleep(sk), &wait); 731 + for (;;) { 732 + if (signal_pending(current)) 733 + break; 734 + timeout = MAX_SCHEDULE_TIMEOUT; 735 + if (sk_wait_event(sk, &timeout, af_alg_writable(sk), &wait)) { 736 + err = 0; 737 + break; 738 + } 739 + } 740 + remove_wait_queue(sk_sleep(sk), &wait); 741 + 742 + return err; 743 + } 744 + EXPORT_SYMBOL_GPL(af_alg_wait_for_wmem); 745 + 746 + /** 747 + * af_alg_wmem_wakeup - wakeup caller when writable memory is available 748 + * 749 + * @sk socket of connection to user space 750 + */ 751 + void af_alg_wmem_wakeup(struct sock *sk) 752 + { 753 + struct socket_wq *wq; 754 + 755 + if (!af_alg_writable(sk)) 756 + return; 757 + 758 + rcu_read_lock(); 759 + wq = rcu_dereference(sk->sk_wq); 760 + if (skwq_has_sleeper(wq)) 761 + wake_up_interruptible_sync_poll(&wq->wait, POLLIN | 762 + POLLRDNORM | 763 + POLLRDBAND); 764 + sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 765 + rcu_read_unlock(); 766 + } 767 + EXPORT_SYMBOL_GPL(af_alg_wmem_wakeup); 768 + 769 + /** 770 + * af_alg_wait_for_data - wait for availability of TX data 771 + * 772 + * @sk socket of connection to user space 773 + * @flags If MSG_DONTWAIT is set, then only report if function would sleep 774 + * @return 0 when writable memory is available, < 0 upon error 775 + */ 776 + int af_alg_wait_for_data(struct sock *sk, unsigned flags) 777 + { 778 + DEFINE_WAIT_FUNC(wait, woken_wake_function); 779 + struct alg_sock *ask = alg_sk(sk); 780 + struct af_alg_ctx *ctx = ask->private; 781 + long timeout; 782 + int err = -ERESTARTSYS; 783 + 784 + if (flags & MSG_DONTWAIT) 785 + return -EAGAIN; 786 + 787 + sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 788 + 789 + add_wait_queue(sk_sleep(sk), &wait); 790 + for (;;) { 791 + if (signal_pending(current)) 792 + break; 793 + timeout = MAX_SCHEDULE_TIMEOUT; 794 + if (sk_wait_event(sk, &timeout, (ctx->used || !ctx->more), 795 + &wait)) { 796 + err = 0; 797 + break; 798 + } 799 + } 800 + remove_wait_queue(sk_sleep(sk), &wait); 801 + 802 + sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 803 + 804 + return err; 805 + } 806 + EXPORT_SYMBOL_GPL(af_alg_wait_for_data); 807 + 808 + /** 809 + * af_alg_data_wakeup - wakeup caller when new data can be sent to kernel 810 + * 811 + * @sk socket of connection to user space 812 + */ 813 + 814 + void af_alg_data_wakeup(struct sock *sk) 815 + { 816 + struct alg_sock *ask = alg_sk(sk); 817 + struct af_alg_ctx *ctx = ask->private; 818 + struct socket_wq *wq; 819 + 820 + if (!ctx->used) 821 + return; 822 + 823 + rcu_read_lock(); 824 + wq = rcu_dereference(sk->sk_wq); 825 + if (skwq_has_sleeper(wq)) 826 + wake_up_interruptible_sync_poll(&wq->wait, POLLOUT | 827 + POLLRDNORM | 828 + POLLRDBAND); 829 + sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 830 + rcu_read_unlock(); 831 + } 832 + EXPORT_SYMBOL_GPL(af_alg_data_wakeup); 833 + 834 + /** 835 + * af_alg_sendmsg - implementation of sendmsg system call handler 836 + * 837 + * The sendmsg system call handler obtains the user data and stores it 838 + * in ctx->tsgl_list. This implies allocation of the required numbers of 839 + * struct af_alg_tsgl. 840 + * 841 + * In addition, the ctx is filled with the information sent via CMSG. 842 + * 843 + * @sock socket of connection to user space 844 + * @msg message from user space 845 + * @size size of message from user space 846 + * @ivsize the size of the IV for the cipher operation to verify that the 847 + * user-space-provided IV has the right size 848 + * @return the number of copied data upon success, < 0 upon error 849 + */ 850 + int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, 851 + unsigned int ivsize) 852 + { 853 + struct sock *sk = sock->sk; 854 + struct alg_sock *ask = alg_sk(sk); 855 + struct af_alg_ctx *ctx = ask->private; 856 + struct af_alg_tsgl *sgl; 857 + struct af_alg_control con = {}; 858 + long copied = 0; 859 + bool enc = 0; 860 + bool init = 0; 861 + int err = 0; 862 + 863 + if (msg->msg_controllen) { 864 + err = af_alg_cmsg_send(msg, &con); 865 + if (err) 866 + return err; 867 + 868 + init = 1; 869 + switch (con.op) { 870 + case ALG_OP_ENCRYPT: 871 + enc = 1; 872 + break; 873 + case ALG_OP_DECRYPT: 874 + enc = 0; 875 + break; 876 + default: 877 + return -EINVAL; 878 + } 879 + 880 + if (con.iv && con.iv->ivlen != ivsize) 881 + return -EINVAL; 882 + } 883 + 884 + lock_sock(sk); 885 + if (!ctx->more && ctx->used) { 886 + err = -EINVAL; 887 + goto unlock; 888 + } 889 + 890 + if (init) { 891 + ctx->enc = enc; 892 + if (con.iv) 893 + memcpy(ctx->iv, con.iv->iv, ivsize); 894 + 895 + ctx->aead_assoclen = con.aead_assoclen; 896 + } 897 + 898 + while (size) { 899 + struct scatterlist *sg; 900 + size_t len = size; 901 + size_t plen; 902 + 903 + /* use the existing memory in an allocated page */ 904 + if (ctx->merge) { 905 + sgl = list_entry(ctx->tsgl_list.prev, 906 + struct af_alg_tsgl, list); 907 + sg = sgl->sg + sgl->cur - 1; 908 + len = min_t(size_t, len, 909 + PAGE_SIZE - sg->offset - sg->length); 910 + 911 + err = memcpy_from_msg(page_address(sg_page(sg)) + 912 + sg->offset + sg->length, 913 + msg, len); 914 + if (err) 915 + goto unlock; 916 + 917 + sg->length += len; 918 + ctx->merge = (sg->offset + sg->length) & 919 + (PAGE_SIZE - 1); 920 + 921 + ctx->used += len; 922 + copied += len; 923 + size -= len; 924 + continue; 925 + } 926 + 927 + if (!af_alg_writable(sk)) { 928 + err = af_alg_wait_for_wmem(sk, msg->msg_flags); 929 + if (err) 930 + goto unlock; 931 + } 932 + 933 + /* allocate a new page */ 934 + len = min_t(unsigned long, len, af_alg_sndbuf(sk)); 935 + 936 + err = af_alg_alloc_tsgl(sk); 937 + if (err) 938 + goto unlock; 939 + 940 + sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, 941 + list); 942 + sg = sgl->sg; 943 + if (sgl->cur) 944 + sg_unmark_end(sg + sgl->cur - 1); 945 + 946 + do { 947 + unsigned int i = sgl->cur; 948 + 949 + plen = min_t(size_t, len, PAGE_SIZE); 950 + 951 + sg_assign_page(sg + i, alloc_page(GFP_KERNEL)); 952 + if (!sg_page(sg + i)) { 953 + err = -ENOMEM; 954 + goto unlock; 955 + } 956 + 957 + err = memcpy_from_msg(page_address(sg_page(sg + i)), 958 + msg, plen); 959 + if (err) { 960 + __free_page(sg_page(sg + i)); 961 + sg_assign_page(sg + i, NULL); 962 + goto unlock; 963 + } 964 + 965 + sg[i].length = plen; 966 + len -= plen; 967 + ctx->used += plen; 968 + copied += plen; 969 + size -= plen; 970 + sgl->cur++; 971 + } while (len && sgl->cur < MAX_SGL_ENTS); 972 + 973 + if (!size) 974 + sg_mark_end(sg + sgl->cur - 1); 975 + 976 + ctx->merge = plen & (PAGE_SIZE - 1); 977 + } 978 + 979 + err = 0; 980 + 981 + ctx->more = msg->msg_flags & MSG_MORE; 982 + 983 + unlock: 984 + af_alg_data_wakeup(sk); 985 + release_sock(sk); 986 + 987 + return copied ?: err; 988 + } 989 + EXPORT_SYMBOL_GPL(af_alg_sendmsg); 990 + 991 + /** 992 + * af_alg_sendpage - sendpage system call handler 993 + * 994 + * This is a generic implementation of sendpage to fill ctx->tsgl_list. 995 + */ 996 + ssize_t af_alg_sendpage(struct socket *sock, struct page *page, 997 + int offset, size_t size, int flags) 998 + { 999 + struct sock *sk = sock->sk; 1000 + struct alg_sock *ask = alg_sk(sk); 1001 + struct af_alg_ctx *ctx = ask->private; 1002 + struct af_alg_tsgl *sgl; 1003 + int err = -EINVAL; 1004 + 1005 + if (flags & MSG_SENDPAGE_NOTLAST) 1006 + flags |= MSG_MORE; 1007 + 1008 + lock_sock(sk); 1009 + if (!ctx->more && ctx->used) 1010 + goto unlock; 1011 + 1012 + if (!size) 1013 + goto done; 1014 + 1015 + if (!af_alg_writable(sk)) { 1016 + err = af_alg_wait_for_wmem(sk, flags); 1017 + if (err) 1018 + goto unlock; 1019 + } 1020 + 1021 + err = af_alg_alloc_tsgl(sk); 1022 + if (err) 1023 + goto unlock; 1024 + 1025 + ctx->merge = 0; 1026 + sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 1027 + 1028 + if (sgl->cur) 1029 + sg_unmark_end(sgl->sg + sgl->cur - 1); 1030 + 1031 + sg_mark_end(sgl->sg + sgl->cur); 1032 + 1033 + get_page(page); 1034 + sg_set_page(sgl->sg + sgl->cur, page, size, offset); 1035 + sgl->cur++; 1036 + ctx->used += size; 1037 + 1038 + done: 1039 + ctx->more = flags & MSG_MORE; 1040 + 1041 + unlock: 1042 + af_alg_data_wakeup(sk); 1043 + release_sock(sk); 1044 + 1045 + return err ?: size; 1046 + } 1047 + EXPORT_SYMBOL_GPL(af_alg_sendpage); 1048 + 1049 + /** 1050 + * af_alg_async_cb - AIO callback handler 1051 + * 1052 + * This handler cleans up the struct af_alg_async_req upon completion of the 1053 + * AIO operation. 1054 + * 1055 + * The number of bytes to be generated with the AIO operation must be set 1056 + * in areq->outlen before the AIO callback handler is invoked. 1057 + */ 1058 + void af_alg_async_cb(struct crypto_async_request *_req, int err) 1059 + { 1060 + struct af_alg_async_req *areq = _req->data; 1061 + struct sock *sk = areq->sk; 1062 + struct kiocb *iocb = areq->iocb; 1063 + unsigned int resultlen; 1064 + 1065 + lock_sock(sk); 1066 + 1067 + /* Buffer size written by crypto operation. */ 1068 + resultlen = areq->outlen; 1069 + 1070 + af_alg_free_areq_sgls(areq); 1071 + sock_kfree_s(sk, areq, areq->areqlen); 1072 + __sock_put(sk); 1073 + 1074 + iocb->ki_complete(iocb, err ? err : resultlen, 0); 1075 + 1076 + release_sock(sk); 1077 + } 1078 + EXPORT_SYMBOL_GPL(af_alg_async_cb); 1079 + 1080 + /** 1081 + * af_alg_poll - poll system call handler 1082 + */ 1083 + unsigned int af_alg_poll(struct file *file, struct socket *sock, 1084 + poll_table *wait) 1085 + { 1086 + struct sock *sk = sock->sk; 1087 + struct alg_sock *ask = alg_sk(sk); 1088 + struct af_alg_ctx *ctx = ask->private; 1089 + unsigned int mask; 1090 + 1091 + sock_poll_wait(file, sk_sleep(sk), wait); 1092 + mask = 0; 1093 + 1094 + if (!ctx->more || ctx->used) 1095 + mask |= POLLIN | POLLRDNORM; 1096 + 1097 + if (af_alg_writable(sk)) 1098 + mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 1099 + 1100 + return mask; 1101 + } 1102 + EXPORT_SYMBOL_GPL(af_alg_poll); 1103 + 1104 + /** 1105 + * af_alg_alloc_areq - allocate struct af_alg_async_req 1106 + * 1107 + * @sk socket of connection to user space 1108 + * @areqlen size of struct af_alg_async_req + crypto_*_reqsize 1109 + * @return allocated data structure or ERR_PTR upon error 1110 + */ 1111 + struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, 1112 + unsigned int areqlen) 1113 + { 1114 + struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); 1115 + 1116 + if (unlikely(!areq)) 1117 + return ERR_PTR(-ENOMEM); 1118 + 1119 + areq->areqlen = areqlen; 1120 + areq->sk = sk; 1121 + areq->last_rsgl = NULL; 1122 + INIT_LIST_HEAD(&areq->rsgl_list); 1123 + areq->tsgl = NULL; 1124 + areq->tsgl_entries = 0; 1125 + 1126 + return areq; 1127 + } 1128 + EXPORT_SYMBOL_GPL(af_alg_alloc_areq); 1129 + 1130 + /** 1131 + * af_alg_get_rsgl - create the RX SGL for the output data from the crypto 1132 + * operation 1133 + * 1134 + * @sk socket of connection to user space 1135 + * @msg user space message 1136 + * @flags flags used to invoke recvmsg with 1137 + * @areq instance of the cryptographic request that will hold the RX SGL 1138 + * @maxsize maximum number of bytes to be pulled from user space 1139 + * @outlen number of bytes in the RX SGL 1140 + * @return 0 on success, < 0 upon error 1141 + */ 1142 + int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, 1143 + struct af_alg_async_req *areq, size_t maxsize, 1144 + size_t *outlen) 1145 + { 1146 + struct alg_sock *ask = alg_sk(sk); 1147 + struct af_alg_ctx *ctx = ask->private; 1148 + size_t len = 0; 1149 + 1150 + while (maxsize > len && msg_data_left(msg)) { 1151 + struct af_alg_rsgl *rsgl; 1152 + size_t seglen; 1153 + int err; 1154 + 1155 + /* limit the amount of readable buffers */ 1156 + if (!af_alg_readable(sk)) 1157 + break; 1158 + 1159 + if (!ctx->used) { 1160 + err = af_alg_wait_for_data(sk, flags); 1161 + if (err) 1162 + return err; 1163 + } 1164 + 1165 + seglen = min_t(size_t, (maxsize - len), 1166 + msg_data_left(msg)); 1167 + 1168 + if (list_empty(&areq->rsgl_list)) { 1169 + rsgl = &areq->first_rsgl; 1170 + } else { 1171 + rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 1172 + if (unlikely(!rsgl)) 1173 + return -ENOMEM; 1174 + } 1175 + 1176 + rsgl->sgl.npages = 0; 1177 + list_add_tail(&rsgl->list, &areq->rsgl_list); 1178 + 1179 + /* make one iovec available as scatterlist */ 1180 + err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 1181 + if (err < 0) 1182 + return err; 1183 + 1184 + /* chain the new scatterlist with previous one */ 1185 + if (areq->last_rsgl) 1186 + af_alg_link_sg(&areq->last_rsgl->sgl, &rsgl->sgl); 1187 + 1188 + areq->last_rsgl = rsgl; 1189 + len += err; 1190 + ctx->rcvused += err; 1191 + rsgl->sg_num_bytes = err; 1192 + iov_iter_advance(&msg->msg_iter, err); 1193 + } 1194 + 1195 + *outlen = len; 1196 + return 0; 1197 + } 1198 + EXPORT_SYMBOL_GPL(af_alg_get_rsgl); 510 1199 511 1200 static int __init af_alg_init(void) 512 1201 {

+29

crypto/ahash.c

··· 588 588 } 589 589 EXPORT_SYMBOL_GPL(crypto_unregister_ahash); 590 590 591 + int crypto_register_ahashes(struct ahash_alg *algs, int count) 592 + { 593 + int i, ret; 594 + 595 + for (i = 0; i < count; i++) { 596 + ret = crypto_register_ahash(&algs[i]); 597 + if (ret) 598 + goto err; 599 + } 600 + 601 + return 0; 602 + 603 + err: 604 + for (--i; i >= 0; --i) 605 + crypto_unregister_ahash(&algs[i]); 606 + 607 + return ret; 608 + } 609 + EXPORT_SYMBOL_GPL(crypto_register_ahashes); 610 + 611 + void crypto_unregister_ahashes(struct ahash_alg *algs, int count) 612 + { 613 + int i; 614 + 615 + for (i = count - 1; i >= 0; --i) 616 + crypto_unregister_ahash(&algs[i]); 617 + } 618 + EXPORT_SYMBOL_GPL(crypto_unregister_ahashes); 619 + 591 620 int ahash_register_instance(struct crypto_template *tmpl, 592 621 struct ahash_instance *inst) 593 622 {

+15 -10

crypto/algapi.c

··· 975 975 } 976 976 EXPORT_SYMBOL_GPL(crypto_inc); 977 977 978 - void __crypto_xor(u8 *dst, const u8 *src, unsigned int len) 978 + void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len) 979 979 { 980 980 int relalign = 0; 981 981 982 982 if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)) { 983 983 int size = sizeof(unsigned long); 984 - int d = ((unsigned long)dst ^ (unsigned long)src) & (size - 1); 984 + int d = (((unsigned long)dst ^ (unsigned long)src1) | 985 + ((unsigned long)dst ^ (unsigned long)src2)) & 986 + (size - 1); 985 987 986 988 relalign = d ? 1 << __ffs(d) : size; 987 989 ··· 994 992 * process the remainder of the input using optimal strides. 995 993 */ 996 994 while (((unsigned long)dst & (relalign - 1)) && len > 0) { 997 - *dst++ ^= *src++; 995 + *dst++ = *src1++ ^ *src2++; 998 996 len--; 999 997 } 1000 998 } 1001 999 1002 1000 while (IS_ENABLED(CONFIG_64BIT) && len >= 8 && !(relalign & 7)) { 1003 - *(u64 *)dst ^= *(u64 *)src; 1001 + *(u64 *)dst = *(u64 *)src1 ^ *(u64 *)src2; 1004 1002 dst += 8; 1005 - src += 8; 1003 + src1 += 8; 1004 + src2 += 8; 1006 1005 len -= 8; 1007 1006 } 1008 1007 1009 1008 while (len >= 4 && !(relalign & 3)) { 1010 - *(u32 *)dst ^= *(u32 *)src; 1009 + *(u32 *)dst = *(u32 *)src1 ^ *(u32 *)src2; 1011 1010 dst += 4; 1012 - src += 4; 1011 + src1 += 4; 1012 + src2 += 4; 1013 1013 len -= 4; 1014 1014 } 1015 1015 1016 1016 while (len >= 2 && !(relalign & 1)) { 1017 - *(u16 *)dst ^= *(u16 *)src; 1017 + *(u16 *)dst = *(u16 *)src1 ^ *(u16 *)src2; 1018 1018 dst += 2; 1019 - src += 2; 1019 + src1 += 2; 1020 + src2 += 2; 1020 1021 len -= 2; 1021 1022 } 1022 1023 1023 1024 while (len--) 1024 - *dst++ ^= *src++; 1025 + *dst++ = *src1++ ^ *src2++; 1025 1026 } 1026 1027 EXPORT_SYMBOL_GPL(__crypto_xor); 1027 1028

+254 -618

crypto/algif_aead.c

··· 5 5 * 6 6 * This file provides the user-space API for AEAD ciphers. 7 7 * 8 - * This file is derived from algif_skcipher.c. 9 - * 10 8 * This program is free software; you can redistribute it and/or modify it 11 9 * under the terms of the GNU General Public License as published by the Free 12 10 * Software Foundation; either version 2 of the License, or (at your option) 13 11 * any later version. 12 + * 13 + * The following concept of the memory management is used: 14 + * 15 + * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 + * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 + * up the TX SGL does not cause a crypto operation -- the data will only be 18 + * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 + * provide a buffer which is tracked with the RX SGL. 20 + * 21 + * During the processing of the recvmsg operation, the cipher request is 22 + * allocated and prepared. As part of the recvmsg operation, the processed 23 + * TX buffers are extracted from the TX SGL into a separate SGL. 24 + * 25 + * After the completion of the crypto operation, the RX SGL and the cipher 26 + * request is released. The extracted TX SGL parts are released together with 27 + * the RX SGL release. 14 28 */ 15 29 16 30 #include <crypto/internal/aead.h> 17 31 #include <crypto/scatterwalk.h> 18 32 #include <crypto/if_alg.h> 33 + #include <crypto/skcipher.h> 34 + #include <crypto/null.h> 19 35 #include <linux/init.h> 20 36 #include <linux/list.h> 21 37 #include <linux/kernel.h> 22 - #include <linux/sched/signal.h> 23 38 #include <linux/mm.h> 24 39 #include <linux/module.h> 25 40 #include <linux/net.h> 26 41 #include <net/sock.h> 27 42 28 - struct aead_sg_list { 29 - unsigned int cur; 30 - struct scatterlist sg[ALG_MAX_PAGES]; 31 - }; 32 - 33 - struct aead_async_rsgl { 34 - struct af_alg_sgl sgl; 35 - struct list_head list; 36 - }; 37 - 38 - struct aead_async_req { 39 - struct scatterlist *tsgl; 40 - struct aead_async_rsgl first_rsgl; 41 - struct list_head list; 42 - struct kiocb *iocb; 43 - struct sock *sk; 44 - unsigned int tsgls; 45 - char iv[]; 46 - }; 47 - 48 43 struct aead_tfm { 49 44 struct crypto_aead *aead; 50 45 bool has_key; 46 + struct crypto_skcipher *null_tfm; 51 47 }; 52 48 53 - struct aead_ctx { 54 - struct aead_sg_list tsgl; 55 - struct aead_async_rsgl first_rsgl; 56 - struct list_head list; 57 - 58 - void *iv; 59 - 60 - struct af_alg_completion completion; 61 - 62 - unsigned long used; 63 - 64 - unsigned int len; 65 - bool more; 66 - bool merge; 67 - bool enc; 68 - 69 - size_t aead_assoclen; 70 - struct aead_request aead_req; 71 - }; 72 - 73 - static inline int aead_sndbuf(struct sock *sk) 49 + static inline bool aead_sufficient_data(struct sock *sk) 74 50 { 75 51 struct alg_sock *ask = alg_sk(sk); 76 - struct aead_ctx *ctx = ask->private; 77 - 78 - return max_t(int, max_t(int, sk->sk_sndbuf & PAGE_MASK, PAGE_SIZE) - 79 - ctx->used, 0); 80 - } 81 - 82 - static inline bool aead_writable(struct sock *sk) 83 - { 84 - return PAGE_SIZE <= aead_sndbuf(sk); 85 - } 86 - 87 - static inline bool aead_sufficient_data(struct aead_ctx *ctx) 88 - { 89 - unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx->aead_req)); 52 + struct sock *psk = ask->parent; 53 + struct alg_sock *pask = alg_sk(psk); 54 + struct af_alg_ctx *ctx = ask->private; 55 + struct aead_tfm *aeadc = pask->private; 56 + struct crypto_aead *tfm = aeadc->aead; 57 + unsigned int as = crypto_aead_authsize(tfm); 90 58 91 59 /* 92 60 * The minimum amount of memory needed for an AEAD cipher is ··· 63 95 return ctx->used >= ctx->aead_assoclen + (ctx->enc ? 0 : as); 64 96 } 65 97 66 - static void aead_reset_ctx(struct aead_ctx *ctx) 67 - { 68 - struct aead_sg_list *sgl = &ctx->tsgl; 69 - 70 - sg_init_table(sgl->sg, ALG_MAX_PAGES); 71 - sgl->cur = 0; 72 - ctx->used = 0; 73 - ctx->more = 0; 74 - ctx->merge = 0; 75 - } 76 - 77 - static void aead_put_sgl(struct sock *sk) 78 - { 79 - struct alg_sock *ask = alg_sk(sk); 80 - struct aead_ctx *ctx = ask->private; 81 - struct aead_sg_list *sgl = &ctx->tsgl; 82 - struct scatterlist *sg = sgl->sg; 83 - unsigned int i; 84 - 85 - for (i = 0; i < sgl->cur; i++) { 86 - if (!sg_page(sg + i)) 87 - continue; 88 - 89 - put_page(sg_page(sg + i)); 90 - sg_assign_page(sg + i, NULL); 91 - } 92 - aead_reset_ctx(ctx); 93 - } 94 - 95 - static void aead_wmem_wakeup(struct sock *sk) 96 - { 97 - struct socket_wq *wq; 98 - 99 - if (!aead_writable(sk)) 100 - return; 101 - 102 - rcu_read_lock(); 103 - wq = rcu_dereference(sk->sk_wq); 104 - if (skwq_has_sleeper(wq)) 105 - wake_up_interruptible_sync_poll(&wq->wait, POLLIN | 106 - POLLRDNORM | 107 - POLLRDBAND); 108 - sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 109 - rcu_read_unlock(); 110 - } 111 - 112 - static int aead_wait_for_data(struct sock *sk, unsigned flags) 113 - { 114 - DEFINE_WAIT_FUNC(wait, woken_wake_function); 115 - struct alg_sock *ask = alg_sk(sk); 116 - struct aead_ctx *ctx = ask->private; 117 - long timeout; 118 - int err = -ERESTARTSYS; 119 - 120 - if (flags & MSG_DONTWAIT) 121 - return -EAGAIN; 122 - 123 - sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 124 - add_wait_queue(sk_sleep(sk), &wait); 125 - for (;;) { 126 - if (signal_pending(current)) 127 - break; 128 - timeout = MAX_SCHEDULE_TIMEOUT; 129 - if (sk_wait_event(sk, &timeout, !ctx->more, &wait)) { 130 - err = 0; 131 - break; 132 - } 133 - } 134 - remove_wait_queue(sk_sleep(sk), &wait); 135 - 136 - sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 137 - 138 - return err; 139 - } 140 - 141 - static void aead_data_wakeup(struct sock *sk) 142 - { 143 - struct alg_sock *ask = alg_sk(sk); 144 - struct aead_ctx *ctx = ask->private; 145 - struct socket_wq *wq; 146 - 147 - if (ctx->more) 148 - return; 149 - if (!ctx->used) 150 - return; 151 - 152 - rcu_read_lock(); 153 - wq = rcu_dereference(sk->sk_wq); 154 - if (skwq_has_sleeper(wq)) 155 - wake_up_interruptible_sync_poll(&wq->wait, POLLOUT | 156 - POLLRDNORM | 157 - POLLRDBAND); 158 - sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 159 - rcu_read_unlock(); 160 - } 161 - 162 98 static int aead_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) 163 99 { 164 100 struct sock *sk = sock->sk; 165 101 struct alg_sock *ask = alg_sk(sk); 166 - struct aead_ctx *ctx = ask->private; 167 - unsigned ivsize = 168 - crypto_aead_ivsize(crypto_aead_reqtfm(&ctx->aead_req)); 169 - struct aead_sg_list *sgl = &ctx->tsgl; 170 - struct af_alg_control con = {}; 171 - long copied = 0; 172 - bool enc = 0; 173 - bool init = 0; 174 - int err = -EINVAL; 102 + struct sock *psk = ask->parent; 103 + struct alg_sock *pask = alg_sk(psk); 104 + struct aead_tfm *aeadc = pask->private; 105 + struct crypto_aead *tfm = aeadc->aead; 106 + unsigned int ivsize = crypto_aead_ivsize(tfm); 175 107 176 - if (msg->msg_controllen) { 177 - err = af_alg_cmsg_send(msg, &con); 178 - if (err) 179 - return err; 180 - 181 - init = 1; 182 - switch (con.op) { 183 - case ALG_OP_ENCRYPT: 184 - enc = 1; 185 - break; 186 - case ALG_OP_DECRYPT: 187 - enc = 0; 188 - break; 189 - default: 190 - return -EINVAL; 191 - } 192 - 193 - if (con.iv && con.iv->ivlen != ivsize) 194 - return -EINVAL; 195 - } 196 - 197 - lock_sock(sk); 198 - if (!ctx->more && ctx->used) 199 - goto unlock; 200 - 201 - if (init) { 202 - ctx->enc = enc; 203 - if (con.iv) 204 - memcpy(ctx->iv, con.iv->iv, ivsize); 205 - 206 - ctx->aead_assoclen = con.aead_assoclen; 207 - } 208 - 209 - while (size) { 210 - size_t len = size; 211 - struct scatterlist *sg = NULL; 212 - 213 - /* use the existing memory in an allocated page */ 214 - if (ctx->merge) { 215 - sg = sgl->sg + sgl->cur - 1; 216 - len = min_t(unsigned long, len, 217 - PAGE_SIZE - sg->offset - sg->length); 218 - err = memcpy_from_msg(page_address(sg_page(sg)) + 219 - sg->offset + sg->length, 220 - msg, len); 221 - if (err) 222 - goto unlock; 223 - 224 - sg->length += len; 225 - ctx->merge = (sg->offset + sg->length) & 226 - (PAGE_SIZE - 1); 227 - 228 - ctx->used += len; 229 - copied += len; 230 - size -= len; 231 - continue; 232 - } 233 - 234 - if (!aead_writable(sk)) { 235 - /* user space sent too much data */ 236 - aead_put_sgl(sk); 237 - err = -EMSGSIZE; 238 - goto unlock; 239 - } 240 - 241 - /* allocate a new page */ 242 - len = min_t(unsigned long, size, aead_sndbuf(sk)); 243 - while (len) { 244 - size_t plen = 0; 245 - 246 - if (sgl->cur >= ALG_MAX_PAGES) { 247 - aead_put_sgl(sk); 248 - err = -E2BIG; 249 - goto unlock; 250 - } 251 - 252 - sg = sgl->sg + sgl->cur; 253 - plen = min_t(size_t, len, PAGE_SIZE); 254 - 255 - sg_assign_page(sg, alloc_page(GFP_KERNEL)); 256 - err = -ENOMEM; 257 - if (!sg_page(sg)) 258 - goto unlock; 259 - 260 - err = memcpy_from_msg(page_address(sg_page(sg)), 261 - msg, plen); 262 - if (err) { 263 - __free_page(sg_page(sg)); 264 - sg_assign_page(sg, NULL); 265 - goto unlock; 266 - } 267 - 268 - sg->offset = 0; 269 - sg->length = plen; 270 - len -= plen; 271 - ctx->used += plen; 272 - copied += plen; 273 - sgl->cur++; 274 - size -= plen; 275 - ctx->merge = plen & (PAGE_SIZE - 1); 276 - } 277 - } 278 - 279 - err = 0; 280 - 281 - ctx->more = msg->msg_flags & MSG_MORE; 282 - if (!ctx->more && !aead_sufficient_data(ctx)) { 283 - aead_put_sgl(sk); 284 - err = -EMSGSIZE; 285 - } 286 - 287 - unlock: 288 - aead_data_wakeup(sk); 289 - release_sock(sk); 290 - 291 - return err ?: copied; 108 + return af_alg_sendmsg(sock, msg, size, ivsize); 292 109 } 293 110 294 - static ssize_t aead_sendpage(struct socket *sock, struct page *page, 295 - int offset, size_t size, int flags) 111 + static int crypto_aead_copy_sgl(struct crypto_skcipher *null_tfm, 112 + struct scatterlist *src, 113 + struct scatterlist *dst, unsigned int len) 114 + { 115 + SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm); 116 + 117 + skcipher_request_set_tfm(skreq, null_tfm); 118 + skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG, 119 + NULL, NULL); 120 + skcipher_request_set_crypt(skreq, src, dst, len, NULL); 121 + 122 + return crypto_skcipher_encrypt(skreq); 123 + } 124 + 125 + static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, 126 + size_t ignored, int flags) 296 127 { 297 128 struct sock *sk = sock->sk; 298 129 struct alg_sock *ask = alg_sk(sk); 299 - struct aead_ctx *ctx = ask->private; 300 - struct aead_sg_list *sgl = &ctx->tsgl; 301 - int err = -EINVAL; 302 - 303 - if (flags & MSG_SENDPAGE_NOTLAST) 304 - flags |= MSG_MORE; 305 - 306 - if (sgl->cur >= ALG_MAX_PAGES) 307 - return -E2BIG; 308 - 309 - lock_sock(sk); 310 - if (!ctx->more && ctx->used) 311 - goto unlock; 312 - 313 - if (!size) 314 - goto done; 315 - 316 - if (!aead_writable(sk)) { 317 - /* user space sent too much data */ 318 - aead_put_sgl(sk); 319 - err = -EMSGSIZE; 320 - goto unlock; 321 - } 322 - 323 - ctx->merge = 0; 324 - 325 - get_page(page); 326 - sg_set_page(sgl->sg + sgl->cur, page, size, offset); 327 - sgl->cur++; 328 - ctx->used += size; 329 - 330 - err = 0; 331 - 332 - done: 333 - ctx->more = flags & MSG_MORE; 334 - if (!ctx->more && !aead_sufficient_data(ctx)) { 335 - aead_put_sgl(sk); 336 - err = -EMSGSIZE; 337 - } 338 - 339 - unlock: 340 - aead_data_wakeup(sk); 341 - release_sock(sk); 342 - 343 - return err ?: size; 344 - } 345 - 346 - #define GET_ASYM_REQ(req, tfm) (struct aead_async_req *) \ 347 - ((char *)req + sizeof(struct aead_request) + \ 348 - crypto_aead_reqsize(tfm)) 349 - 350 - #define GET_REQ_SIZE(tfm) sizeof(struct aead_async_req) + \ 351 - crypto_aead_reqsize(tfm) + crypto_aead_ivsize(tfm) + \ 352 - sizeof(struct aead_request) 353 - 354 - static void aead_async_cb(struct crypto_async_request *_req, int err) 355 - { 356 - struct aead_request *req = _req->data; 357 - struct crypto_aead *tfm = crypto_aead_reqtfm(req); 358 - struct aead_async_req *areq = GET_ASYM_REQ(req, tfm); 359 - struct sock *sk = areq->sk; 360 - struct scatterlist *sg = areq->tsgl; 361 - struct aead_async_rsgl *rsgl; 362 - struct kiocb *iocb = areq->iocb; 363 - unsigned int i, reqlen = GET_REQ_SIZE(tfm); 364 - 365 - list_for_each_entry(rsgl, &areq->list, list) { 366 - af_alg_free_sg(&rsgl->sgl); 367 - if (rsgl != &areq->first_rsgl) 368 - sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 369 - } 370 - 371 - for (i = 0; i < areq->tsgls; i++) 372 - put_page(sg_page(sg + i)); 373 - 374 - sock_kfree_s(sk, areq->tsgl, sizeof(*areq->tsgl) * areq->tsgls); 375 - sock_kfree_s(sk, req, reqlen); 376 - __sock_put(sk); 377 - iocb->ki_complete(iocb, err, err); 378 - } 379 - 380 - static int aead_recvmsg_async(struct socket *sock, struct msghdr *msg, 381 - int flags) 382 - { 383 - struct sock *sk = sock->sk; 384 - struct alg_sock *ask = alg_sk(sk); 385 - struct aead_ctx *ctx = ask->private; 386 - struct crypto_aead *tfm = crypto_aead_reqtfm(&ctx->aead_req); 387 - struct aead_async_req *areq; 388 - struct aead_request *req = NULL; 389 - struct aead_sg_list *sgl = &ctx->tsgl; 390 - struct aead_async_rsgl *last_rsgl = NULL, *rsgl; 130 + struct sock *psk = ask->parent; 131 + struct alg_sock *pask = alg_sk(psk); 132 + struct af_alg_ctx *ctx = ask->private; 133 + struct aead_tfm *aeadc = pask->private; 134 + struct crypto_aead *tfm = aeadc->aead; 135 + struct crypto_skcipher *null_tfm = aeadc->null_tfm; 391 136 unsigned int as = crypto_aead_authsize(tfm); 392 - unsigned int i, reqlen = GET_REQ_SIZE(tfm); 393 - int err = -ENOMEM; 394 - unsigned long used; 395 - size_t outlen = 0; 396 - size_t usedpages = 0; 397 - 398 - lock_sock(sk); 399 - if (ctx->more) { 400 - err = aead_wait_for_data(sk, flags); 401 - if (err) 402 - goto unlock; 403 - } 404 - 405 - if (!aead_sufficient_data(ctx)) 406 - goto unlock; 407 - 408 - used = ctx->used; 409 - if (ctx->enc) 410 - outlen = used + as; 411 - else 412 - outlen = used - as; 413 - 414 - req = sock_kmalloc(sk, reqlen, GFP_KERNEL); 415 - if (unlikely(!req)) 416 - goto unlock; 417 - 418 - areq = GET_ASYM_REQ(req, tfm); 419 - memset(&areq->first_rsgl, '\0', sizeof(areq->first_rsgl)); 420 - INIT_LIST_HEAD(&areq->list); 421 - areq->iocb = msg->msg_iocb; 422 - areq->sk = sk; 423 - memcpy(areq->iv, ctx->iv, crypto_aead_ivsize(tfm)); 424 - aead_request_set_tfm(req, tfm); 425 - aead_request_set_ad(req, ctx->aead_assoclen); 426 - aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 427 - aead_async_cb, req); 428 - used -= ctx->aead_assoclen; 429 - 430 - /* take over all tx sgls from ctx */ 431 - areq->tsgl = sock_kmalloc(sk, 432 - sizeof(*areq->tsgl) * max_t(u32, sgl->cur, 1), 433 - GFP_KERNEL); 434 - if (unlikely(!areq->tsgl)) 435 - goto free; 436 - 437 - sg_init_table(areq->tsgl, max_t(u32, sgl->cur, 1)); 438 - for (i = 0; i < sgl->cur; i++) 439 - sg_set_page(&areq->tsgl[i], sg_page(&sgl->sg[i]), 440 - sgl->sg[i].length, sgl->sg[i].offset); 441 - 442 - areq->tsgls = sgl->cur; 443 - 444 - /* create rx sgls */ 445 - while (outlen > usedpages && iov_iter_count(&msg->msg_iter)) { 446 - size_t seglen = min_t(size_t, iov_iter_count(&msg->msg_iter), 447 - (outlen - usedpages)); 448 - 449 - if (list_empty(&areq->list)) { 450 - rsgl = &areq->first_rsgl; 451 - 452 - } else { 453 - rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 454 - if (unlikely(!rsgl)) { 455 - err = -ENOMEM; 456 - goto free; 457 - } 458 - } 459 - rsgl->sgl.npages = 0; 460 - list_add_tail(&rsgl->list, &areq->list); 461 - 462 - /* make one iovec available as scatterlist */ 463 - err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 464 - if (err < 0) 465 - goto free; 466 - 467 - usedpages += err; 468 - 469 - /* chain the new scatterlist with previous one */ 470 - if (last_rsgl) 471 - af_alg_link_sg(&last_rsgl->sgl, &rsgl->sgl); 472 - 473 - last_rsgl = rsgl; 474 - 475 - iov_iter_advance(&msg->msg_iter, err); 476 - } 477 - 478 - /* ensure output buffer is sufficiently large */ 479 - if (usedpages < outlen) { 480 - err = -EINVAL; 481 - goto unlock; 482 - } 483 - 484 - aead_request_set_crypt(req, areq->tsgl, areq->first_rsgl.sgl.sg, used, 485 - areq->iv); 486 - err = ctx->enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); 487 - if (err) { 488 - if (err == -EINPROGRESS) { 489 - sock_hold(sk); 490 - err = -EIOCBQUEUED; 491 - aead_reset_ctx(ctx); 492 - goto unlock; 493 - } else if (err == -EBADMSG) { 494 - aead_put_sgl(sk); 495 - } 496 - goto free; 497 - } 498 - aead_put_sgl(sk); 499 - 500 - free: 501 - list_for_each_entry(rsgl, &areq->list, list) { 502 - af_alg_free_sg(&rsgl->sgl); 503 - if (rsgl != &areq->first_rsgl) 504 - sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 505 - } 506 - if (areq->tsgl) 507 - sock_kfree_s(sk, areq->tsgl, sizeof(*areq->tsgl) * areq->tsgls); 508 - if (req) 509 - sock_kfree_s(sk, req, reqlen); 510 - unlock: 511 - aead_wmem_wakeup(sk); 512 - release_sock(sk); 513 - return err ? err : outlen; 514 - } 515 - 516 - static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags) 517 - { 518 - struct sock *sk = sock->sk; 519 - struct alg_sock *ask = alg_sk(sk); 520 - struct aead_ctx *ctx = ask->private; 521 - unsigned as = crypto_aead_authsize(crypto_aead_reqtfm(&ctx->aead_req)); 522 - struct aead_sg_list *sgl = &ctx->tsgl; 523 - struct aead_async_rsgl *last_rsgl = NULL; 524 - struct aead_async_rsgl *rsgl, *tmp; 525 - int err = -EINVAL; 526 - unsigned long used = 0; 527 - size_t outlen = 0; 528 - size_t usedpages = 0; 529 - 530 - lock_sock(sk); 137 + struct af_alg_async_req *areq; 138 + struct af_alg_tsgl *tsgl; 139 + struct scatterlist *src; 140 + int err = 0; 141 + size_t used = 0; /* [in] TX bufs to be en/decrypted */ 142 + size_t outlen = 0; /* [out] RX bufs produced by kernel */ 143 + size_t usedpages = 0; /* [in] RX bufs to be used from user */ 144 + size_t processed = 0; /* [in] TX bufs to be consumed */ 531 145 532 146 /* 533 - * Please see documentation of aead_request_set_crypt for the 534 - * description of the AEAD memory structure expected from the caller. 147 + * Data length provided by caller via sendmsg/sendpage that has not 148 + * yet been processed. 535 149 */ 536 - 537 - if (ctx->more) { 538 - err = aead_wait_for_data(sk, flags); 539 - if (err) 540 - goto unlock; 541 - } 542 - 543 - /* data length provided by caller via sendmsg/sendpage */ 544 150 used = ctx->used; 545 151 546 152 /* ··· 126 584 * the error message in sendmsg/sendpage and still call recvmsg. This 127 585 * check here protects the kernel integrity. 128 586 */ 129 - if (!aead_sufficient_data(ctx)) 130 - goto unlock; 587 + if (!aead_sufficient_data(sk)) 588 + return -EINVAL; 131 589 132 590 /* 133 591 * Calculate the minimum output buffer size holding the result of the ··· 148 606 */ 149 607 used -= ctx->aead_assoclen; 150 608 151 - /* convert iovecs of output buffers into scatterlists */ 152 - while (outlen > usedpages && iov_iter_count(&msg->msg_iter)) { 153 - size_t seglen = min_t(size_t, iov_iter_count(&msg->msg_iter), 154 - (outlen - usedpages)); 609 + /* Allocate cipher request for current operation. */ 610 + areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 611 + crypto_aead_reqsize(tfm)); 612 + if (IS_ERR(areq)) 613 + return PTR_ERR(areq); 155 614 156 - if (list_empty(&ctx->list)) { 157 - rsgl = &ctx->first_rsgl; 158 - } else { 159 - rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 160 - if (unlikely(!rsgl)) { 161 - err = -ENOMEM; 162 - goto unlock; 163 - } 164 - } 165 - rsgl->sgl.npages = 0; 166 - list_add_tail(&rsgl->list, &ctx->list); 615 + /* convert iovecs of output buffers into RX SGL */ 616 + err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages); 617 + if (err) 618 + goto free; 167 619 168 - /* make one iovec available as scatterlist */ 169 - err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 170 - if (err < 0) 171 - goto unlock; 172 - usedpages += err; 173 - /* chain the new scatterlist with previous one */ 174 - if (last_rsgl) 175 - af_alg_link_sg(&last_rsgl->sgl, &rsgl->sgl); 176 - 177 - last_rsgl = rsgl; 178 - 179 - iov_iter_advance(&msg->msg_iter, err); 180 - } 181 - 182 - /* ensure output buffer is sufficiently large */ 620 + /* 621 + * Ensure output buffer is sufficiently large. If the caller provides 622 + * less buffer space, only use the relative required input size. This 623 + * allows AIO operation where the caller sent all data to be processed 624 + * and the AIO operation performs the operation on the different chunks 625 + * of the input data. 626 + */ 183 627 if (usedpages < outlen) { 184 - err = -EINVAL; 185 - goto unlock; 628 + size_t less = outlen - usedpages; 629 + 630 + if (used < less) { 631 + err = -EINVAL; 632 + goto free; 633 + } 634 + used -= less; 635 + outlen -= less; 186 636 } 187 637 188 - sg_mark_end(sgl->sg + sgl->cur - 1); 189 - aead_request_set_crypt(&ctx->aead_req, sgl->sg, ctx->first_rsgl.sgl.sg, 190 - used, ctx->iv); 191 - aead_request_set_ad(&ctx->aead_req, ctx->aead_assoclen); 638 + processed = used + ctx->aead_assoclen; 639 + tsgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, list); 192 640 193 - err = af_alg_wait_for_completion(ctx->enc ? 194 - crypto_aead_encrypt(&ctx->aead_req) : 195 - crypto_aead_decrypt(&ctx->aead_req), 196 - &ctx->completion); 641 + /* 642 + * Copy of AAD from source to destination 643 + * 644 + * The AAD is copied to the destination buffer without change. Even 645 + * when user space uses an in-place cipher operation, the kernel 646 + * will copy the data as it does not see whether such in-place operation 647 + * is initiated. 648 + * 649 + * To ensure efficiency, the following implementation ensure that the 650 + * ciphers are invoked to perform a crypto operation in-place. This 651 + * is achieved by memory management specified as follows. 652 + */ 197 653 198 - if (err) { 199 - /* EBADMSG implies a valid cipher operation took place */ 200 - if (err == -EBADMSG) 201 - aead_put_sgl(sk); 654 + /* Use the RX SGL as source (and destination) for crypto op. */ 655 + src = areq->first_rsgl.sgl.sg; 202 656 203 - goto unlock; 657 + if (ctx->enc) { 658 + /* 659 + * Encryption operation - The in-place cipher operation is 660 + * achieved by the following operation: 661 + * 662 + * TX SGL: AAD || PT 663 + * | | 664 + * | copy | 665 + * v v 666 + * RX SGL: AAD || PT || Tag 667 + */ 668 + err = crypto_aead_copy_sgl(null_tfm, tsgl->sg, 669 + areq->first_rsgl.sgl.sg, processed); 670 + if (err) 671 + goto free; 672 + af_alg_pull_tsgl(sk, processed, NULL, 0); 673 + } else { 674 + /* 675 + * Decryption operation - To achieve an in-place cipher 676 + * operation, the following SGL structure is used: 677 + * 678 + * TX SGL: AAD || CT || Tag 679 + * | | ^ 680 + * | copy | | Create SGL link. 681 + * v v | 682 + * RX SGL: AAD || CT ----+ 683 + */ 684 + 685 + /* Copy AAD || CT to RX SGL buffer for in-place operation. */ 686 + err = crypto_aead_copy_sgl(null_tfm, tsgl->sg, 687 + areq->first_rsgl.sgl.sg, outlen); 688 + if (err) 689 + goto free; 690 + 691 + /* Create TX SGL for tag and chain it to RX SGL. */ 692 + areq->tsgl_entries = af_alg_count_tsgl(sk, processed, 693 + processed - as); 694 + if (!areq->tsgl_entries) 695 + areq->tsgl_entries = 1; 696 + areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * 697 + areq->tsgl_entries, 698 + GFP_KERNEL); 699 + if (!areq->tsgl) { 700 + err = -ENOMEM; 701 + goto free; 702 + } 703 + sg_init_table(areq->tsgl, areq->tsgl_entries); 704 + 705 + /* Release TX SGL, except for tag data and reassign tag data. */ 706 + af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as); 707 + 708 + /* chain the areq TX SGL holding the tag with RX SGL */ 709 + if (usedpages) { 710 + /* RX SGL present */ 711 + struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl; 712 + 713 + sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); 714 + sg_chain(sgl_prev->sg, sgl_prev->npages + 1, 715 + areq->tsgl); 716 + } else 717 + /* no RX SGL present (e.g. authentication only) */ 718 + src = areq->tsgl; 204 719 } 205 720 206 - aead_put_sgl(sk); 207 - err = 0; 721 + /* Initialize the crypto operation */ 722 + aead_request_set_crypt(&areq->cra_u.aead_req, src, 723 + areq->first_rsgl.sgl.sg, used, ctx->iv); 724 + aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen); 725 + aead_request_set_tfm(&areq->cra_u.aead_req, tfm); 208 726 209 - unlock: 210 - list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) { 211 - af_alg_free_sg(&rsgl->sgl); 212 - list_del(&rsgl->list); 213 - if (rsgl != &ctx->first_rsgl) 214 - sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 727 + if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 728 + /* AIO operation */ 729 + areq->iocb = msg->msg_iocb; 730 + aead_request_set_callback(&areq->cra_u.aead_req, 731 + CRYPTO_TFM_REQ_MAY_BACKLOG, 732 + af_alg_async_cb, areq); 733 + err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) : 734 + crypto_aead_decrypt(&areq->cra_u.aead_req); 735 + } else { 736 + /* Synchronous operation */ 737 + aead_request_set_callback(&areq->cra_u.aead_req, 738 + CRYPTO_TFM_REQ_MAY_BACKLOG, 739 + af_alg_complete, &ctx->completion); 740 + err = af_alg_wait_for_completion(ctx->enc ? 741 + crypto_aead_encrypt(&areq->cra_u.aead_req) : 742 + crypto_aead_decrypt(&areq->cra_u.aead_req), 743 + &ctx->completion); 215 744 } 216 - INIT_LIST_HEAD(&ctx->list); 217 - aead_wmem_wakeup(sk); 218 - release_sock(sk); 745 + 746 + /* AIO operation in progress */ 747 + if (err == -EINPROGRESS) { 748 + sock_hold(sk); 749 + 750 + /* Remember output size that will be generated. */ 751 + areq->outlen = outlen; 752 + 753 + return -EIOCBQUEUED; 754 + } 755 + 756 + free: 757 + af_alg_free_areq_sgls(areq); 758 + sock_kfree_s(sk, areq, areq->areqlen); 219 759 220 760 return err ? err : outlen; 221 761 } 222 762 223 - static int aead_recvmsg(struct socket *sock, struct msghdr *msg, size_t ignored, 224 - int flags) 225 - { 226 - return (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) ? 227 - aead_recvmsg_async(sock, msg, flags) : 228 - aead_recvmsg_sync(sock, msg, flags); 229 - } 230 - 231 - static unsigned int aead_poll(struct file *file, struct socket *sock, 232 - poll_table *wait) 763 + static int aead_recvmsg(struct socket *sock, struct msghdr *msg, 764 + size_t ignored, int flags) 233 765 { 234 766 struct sock *sk = sock->sk; 235 - struct alg_sock *ask = alg_sk(sk); 236 - struct aead_ctx *ctx = ask->private; 237 - unsigned int mask; 767 + int ret = 0; 238 768 239 - sock_poll_wait(file, sk_sleep(sk), wait); 240 - mask = 0; 769 + lock_sock(sk); 770 + while (msg_data_left(msg)) { 771 + int err = _aead_recvmsg(sock, msg, ignored, flags); 241 772 242 - if (!ctx->more) 243 - mask |= POLLIN | POLLRDNORM; 773 + /* 774 + * This error covers -EIOCBQUEUED which implies that we can 775 + * only handle one AIO request. If the caller wants to have 776 + * multiple AIO requests in parallel, he must make multiple 777 + * separate AIO calls. 778 + * 779 + * Also return the error if no data has been processed so far. 780 + */ 781 + if (err <= 0) { 782 + if (err == -EIOCBQUEUED || err == -EBADMSG || !ret) 783 + ret = err; 784 + goto out; 785 + } 244 786 245 - if (aead_writable(sk)) 246 - mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 787 + ret += err; 788 + } 247 789 248 - return mask; 790 + out: 791 + af_alg_wmem_wakeup(sk); 792 + release_sock(sk); 793 + return ret; 249 794 } 250 795 251 796 static struct proto_ops algif_aead_ops = { ··· 352 723 353 724 .release = af_alg_release, 354 725 .sendmsg = aead_sendmsg, 355 - .sendpage = aead_sendpage, 726 + .sendpage = af_alg_sendpage, 356 727 .recvmsg = aead_recvmsg, 357 - .poll = aead_poll, 728 + .poll = af_alg_poll, 358 729 }; 359 730 360 731 static int aead_check_key(struct socket *sock) ··· 416 787 if (err) 417 788 return err; 418 789 419 - return aead_sendpage(sock, page, offset, size, flags); 790 + return af_alg_sendpage(sock, page, offset, size, flags); 420 791 } 421 792 422 793 static int aead_recvmsg_nokey(struct socket *sock, struct msghdr *msg, ··· 450 821 .sendmsg = aead_sendmsg_nokey, 451 822 .sendpage = aead_sendpage_nokey, 452 823 .recvmsg = aead_recvmsg_nokey, 453 - .poll = aead_poll, 824 + .poll = af_alg_poll, 454 825 }; 455 826 456 827 static void *aead_bind(const char *name, u32 type, u32 mask) 457 828 { 458 829 struct aead_tfm *tfm; 459 830 struct crypto_aead *aead; 831 + struct crypto_skcipher *null_tfm; 460 832 461 833 tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); 462 834 if (!tfm) ··· 469 839 return ERR_CAST(aead); 470 840 } 471 841 842 + null_tfm = crypto_get_default_null_skcipher2(); 843 + if (IS_ERR(null_tfm)) { 844 + crypto_free_aead(aead); 845 + kfree(tfm); 846 + return ERR_CAST(null_tfm); 847 + } 848 + 472 849 tfm->aead = aead; 850 + tfm->null_tfm = null_tfm; 473 851 474 852 return tfm; 475 853 } ··· 511 873 static void aead_sock_destruct(struct sock *sk) 512 874 { 513 875 struct alg_sock *ask = alg_sk(sk); 514 - struct aead_ctx *ctx = ask->private; 515 - unsigned int ivlen = crypto_aead_ivsize( 516 - crypto_aead_reqtfm(&ctx->aead_req)); 876 + struct af_alg_ctx *ctx = ask->private; 877 + struct sock *psk = ask->parent; 878 + struct alg_sock *pask = alg_sk(psk); 879 + struct aead_tfm *aeadc = pask->private; 880 + struct crypto_aead *tfm = aeadc->aead; 881 + unsigned int ivlen = crypto_aead_ivsize(tfm); 517 882 518 - WARN_ON(refcount_read(&sk->sk_refcnt) != 0); 519 - aead_put_sgl(sk); 883 + af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 884 + crypto_put_default_null_skcipher2(); 520 885 sock_kzfree_s(sk, ctx->iv, ivlen); 521 886 sock_kfree_s(sk, ctx, ctx->len); 522 887 af_alg_release_parent(sk); ··· 527 886 528 887 static int aead_accept_parent_nokey(void *private, struct sock *sk) 529 888 { 530 - struct aead_ctx *ctx; 889 + struct af_alg_ctx *ctx; 531 890 struct alg_sock *ask = alg_sk(sk); 532 891 struct aead_tfm *tfm = private; 533 892 struct crypto_aead *aead = tfm->aead; 534 - unsigned int len = sizeof(*ctx) + crypto_aead_reqsize(aead); 893 + unsigned int len = sizeof(*ctx); 535 894 unsigned int ivlen = crypto_aead_ivsize(aead); 536 895 537 896 ctx = sock_kmalloc(sk, len, GFP_KERNEL); ··· 546 905 } 547 906 memset(ctx->iv, 0, ivlen); 548 907 908 + INIT_LIST_HEAD(&ctx->tsgl_list); 549 909 ctx->len = len; 550 910 ctx->used = 0; 911 + ctx->rcvused = 0; 551 912 ctx->more = 0; 552 913 ctx->merge = 0; 553 914 ctx->enc = 0; 554 - ctx->tsgl.cur = 0; 555 915 ctx->aead_assoclen = 0; 556 916 af_alg_init_completion(&ctx->completion); 557 - sg_init_table(ctx->tsgl.sg, ALG_MAX_PAGES); 558 - INIT_LIST_HEAD(&ctx->list); 559 917 560 918 ask->private = ctx; 561 - 562 - aead_request_set_tfm(&ctx->aead_req, aead); 563 - aead_request_set_callback(&ctx->aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, 564 - af_alg_complete, &ctx->completion); 565 919 566 920 sk->sk_destruct = aead_sock_destruct; 567 921

+129 -699

crypto/algif_skcipher.c

··· 10 10 * Software Foundation; either version 2 of the License, or (at your option) 11 11 * any later version. 12 12 * 13 + * The following concept of the memory management is used: 14 + * 15 + * The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is 16 + * filled by user space with the data submitted via sendpage/sendmsg. Filling 17 + * up the TX SGL does not cause a crypto operation -- the data will only be 18 + * tracked by the kernel. Upon receipt of one recvmsg call, the caller must 19 + * provide a buffer which is tracked with the RX SGL. 20 + * 21 + * During the processing of the recvmsg operation, the cipher request is 22 + * allocated and prepared. As part of the recvmsg operation, the processed 23 + * TX buffers are extracted from the TX SGL into a separate SGL. 24 + * 25 + * After the completion of the crypto operation, the RX SGL and the cipher 26 + * request is released. The extracted TX SGL parts are released together with 27 + * the RX SGL release. 13 28 */ 14 29 15 30 #include <crypto/scatterwalk.h> ··· 33 18 #include <linux/init.h> 34 19 #include <linux/list.h> 35 20 #include <linux/kernel.h> 36 - #include <linux/sched/signal.h> 37 21 #include <linux/mm.h> 38 22 #include <linux/module.h> 39 23 #include <linux/net.h> 40 24 #include <net/sock.h> 41 25 42 - struct skcipher_sg_list { 43 - struct list_head list; 44 - 45 - int cur; 46 - 47 - struct scatterlist sg[0]; 48 - }; 49 - 50 26 struct skcipher_tfm { 51 27 struct crypto_skcipher *skcipher; 52 28 bool has_key; 53 29 }; 54 - 55 - struct skcipher_ctx { 56 - struct list_head tsgl; 57 - struct af_alg_sgl rsgl; 58 - 59 - void *iv; 60 - 61 - struct af_alg_completion completion; 62 - 63 - atomic_t inflight; 64 - size_t used; 65 - 66 - unsigned int len; 67 - bool more; 68 - bool merge; 69 - bool enc; 70 - 71 - struct skcipher_request req; 72 - }; 73 - 74 - struct skcipher_async_rsgl { 75 - struct af_alg_sgl sgl; 76 - struct list_head list; 77 - }; 78 - 79 - struct skcipher_async_req { 80 - struct kiocb *iocb; 81 - struct skcipher_async_rsgl first_sgl; 82 - struct list_head list; 83 - struct scatterlist *tsg; 84 - atomic_t *inflight; 85 - struct skcipher_request req; 86 - }; 87 - 88 - #define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \ 89 - sizeof(struct scatterlist) - 1) 90 - 91 - static void skcipher_free_async_sgls(struct skcipher_async_req *sreq) 92 - { 93 - struct skcipher_async_rsgl *rsgl, *tmp; 94 - struct scatterlist *sgl; 95 - struct scatterlist *sg; 96 - int i, n; 97 - 98 - list_for_each_entry_safe(rsgl, tmp, &sreq->list, list) { 99 - af_alg_free_sg(&rsgl->sgl); 100 - if (rsgl != &sreq->first_sgl) 101 - kfree(rsgl); 102 - } 103 - sgl = sreq->tsg; 104 - n = sg_nents(sgl); 105 - for_each_sg(sgl, sg, n, i) { 106 - struct page *page = sg_page(sg); 107 - 108 - /* some SGs may not have a page mapped */ 109 - if (page && page_ref_count(page)) 110 - put_page(page); 111 - } 112 - 113 - kfree(sreq->tsg); 114 - } 115 - 116 - static void skcipher_async_cb(struct crypto_async_request *req, int err) 117 - { 118 - struct skcipher_async_req *sreq = req->data; 119 - struct kiocb *iocb = sreq->iocb; 120 - 121 - atomic_dec(sreq->inflight); 122 - skcipher_free_async_sgls(sreq); 123 - kzfree(sreq); 124 - iocb->ki_complete(iocb, err, err); 125 - } 126 - 127 - static inline int skcipher_sndbuf(struct sock *sk) 128 - { 129 - struct alg_sock *ask = alg_sk(sk); 130 - struct skcipher_ctx *ctx = ask->private; 131 - 132 - return max_t(int, max_t(int, sk->sk_sndbuf & PAGE_MASK, PAGE_SIZE) - 133 - ctx->used, 0); 134 - } 135 - 136 - static inline bool skcipher_writable(struct sock *sk) 137 - { 138 - return PAGE_SIZE <= skcipher_sndbuf(sk); 139 - } 140 - 141 - static int skcipher_alloc_sgl(struct sock *sk) 142 - { 143 - struct alg_sock *ask = alg_sk(sk); 144 - struct skcipher_ctx *ctx = ask->private; 145 - struct skcipher_sg_list *sgl; 146 - struct scatterlist *sg = NULL; 147 - 148 - sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list); 149 - if (!list_empty(&ctx->tsgl)) 150 - sg = sgl->sg; 151 - 152 - if (!sg || sgl->cur >= MAX_SGL_ENTS) { 153 - sgl = sock_kmalloc(sk, sizeof(*sgl) + 154 - sizeof(sgl->sg[0]) * (MAX_SGL_ENTS + 1), 155 - GFP_KERNEL); 156 - if (!sgl) 157 - return -ENOMEM; 158 - 159 - sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); 160 - sgl->cur = 0; 161 - 162 - if (sg) 163 - sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); 164 - 165 - list_add_tail(&sgl->list, &ctx->tsgl); 166 - } 167 - 168 - return 0; 169 - } 170 - 171 - static void skcipher_pull_sgl(struct sock *sk, size_t used, int put) 172 - { 173 - struct alg_sock *ask = alg_sk(sk); 174 - struct skcipher_ctx *ctx = ask->private; 175 - struct skcipher_sg_list *sgl; 176 - struct scatterlist *sg; 177 - int i; 178 - 179 - while (!list_empty(&ctx->tsgl)) { 180 - sgl = list_first_entry(&ctx->tsgl, struct skcipher_sg_list, 181 - list); 182 - sg = sgl->sg; 183 - 184 - for (i = 0; i < sgl->cur; i++) { 185 - size_t plen = min_t(size_t, used, sg[i].length); 186 - 187 - if (!sg_page(sg + i)) 188 - continue; 189 - 190 - sg[i].length -= plen; 191 - sg[i].offset += plen; 192 - 193 - used -= plen; 194 - ctx->used -= plen; 195 - 196 - if (sg[i].length) 197 - return; 198 - if (put) 199 - put_page(sg_page(sg + i)); 200 - sg_assign_page(sg + i, NULL); 201 - } 202 - 203 - list_del(&sgl->list); 204 - sock_kfree_s(sk, sgl, 205 - sizeof(*sgl) + sizeof(sgl->sg[0]) * 206 - (MAX_SGL_ENTS + 1)); 207 - } 208 - 209 - if (!ctx->used) 210 - ctx->merge = 0; 211 - } 212 - 213 - static void skcipher_free_sgl(struct sock *sk) 214 - { 215 - struct alg_sock *ask = alg_sk(sk); 216 - struct skcipher_ctx *ctx = ask->private; 217 - 218 - skcipher_pull_sgl(sk, ctx->used, 1); 219 - } 220 - 221 - static int skcipher_wait_for_wmem(struct sock *sk, unsigned flags) 222 - { 223 - DEFINE_WAIT_FUNC(wait, woken_wake_function); 224 - int err = -ERESTARTSYS; 225 - long timeout; 226 - 227 - if (flags & MSG_DONTWAIT) 228 - return -EAGAIN; 229 - 230 - sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); 231 - 232 - add_wait_queue(sk_sleep(sk), &wait); 233 - for (;;) { 234 - if (signal_pending(current)) 235 - break; 236 - timeout = MAX_SCHEDULE_TIMEOUT; 237 - if (sk_wait_event(sk, &timeout, skcipher_writable(sk), &wait)) { 238 - err = 0; 239 - break; 240 - } 241 - } 242 - remove_wait_queue(sk_sleep(sk), &wait); 243 - 244 - return err; 245 - } 246 - 247 - static void skcipher_wmem_wakeup(struct sock *sk) 248 - { 249 - struct socket_wq *wq; 250 - 251 - if (!skcipher_writable(sk)) 252 - return; 253 - 254 - rcu_read_lock(); 255 - wq = rcu_dereference(sk->sk_wq); 256 - if (skwq_has_sleeper(wq)) 257 - wake_up_interruptible_sync_poll(&wq->wait, POLLIN | 258 - POLLRDNORM | 259 - POLLRDBAND); 260 - sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 261 - rcu_read_unlock(); 262 - } 263 - 264 - static int skcipher_wait_for_data(struct sock *sk, unsigned flags) 265 - { 266 - DEFINE_WAIT_FUNC(wait, woken_wake_function); 267 - struct alg_sock *ask = alg_sk(sk); 268 - struct skcipher_ctx *ctx = ask->private; 269 - long timeout; 270 - int err = -ERESTARTSYS; 271 - 272 - if (flags & MSG_DONTWAIT) { 273 - return -EAGAIN; 274 - } 275 - 276 - sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 277 - 278 - add_wait_queue(sk_sleep(sk), &wait); 279 - for (;;) { 280 - if (signal_pending(current)) 281 - break; 282 - timeout = MAX_SCHEDULE_TIMEOUT; 283 - if (sk_wait_event(sk, &timeout, ctx->used, &wait)) { 284 - err = 0; 285 - break; 286 - } 287 - } 288 - remove_wait_queue(sk_sleep(sk), &wait); 289 - 290 - sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 291 - 292 - return err; 293 - } 294 - 295 - static void skcipher_data_wakeup(struct sock *sk) 296 - { 297 - struct alg_sock *ask = alg_sk(sk); 298 - struct skcipher_ctx *ctx = ask->private; 299 - struct socket_wq *wq; 300 - 301 - if (!ctx->used) 302 - return; 303 - 304 - rcu_read_lock(); 305 - wq = rcu_dereference(sk->sk_wq); 306 - if (skwq_has_sleeper(wq)) 307 - wake_up_interruptible_sync_poll(&wq->wait, POLLOUT | 308 - POLLRDNORM | 309 - POLLRDBAND); 310 - sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 311 - rcu_read_unlock(); 312 - } 313 30 314 31 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, 315 32 size_t size) ··· 50 303 struct alg_sock *ask = alg_sk(sk); 51 304 struct sock *psk = ask->parent; 52 305 struct alg_sock *pask = alg_sk(psk); 53 - struct skcipher_ctx *ctx = ask->private; 54 306 struct skcipher_tfm *skc = pask->private; 55 307 struct crypto_skcipher *tfm = skc->skcipher; 56 308 unsigned ivsize = crypto_skcipher_ivsize(tfm); 57 - struct skcipher_sg_list *sgl; 58 - struct af_alg_control con = {}; 59 - long copied = 0; 60 - bool enc = 0; 61 - bool init = 0; 62 - int err; 63 - int i; 64 309 65 - if (msg->msg_controllen) { 66 - err = af_alg_cmsg_send(msg, &con); 67 - if (err) 68 - return err; 69 - 70 - init = 1; 71 - switch (con.op) { 72 - case ALG_OP_ENCRYPT: 73 - enc = 1; 74 - break; 75 - case ALG_OP_DECRYPT: 76 - enc = 0; 77 - break; 78 - default: 79 - return -EINVAL; 80 - } 81 - 82 - if (con.iv && con.iv->ivlen != ivsize) 83 - return -EINVAL; 84 - } 85 - 86 - err = -EINVAL; 87 - 88 - lock_sock(sk); 89 - if (!ctx->more && ctx->used) 90 - goto unlock; 91 - 92 - if (init) { 93 - ctx->enc = enc; 94 - if (con.iv) 95 - memcpy(ctx->iv, con.iv->iv, ivsize); 96 - } 97 - 98 - while (size) { 99 - struct scatterlist *sg; 100 - unsigned long len = size; 101 - size_t plen; 102 - 103 - if (ctx->merge) { 104 - sgl = list_entry(ctx->tsgl.prev, 105 - struct skcipher_sg_list, list); 106 - sg = sgl->sg + sgl->cur - 1; 107 - len = min_t(unsigned long, len, 108 - PAGE_SIZE - sg->offset - sg->length); 109 - 110 - err = memcpy_from_msg(page_address(sg_page(sg)) + 111 - sg->offset + sg->length, 112 - msg, len); 113 - if (err) 114 - goto unlock; 115 - 116 - sg->length += len; 117 - ctx->merge = (sg->offset + sg->length) & 118 - (PAGE_SIZE - 1); 119 - 120 - ctx->used += len; 121 - copied += len; 122 - size -= len; 123 - continue; 124 - } 125 - 126 - if (!skcipher_writable(sk)) { 127 - err = skcipher_wait_for_wmem(sk, msg->msg_flags); 128 - if (err) 129 - goto unlock; 130 - } 131 - 132 - len = min_t(unsigned long, len, skcipher_sndbuf(sk)); 133 - 134 - err = skcipher_alloc_sgl(sk); 135 - if (err) 136 - goto unlock; 137 - 138 - sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list); 139 - sg = sgl->sg; 140 - if (sgl->cur) 141 - sg_unmark_end(sg + sgl->cur - 1); 142 - do { 143 - i = sgl->cur; 144 - plen = min_t(size_t, len, PAGE_SIZE); 145 - 146 - sg_assign_page(sg + i, alloc_page(GFP_KERNEL)); 147 - err = -ENOMEM; 148 - if (!sg_page(sg + i)) 149 - goto unlock; 150 - 151 - err = memcpy_from_msg(page_address(sg_page(sg + i)), 152 - msg, plen); 153 - if (err) { 154 - __free_page(sg_page(sg + i)); 155 - sg_assign_page(sg + i, NULL); 156 - goto unlock; 157 - } 158 - 159 - sg[i].length = plen; 160 - len -= plen; 161 - ctx->used += plen; 162 - copied += plen; 163 - size -= plen; 164 - sgl->cur++; 165 - } while (len && sgl->cur < MAX_SGL_ENTS); 166 - 167 - if (!size) 168 - sg_mark_end(sg + sgl->cur - 1); 169 - 170 - ctx->merge = plen & (PAGE_SIZE - 1); 171 - } 172 - 173 - err = 0; 174 - 175 - ctx->more = msg->msg_flags & MSG_MORE; 176 - 177 - unlock: 178 - skcipher_data_wakeup(sk); 179 - release_sock(sk); 180 - 181 - return copied ?: err; 310 + return af_alg_sendmsg(sock, msg, size, ivsize); 182 311 } 183 312 184 - static ssize_t skcipher_sendpage(struct socket *sock, struct page *page, 185 - int offset, size_t size, int flags) 313 + static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 314 + size_t ignored, int flags) 186 315 { 187 316 struct sock *sk = sock->sk; 188 317 struct alg_sock *ask = alg_sk(sk); 189 - struct skcipher_ctx *ctx = ask->private; 190 - struct skcipher_sg_list *sgl; 191 - int err = -EINVAL; 318 + struct sock *psk = ask->parent; 319 + struct alg_sock *pask = alg_sk(psk); 320 + struct af_alg_ctx *ctx = ask->private; 321 + struct skcipher_tfm *skc = pask->private; 322 + struct crypto_skcipher *tfm = skc->skcipher; 323 + unsigned int bs = crypto_skcipher_blocksize(tfm); 324 + struct af_alg_async_req *areq; 325 + int err = 0; 326 + size_t len = 0; 192 327 193 - if (flags & MSG_SENDPAGE_NOTLAST) 194 - flags |= MSG_MORE; 328 + /* Allocate cipher request for current operation. */ 329 + areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) + 330 + crypto_skcipher_reqsize(tfm)); 331 + if (IS_ERR(areq)) 332 + return PTR_ERR(areq); 195 333 196 - lock_sock(sk); 197 - if (!ctx->more && ctx->used) 198 - goto unlock; 199 - 200 - if (!size) 201 - goto done; 202 - 203 - if (!skcipher_writable(sk)) { 204 - err = skcipher_wait_for_wmem(sk, flags); 205 - if (err) 206 - goto unlock; 207 - } 208 - 209 - err = skcipher_alloc_sgl(sk); 334 + /* convert iovecs of output buffers into RX SGL */ 335 + err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); 210 336 if (err) 211 - goto unlock; 337 + goto free; 212 338 213 - ctx->merge = 0; 214 - sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list); 339 + /* Process only as much RX buffers for which we have TX data */ 340 + if (len > ctx->used) 341 + len = ctx->used; 215 342 216 - if (sgl->cur) 217 - sg_unmark_end(sgl->sg + sgl->cur - 1); 343 + /* 344 + * If more buffers are to be expected to be processed, process only 345 + * full block size buffers. 346 + */ 347 + if (ctx->more || len < ctx->used) 348 + len -= len % bs; 218 349 219 - sg_mark_end(sgl->sg + sgl->cur); 220 - get_page(page); 221 - sg_set_page(sgl->sg + sgl->cur, page, size, offset); 222 - sgl->cur++; 223 - ctx->used += size; 224 - 225 - done: 226 - ctx->more = flags & MSG_MORE; 227 - 228 - unlock: 229 - skcipher_data_wakeup(sk); 230 - release_sock(sk); 231 - 232 - return err ?: size; 233 - } 234 - 235 - static int skcipher_all_sg_nents(struct skcipher_ctx *ctx) 236 - { 237 - struct skcipher_sg_list *sgl; 238 - struct scatterlist *sg; 239 - int nents = 0; 240 - 241 - list_for_each_entry(sgl, &ctx->tsgl, list) { 242 - sg = sgl->sg; 243 - 244 - while (!sg->length) 245 - sg++; 246 - 247 - nents += sg_nents(sg); 350 + /* 351 + * Create a per request TX SGL for this request which tracks the 352 + * SG entries from the global TX SGL. 353 + */ 354 + areq->tsgl_entries = af_alg_count_tsgl(sk, len, 0); 355 + if (!areq->tsgl_entries) 356 + areq->tsgl_entries = 1; 357 + areq->tsgl = sock_kmalloc(sk, sizeof(*areq->tsgl) * areq->tsgl_entries, 358 + GFP_KERNEL); 359 + if (!areq->tsgl) { 360 + err = -ENOMEM; 361 + goto free; 248 362 } 249 - return nents; 250 - } 363 + sg_init_table(areq->tsgl, areq->tsgl_entries); 364 + af_alg_pull_tsgl(sk, len, areq->tsgl, 0); 251 365 252 - static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg, 253 - int flags) 254 - { 255 - struct sock *sk = sock->sk; 256 - struct alg_sock *ask = alg_sk(sk); 257 - struct sock *psk = ask->parent; 258 - struct alg_sock *pask = alg_sk(psk); 259 - struct skcipher_ctx *ctx = ask->private; 260 - struct skcipher_tfm *skc = pask->private; 261 - struct crypto_skcipher *tfm = skc->skcipher; 262 - struct skcipher_sg_list *sgl; 263 - struct scatterlist *sg; 264 - struct skcipher_async_req *sreq; 265 - struct skcipher_request *req; 266 - struct skcipher_async_rsgl *last_rsgl = NULL; 267 - unsigned int txbufs = 0, len = 0, tx_nents; 268 - unsigned int reqsize = crypto_skcipher_reqsize(tfm); 269 - unsigned int ivsize = crypto_skcipher_ivsize(tfm); 270 - int err = -ENOMEM; 271 - bool mark = false; 272 - char *iv; 366 + /* Initialize the crypto operation */ 367 + skcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm); 368 + skcipher_request_set_crypt(&areq->cra_u.skcipher_req, areq->tsgl, 369 + areq->first_rsgl.sgl.sg, len, ctx->iv); 273 370 274 - sreq = kzalloc(sizeof(*sreq) + reqsize + ivsize, GFP_KERNEL); 275 - if (unlikely(!sreq)) 276 - goto out; 277 - 278 - req = &sreq->req; 279 - iv = (char *)(req + 1) + reqsize; 280 - sreq->iocb = msg->msg_iocb; 281 - INIT_LIST_HEAD(&sreq->list); 282 - sreq->inflight = &ctx->inflight; 283 - 284 - lock_sock(sk); 285 - tx_nents = skcipher_all_sg_nents(ctx); 286 - sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); 287 - if (unlikely(!sreq->tsg)) 288 - goto unlock; 289 - sg_init_table(sreq->tsg, tx_nents); 290 - memcpy(iv, ctx->iv, ivsize); 291 - skcipher_request_set_tfm(req, tfm); 292 - skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, 293 - skcipher_async_cb, sreq); 294 - 295 - while (iov_iter_count(&msg->msg_iter)) { 296 - struct skcipher_async_rsgl *rsgl; 297 - int used; 298 - 299 - if (!ctx->used) { 300 - err = skcipher_wait_for_data(sk, flags); 301 - if (err) 302 - goto free; 303 - } 304 - sgl = list_first_entry(&ctx->tsgl, 305 - struct skcipher_sg_list, list); 306 - sg = sgl->sg; 307 - 308 - while (!sg->length) 309 - sg++; 310 - 311 - used = min_t(unsigned long, ctx->used, 312 - iov_iter_count(&msg->msg_iter)); 313 - used = min_t(unsigned long, used, sg->length); 314 - 315 - if (txbufs == tx_nents) { 316 - struct scatterlist *tmp; 317 - int x; 318 - /* Ran out of tx slots in async request 319 - * need to expand */ 320 - tmp = kcalloc(tx_nents * 2, sizeof(*tmp), 321 - GFP_KERNEL); 322 - if (!tmp) { 323 - err = -ENOMEM; 324 - goto free; 325 - } 326 - 327 - sg_init_table(tmp, tx_nents * 2); 328 - for (x = 0; x < tx_nents; x++) 329 - sg_set_page(&tmp[x], sg_page(&sreq->tsg[x]), 330 - sreq->tsg[x].length, 331 - sreq->tsg[x].offset); 332 - kfree(sreq->tsg); 333 - sreq->tsg = tmp; 334 - tx_nents *= 2; 335 - mark = true; 336 - } 337 - /* Need to take over the tx sgl from ctx 338 - * to the asynch req - these sgls will be freed later */ 339 - sg_set_page(sreq->tsg + txbufs++, sg_page(sg), sg->length, 340 - sg->offset); 341 - 342 - if (list_empty(&sreq->list)) { 343 - rsgl = &sreq->first_sgl; 344 - list_add_tail(&rsgl->list, &sreq->list); 345 - } else { 346 - rsgl = kmalloc(sizeof(*rsgl), GFP_KERNEL); 347 - if (!rsgl) { 348 - err = -ENOMEM; 349 - goto free; 350 - } 351 - list_add_tail(&rsgl->list, &sreq->list); 352 - } 353 - 354 - used = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, used); 355 - err = used; 356 - if (used < 0) 357 - goto free; 358 - if (last_rsgl) 359 - af_alg_link_sg(&last_rsgl->sgl, &rsgl->sgl); 360 - 361 - last_rsgl = rsgl; 362 - len += used; 363 - skcipher_pull_sgl(sk, used, 0); 364 - iov_iter_advance(&msg->msg_iter, used); 371 + if (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) { 372 + /* AIO operation */ 373 + areq->iocb = msg->msg_iocb; 374 + skcipher_request_set_callback(&areq->cra_u.skcipher_req, 375 + CRYPTO_TFM_REQ_MAY_SLEEP, 376 + af_alg_async_cb, areq); 377 + err = ctx->enc ? 378 + crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 379 + crypto_skcipher_decrypt(&areq->cra_u.skcipher_req); 380 + } else { 381 + /* Synchronous operation */ 382 + skcipher_request_set_callback(&areq->cra_u.skcipher_req, 383 + CRYPTO_TFM_REQ_MAY_SLEEP | 384 + CRYPTO_TFM_REQ_MAY_BACKLOG, 385 + af_alg_complete, 386 + &ctx->completion); 387 + err = af_alg_wait_for_completion(ctx->enc ? 388 + crypto_skcipher_encrypt(&areq->cra_u.skcipher_req) : 389 + crypto_skcipher_decrypt(&areq->cra_u.skcipher_req), 390 + &ctx->completion); 365 391 } 366 392 367 - if (mark) 368 - sg_mark_end(sreq->tsg + txbufs - 1); 369 - 370 - skcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg, 371 - len, iv); 372 - err = ctx->enc ? crypto_skcipher_encrypt(req) : 373 - crypto_skcipher_decrypt(req); 393 + /* AIO operation in progress */ 374 394 if (err == -EINPROGRESS) { 375 - atomic_inc(&ctx->inflight); 376 - err = -EIOCBQUEUED; 377 - sreq = NULL; 378 - goto unlock; 379 - } 380 - free: 381 - skcipher_free_async_sgls(sreq); 382 - unlock: 383 - skcipher_wmem_wakeup(sk); 384 - release_sock(sk); 385 - kzfree(sreq); 386 - out: 387 - return err; 388 - } 395 + sock_hold(sk); 389 396 390 - static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg, 391 - int flags) 392 - { 393 - struct sock *sk = sock->sk; 394 - struct alg_sock *ask = alg_sk(sk); 395 - struct sock *psk = ask->parent; 396 - struct alg_sock *pask = alg_sk(psk); 397 - struct skcipher_ctx *ctx = ask->private; 398 - struct skcipher_tfm *skc = pask->private; 399 - struct crypto_skcipher *tfm = skc->skcipher; 400 - unsigned bs = crypto_skcipher_blocksize(tfm); 401 - struct skcipher_sg_list *sgl; 402 - struct scatterlist *sg; 403 - int err = -EAGAIN; 404 - int used; 405 - long copied = 0; 397 + /* Remember output size that will be generated. */ 398 + areq->outlen = len; 406 399 407 - lock_sock(sk); 408 - while (msg_data_left(msg)) { 409 - if (!ctx->used) { 410 - err = skcipher_wait_for_data(sk, flags); 411 - if (err) 412 - goto unlock; 413 - } 414 - 415 - used = min_t(unsigned long, ctx->used, msg_data_left(msg)); 416 - 417 - used = af_alg_make_sg(&ctx->rsgl, &msg->msg_iter, used); 418 - err = used; 419 - if (err < 0) 420 - goto unlock; 421 - 422 - if (ctx->more || used < ctx->used) 423 - used -= used % bs; 424 - 425 - err = -EINVAL; 426 - if (!used) 427 - goto free; 428 - 429 - sgl = list_first_entry(&ctx->tsgl, 430 - struct skcipher_sg_list, list); 431 - sg = sgl->sg; 432 - 433 - while (!sg->length) 434 - sg++; 435 - 436 - skcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, 437 - ctx->iv); 438 - 439 - err = af_alg_wait_for_completion( 440 - ctx->enc ? 441 - crypto_skcipher_encrypt(&ctx->req) : 442 - crypto_skcipher_decrypt(&ctx->req), 443 - &ctx->completion); 444 - 445 - free: 446 - af_alg_free_sg(&ctx->rsgl); 447 - 448 - if (err) 449 - goto unlock; 450 - 451 - copied += used; 452 - skcipher_pull_sgl(sk, used, 1); 453 - iov_iter_advance(&msg->msg_iter, used); 400 + return -EIOCBQUEUED; 454 401 } 455 402 456 - err = 0; 403 + free: 404 + af_alg_free_areq_sgls(areq); 405 + sock_kfree_s(sk, areq, areq->areqlen); 457 406 458 - unlock: 459 - skcipher_wmem_wakeup(sk); 460 - release_sock(sk); 461 - 462 - return copied ?: err; 407 + return err ? err : len; 463 408 } 464 409 465 410 static int skcipher_recvmsg(struct socket *sock, struct msghdr *msg, 466 411 size_t ignored, int flags) 467 412 { 468 - return (msg->msg_iocb && !is_sync_kiocb(msg->msg_iocb)) ? 469 - skcipher_recvmsg_async(sock, msg, flags) : 470 - skcipher_recvmsg_sync(sock, msg, flags); 471 - } 472 - 473 - static unsigned int skcipher_poll(struct file *file, struct socket *sock, 474 - poll_table *wait) 475 - { 476 413 struct sock *sk = sock->sk; 477 - struct alg_sock *ask = alg_sk(sk); 478 - struct skcipher_ctx *ctx = ask->private; 479 - unsigned int mask; 414 + int ret = 0; 480 415 481 - sock_poll_wait(file, sk_sleep(sk), wait); 482 - mask = 0; 416 + lock_sock(sk); 417 + while (msg_data_left(msg)) { 418 + int err = _skcipher_recvmsg(sock, msg, ignored, flags); 483 419 484 - if (ctx->used) 485 - mask |= POLLIN | POLLRDNORM; 420 + /* 421 + * This error covers -EIOCBQUEUED which implies that we can 422 + * only handle one AIO request. If the caller wants to have 423 + * multiple AIO requests in parallel, he must make multiple 424 + * separate AIO calls. 425 + * 426 + * Also return the error if no data has been processed so far. 427 + */ 428 + if (err <= 0) { 429 + if (err == -EIOCBQUEUED || !ret) 430 + ret = err; 431 + goto out; 432 + } 486 433 487 - if (skcipher_writable(sk)) 488 - mask |= POLLOUT | POLLWRNORM | POLLWRBAND; 434 + ret += err; 435 + } 489 436 490 - return mask; 437 + out: 438 + af_alg_wmem_wakeup(sk); 439 + release_sock(sk); 440 + return ret; 491 441 } 442 + 492 443 493 444 static struct proto_ops algif_skcipher_ops = { 494 445 .family = PF_ALG, ··· 205 760 206 761 .release = af_alg_release, 207 762 .sendmsg = skcipher_sendmsg, 208 - .sendpage = skcipher_sendpage, 763 + .sendpage = af_alg_sendpage, 209 764 .recvmsg = skcipher_recvmsg, 210 - .poll = skcipher_poll, 765 + .poll = af_alg_poll, 211 766 }; 212 767 213 768 static int skcipher_check_key(struct socket *sock) ··· 269 824 if (err) 270 825 return err; 271 826 272 - return skcipher_sendpage(sock, page, offset, size, flags); 827 + return af_alg_sendpage(sock, page, offset, size, flags); 273 828 } 274 829 275 830 static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, ··· 303 858 .sendmsg = skcipher_sendmsg_nokey, 304 859 .sendpage = skcipher_sendpage_nokey, 305 860 .recvmsg = skcipher_recvmsg_nokey, 306 - .poll = skcipher_poll, 861 + .poll = af_alg_poll, 307 862 }; 308 863 309 864 static void *skcipher_bind(const char *name, u32 type, u32 mask) ··· 345 900 return err; 346 901 } 347 902 348 - static void skcipher_wait(struct sock *sk) 349 - { 350 - struct alg_sock *ask = alg_sk(sk); 351 - struct skcipher_ctx *ctx = ask->private; 352 - int ctr = 0; 353 - 354 - while (atomic_read(&ctx->inflight) && ctr++ < 100) 355 - msleep(100); 356 - } 357 - 358 903 static void skcipher_sock_destruct(struct sock *sk) 359 904 { 360 905 struct alg_sock *ask = alg_sk(sk); 361 - struct skcipher_ctx *ctx = ask->private; 362 - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req); 906 + struct af_alg_ctx *ctx = ask->private; 907 + struct sock *psk = ask->parent; 908 + struct alg_sock *pask = alg_sk(psk); 909 + struct skcipher_tfm *skc = pask->private; 910 + struct crypto_skcipher *tfm = skc->skcipher; 363 911 364 - if (atomic_read(&ctx->inflight)) 365 - skcipher_wait(sk); 366 - 367 - skcipher_free_sgl(sk); 912 + af_alg_pull_tsgl(sk, ctx->used, NULL, 0); 368 913 sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm)); 369 914 sock_kfree_s(sk, ctx, ctx->len); 370 915 af_alg_release_parent(sk); ··· 362 927 363 928 static int skcipher_accept_parent_nokey(void *private, struct sock *sk) 364 929 { 365 - struct skcipher_ctx *ctx; 930 + struct af_alg_ctx *ctx; 366 931 struct alg_sock *ask = alg_sk(sk); 367 932 struct skcipher_tfm *tfm = private; 368 933 struct crypto_skcipher *skcipher = tfm->skcipher; 369 - unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher); 934 + unsigned int len = sizeof(*ctx); 370 935 371 936 ctx = sock_kmalloc(sk, len, GFP_KERNEL); 372 937 if (!ctx) ··· 381 946 382 947 memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); 383 948 384 - INIT_LIST_HEAD(&ctx->tsgl); 949 + INIT_LIST_HEAD(&ctx->tsgl_list); 385 950 ctx->len = len; 386 951 ctx->used = 0; 952 + ctx->rcvused = 0; 387 953 ctx->more = 0; 388 954 ctx->merge = 0; 389 955 ctx->enc = 0; 390 - atomic_set(&ctx->inflight, 0); 391 956 af_alg_init_completion(&ctx->completion); 392 957 393 958 ask->private = ctx; 394 - 395 - skcipher_request_set_tfm(&ctx->req, skcipher); 396 - skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_SLEEP | 397 - CRYPTO_TFM_REQ_MAY_BACKLOG, 398 - af_alg_complete, &ctx->completion); 399 959 400 960 sk->sk_destruct = skcipher_sock_destruct; 401 961

+1 -2

crypto/ctr.c

··· 65 65 unsigned int nbytes = walk->nbytes; 66 66 67 67 crypto_cipher_encrypt_one(tfm, keystream, ctrblk); 68 - crypto_xor(keystream, src, nbytes); 69 - memcpy(dst, keystream, nbytes); 68 + crypto_xor_cpy(dst, keystream, src, nbytes); 70 69 71 70 crypto_inc(ctrblk, bsize); 72 71 }

+33 -18

crypto/ecdh.c

··· 20 20 unsigned int curve_id; 21 21 unsigned int ndigits; 22 22 u64 private_key[ECC_MAX_DIGITS]; 23 - u64 public_key[2 * ECC_MAX_DIGITS]; 24 - u64 shared_secret[ECC_MAX_DIGITS]; 25 23 }; 26 24 27 25 static inline struct ecdh_ctx *ecdh_get_ctx(struct crypto_kpp *tfm) ··· 68 70 69 71 static int ecdh_compute_value(struct kpp_request *req) 70 72 { 71 - int ret = 0; 72 73 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 73 74 struct ecdh_ctx *ctx = ecdh_get_ctx(tfm); 74 - size_t copied, nbytes; 75 + u64 *public_key; 76 + u64 *shared_secret = NULL; 75 77 void *buf; 78 + size_t copied, nbytes, public_key_sz; 79 + int ret = -ENOMEM; 76 80 77 81 nbytes = ctx->ndigits << ECC_DIGITS_TO_BYTES_SHIFT; 82 + /* Public part is a point thus it has both coordinates */ 83 + public_key_sz = 2 * nbytes; 84 + 85 + public_key = kmalloc(public_key_sz, GFP_KERNEL); 86 + if (!public_key) 87 + return -ENOMEM; 78 88 79 89 if (req->src) { 80 - copied = sg_copy_to_buffer(req->src, 1, ctx->public_key, 81 - 2 * nbytes); 82 - if (copied != 2 * nbytes) 83 - return -EINVAL; 90 + shared_secret = kmalloc(nbytes, GFP_KERNEL); 91 + if (!shared_secret) 92 + goto free_pubkey; 93 + 94 + copied = sg_copy_to_buffer(req->src, 1, public_key, 95 + public_key_sz); 96 + if (copied != public_key_sz) { 97 + ret = -EINVAL; 98 + goto free_all; 99 + } 84 100 85 101 ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits, 86 - ctx->private_key, 87 - ctx->public_key, 88 - ctx->shared_secret); 102 + ctx->private_key, public_key, 103 + shared_secret); 89 104 90 - buf = ctx->shared_secret; 105 + buf = shared_secret; 91 106 } else { 92 107 ret = ecc_make_pub_key(ctx->curve_id, ctx->ndigits, 93 - ctx->private_key, ctx->public_key); 94 - buf = ctx->public_key; 95 - /* Public part is a point thus it has both coordinates */ 96 - nbytes *= 2; 108 + ctx->private_key, public_key); 109 + buf = public_key; 110 + nbytes = public_key_sz; 97 111 } 98 112 99 113 if (ret < 0) 100 - return ret; 114 + goto free_all; 101 115 102 116 copied = sg_copy_from_buffer(req->dst, 1, buf, nbytes); 103 117 if (copied != nbytes) 104 - return -EINVAL; 118 + ret = -EINVAL; 105 119 120 + /* fall through */ 121 + free_all: 122 + kzfree(shared_secret); 123 + free_pubkey: 124 + kfree(public_key); 106 125 return ret; 107 126 } 108 127

+4 -8

crypto/pcbc.c

··· 55 55 do { 56 56 crypto_xor(iv, src, bsize); 57 57 crypto_cipher_encrypt_one(tfm, dst, iv); 58 - memcpy(iv, dst, bsize); 59 - crypto_xor(iv, src, bsize); 58 + crypto_xor_cpy(iv, dst, src, bsize); 60 59 61 60 src += bsize; 62 61 dst += bsize; ··· 78 79 memcpy(tmpbuf, src, bsize); 79 80 crypto_xor(iv, src, bsize); 80 81 crypto_cipher_encrypt_one(tfm, src, iv); 81 - memcpy(iv, tmpbuf, bsize); 82 - crypto_xor(iv, src, bsize); 82 + crypto_xor_cpy(iv, tmpbuf, src, bsize); 83 83 84 84 src += bsize; 85 85 } while ((nbytes -= bsize) >= bsize); ··· 125 127 do { 126 128 crypto_cipher_decrypt_one(tfm, dst, src); 127 129 crypto_xor(dst, iv, bsize); 128 - memcpy(iv, src, bsize); 129 - crypto_xor(iv, dst, bsize); 130 + crypto_xor_cpy(iv, dst, src, bsize); 130 131 131 132 src += bsize; 132 133 dst += bsize; ··· 150 153 memcpy(tmpbuf, src, bsize); 151 154 crypto_cipher_decrypt_one(tfm, src, src); 152 155 crypto_xor(src, iv, bsize); 153 - memcpy(iv, tmpbuf, bsize); 154 - crypto_xor(iv, src, bsize); 156 + crypto_xor_cpy(iv, src, tmpbuf, bsize); 155 157 156 158 src += bsize; 157 159 } while ((nbytes -= bsize) >= bsize);

+4 -2

crypto/rng.c

··· 43 43 if (!buf) 44 44 return -ENOMEM; 45 45 46 - get_random_bytes(buf, slen); 46 + err = get_random_bytes_wait(buf, slen); 47 + if (err) 48 + goto out; 47 49 seed = buf; 48 50 } 49 51 50 52 err = crypto_rng_alg(tfm)->seed(tfm, seed, slen); 51 - 53 + out: 52 54 kzfree(buf); 53 55 return err; 54 56 }

+22 -33

crypto/scompress.c

··· 65 65 seq_puts(m, "type : scomp\n"); 66 66 } 67 67 68 - static int crypto_scomp_init_tfm(struct crypto_tfm *tfm) 69 - { 70 - return 0; 71 - } 72 - 73 68 static void crypto_scomp_free_scratches(void * __percpu *scratches) 74 69 { 75 70 int i; ··· 120 125 if (!scomp_src_scratches) 121 126 return -ENOMEM; 122 127 scomp_dst_scratches = crypto_scomp_alloc_scratches(); 123 - if (!scomp_dst_scratches) 128 + if (!scomp_dst_scratches) { 129 + crypto_scomp_free_scratches(scomp_src_scratches); 130 + scomp_src_scratches = NULL; 124 131 return -ENOMEM; 132 + } 125 133 } 126 134 return 0; 135 + } 136 + 137 + static int crypto_scomp_init_tfm(struct crypto_tfm *tfm) 138 + { 139 + int ret; 140 + 141 + mutex_lock(&scomp_lock); 142 + ret = crypto_scomp_alloc_all_scratches(); 143 + mutex_unlock(&scomp_lock); 144 + 145 + return ret; 127 146 } 128 147 129 148 static void crypto_scomp_sg_free(struct scatterlist *sgl) ··· 220 211 scratch_dst, &req->dlen, *ctx); 221 212 if (!ret) { 222 213 if (!req->dst) { 223 - req->dst = crypto_scomp_sg_alloc(req->dlen, 224 - req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? 225 - GFP_KERNEL : GFP_ATOMIC); 214 + req->dst = crypto_scomp_sg_alloc(req->dlen, GFP_ATOMIC); 226 215 if (!req->dst) 227 216 goto out; 228 217 } ··· 247 240 struct crypto_scomp **ctx = crypto_tfm_ctx(tfm); 248 241 249 242 crypto_free_scomp(*ctx); 243 + 244 + mutex_lock(&scomp_lock); 245 + crypto_scomp_free_all_scratches(); 246 + mutex_unlock(&scomp_lock); 250 247 } 251 248 252 249 int crypto_init_scomp_ops_async(struct crypto_tfm *tfm) ··· 327 316 int crypto_register_scomp(struct scomp_alg *alg) 328 317 { 329 318 struct crypto_alg *base = &alg->base; 330 - int ret = -ENOMEM; 331 - 332 - mutex_lock(&scomp_lock); 333 - if (crypto_scomp_alloc_all_scratches()) 334 - goto error; 335 319 336 320 base->cra_type = &crypto_scomp_type; 337 321 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 338 322 base->cra_flags |= CRYPTO_ALG_TYPE_SCOMPRESS; 339 323 340 - ret = crypto_register_alg(base); 341 - if (ret) 342 - goto error; 343 - 344 - mutex_unlock(&scomp_lock); 345 - return ret; 346 - 347 - error: 348 - crypto_scomp_free_all_scratches(); 349 - mutex_unlock(&scomp_lock); 350 - return ret; 324 + return crypto_register_alg(base); 351 325 } 352 326 EXPORT_SYMBOL_GPL(crypto_register_scomp); 353 327 354 328 int crypto_unregister_scomp(struct scomp_alg *alg) 355 329 { 356 - int ret; 357 - 358 - mutex_lock(&scomp_lock); 359 - ret = crypto_unregister_alg(&alg->base); 360 - crypto_scomp_free_all_scratches(); 361 - mutex_unlock(&scomp_lock); 362 - 363 - return ret; 330 + return crypto_unregister_alg(&alg->base); 364 331 } 365 332 EXPORT_SYMBOL_GPL(crypto_unregister_scomp); 366 333

+41 -36

crypto/serpent_generic.c

··· 229 229 x4 ^= x2; \ 230 230 }) 231 231 232 + static void __serpent_setkey_sbox(u32 r0, u32 r1, u32 r2, u32 r3, u32 r4, u32 *k) 233 + { 234 + k += 100; 235 + S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24); 236 + S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20); 237 + S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16); 238 + S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12); 239 + S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8); 240 + S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4); 241 + S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0); 242 + S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4); 243 + S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8); 244 + S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12); 245 + S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16); 246 + S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20); 247 + S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24); 248 + S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28); 249 + k -= 50; 250 + S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18); 251 + S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14); 252 + S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10); 253 + S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6); 254 + S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2); 255 + S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2); 256 + S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6); 257 + S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10); 258 + S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14); 259 + S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18); 260 + S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22); 261 + k -= 50; 262 + S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24); 263 + S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20); 264 + S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16); 265 + S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12); 266 + S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8); 267 + S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4); 268 + S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0); 269 + S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0); 270 + } 271 + 232 272 int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key, 233 273 unsigned int keylen) 234 274 { ··· 435 395 keyiter(k[23], r1, r0, r3, 131, 31); 436 396 437 397 /* Apply S-boxes */ 438 - 439 - S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24); 440 - S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20); 441 - S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16); 442 - S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12); 443 - S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8); 444 - S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4); 445 - S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0); 446 - S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4); 447 - S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8); 448 - S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12); 449 - S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16); 450 - S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20); 451 - S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24); 452 - S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28); 453 - k -= 50; 454 - S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18); 455 - S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14); 456 - S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10); 457 - S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6); 458 - S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2); 459 - S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2); 460 - S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6); 461 - S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10); 462 - S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14); 463 - S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18); 464 - S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22); 465 - k -= 50; 466 - S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24); 467 - S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20); 468 - S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16); 469 - S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12); 470 - S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8); 471 - S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4); 472 - S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0); 473 - S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0); 398 + __serpent_setkey_sbox(r0, r1, r2, r3, r4, ctx->expkey); 474 399 475 400 return 0; 476 401 }

+4 -4

crypto/tcrypt.c

··· 1404 1404 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, 1405 1405 speed_template_32_40_48); 1406 1406 test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0, 1407 - speed_template_32_48_64); 1407 + speed_template_32_64); 1408 1408 test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0, 1409 - speed_template_32_48_64); 1409 + speed_template_32_64); 1410 1410 test_cipher_speed("cts(cbc(aes))", ENCRYPT, sec, NULL, 0, 1411 1411 speed_template_16_24_32); 1412 1412 test_cipher_speed("cts(cbc(aes))", DECRYPT, sec, NULL, 0, ··· 1837 1837 test_acipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, 1838 1838 speed_template_32_40_48); 1839 1839 test_acipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0, 1840 - speed_template_32_48_64); 1840 + speed_template_32_64); 1841 1841 test_acipher_speed("xts(aes)", DECRYPT, sec, NULL, 0, 1842 - speed_template_32_48_64); 1842 + speed_template_32_64); 1843 1843 test_acipher_speed("cts(cbc(aes))", ENCRYPT, sec, NULL, 0, 1844 1844 speed_template_16_24_32); 1845 1845 test_acipher_speed("cts(cbc(aes))", DECRYPT, sec, NULL, 0,

+16 -4

drivers/char/hw_random/Kconfig

··· 13 13 that's usually called /dev/hwrng, and which exposes one 14 14 of possibly several hardware random number generators. 15 15 16 - These hardware random number generators do not feed directly 17 - into the kernel's random number generator. That is usually 18 - handled by the "rngd" daemon. Documentation/hw_random.txt 19 - has more information. 16 + These hardware random number generators do feed into the 17 + kernel's random number generator entropy pool. 20 18 21 19 If unsure, say Y. 22 20 ··· 250 252 251 253 To compile this driver as a module, choose M here: the 252 254 module will be called mxc-rnga. 255 + 256 + If unsure, say Y. 257 + 258 + config HW_RANDOM_IMX_RNGC 259 + tristate "Freescale i.MX RNGC Random Number Generator" 260 + depends on ARCH_MXC 261 + default HW_RANDOM 262 + ---help--- 263 + This driver provides kernel-side support for the Random Number 264 + Generator Version C hardware found on some Freescale i.MX 265 + processors. Version B is also supported by this driver. 266 + 267 + To compile this driver as a module, choose M here: the 268 + module will be called imx-rngc. 253 269 254 270 If unsure, say Y. 255 271

+1

drivers/char/hw_random/Makefile

··· 20 20 obj-$(CONFIG_HW_RANDOM_VIRTIO) += virtio-rng.o 21 21 obj-$(CONFIG_HW_RANDOM_TX4939) += tx4939-rng.o 22 22 obj-$(CONFIG_HW_RANDOM_MXC_RNGA) += mxc-rnga.o 23 + obj-$(CONFIG_HW_RANDOM_IMX_RNGC) += imx-rngc.o 23 24 obj-$(CONFIG_HW_RANDOM_OCTEON) += octeon-rng.o 24 25 obj-$(CONFIG_HW_RANDOM_NOMADIK) += nomadik-rng.o 25 26 obj-$(CONFIG_HW_RANDOM_PSERIES) += pseries-rng.o

+36 -6

drivers/char/hw_random/core.c

··· 28 28 #define RNG_MODULE_NAME "hw_random" 29 29 30 30 static struct hwrng *current_rng; 31 + /* the current rng has been explicitly chosen by user via sysfs */ 32 + static int cur_rng_set_by_user; 31 33 static struct task_struct *hwrng_fill; 34 + /* list of registered rngs, sorted decending by quality */ 32 35 static LIST_HEAD(rng_list); 33 36 /* Protects rng_list and current_rng */ 34 37 static DEFINE_MUTEX(rng_mutex); ··· 306 303 list_for_each_entry(rng, &rng_list, list) { 307 304 if (sysfs_streq(rng->name, buf)) { 308 305 err = 0; 306 + cur_rng_set_by_user = 1; 309 307 if (rng != current_rng) 310 308 err = set_current_rng(rng); 311 309 break; ··· 355 351 return strlen(buf); 356 352 } 357 353 354 + static ssize_t hwrng_attr_selected_show(struct device *dev, 355 + struct device_attribute *attr, 356 + char *buf) 357 + { 358 + return snprintf(buf, PAGE_SIZE, "%d\n", cur_rng_set_by_user); 359 + } 360 + 358 361 static DEVICE_ATTR(rng_current, S_IRUGO | S_IWUSR, 359 362 hwrng_attr_current_show, 360 363 hwrng_attr_current_store); 361 364 static DEVICE_ATTR(rng_available, S_IRUGO, 362 365 hwrng_attr_available_show, 363 366 NULL); 367 + static DEVICE_ATTR(rng_selected, S_IRUGO, 368 + hwrng_attr_selected_show, 369 + NULL); 364 370 365 371 static struct attribute *rng_dev_attrs[] = { 366 372 &dev_attr_rng_current.attr, 367 373 &dev_attr_rng_available.attr, 374 + &dev_attr_rng_selected.attr, 368 375 NULL 369 376 }; 370 377 ··· 432 417 { 433 418 int err = -EINVAL; 434 419 struct hwrng *old_rng, *tmp; 420 + struct list_head *rng_list_ptr; 435 421 436 422 if (!rng->name || (!rng->data_read && !rng->read)) 437 423 goto out; ··· 448 432 init_completion(&rng->cleanup_done); 449 433 complete(&rng->cleanup_done); 450 434 435 + /* rng_list is sorted by decreasing quality */ 436 + list_for_each(rng_list_ptr, &rng_list) { 437 + tmp = list_entry(rng_list_ptr, struct hwrng, list); 438 + if (tmp->quality < rng->quality) 439 + break; 440 + } 441 + list_add_tail(&rng->list, rng_list_ptr); 442 + 451 443 old_rng = current_rng; 452 444 err = 0; 453 - if (!old_rng) { 445 + if (!old_rng || 446 + (!cur_rng_set_by_user && rng->quality > old_rng->quality)) { 447 + /* 448 + * Set new rng as current as the new rng source 449 + * provides better entropy quality and was not 450 + * chosen by userspace. 451 + */ 454 452 err = set_current_rng(rng); 455 453 if (err) 456 454 goto out_unlock; 457 455 } 458 - list_add_tail(&rng->list, &rng_list); 459 456 460 457 if (old_rng && !rng->init) { 461 458 /* ··· 495 466 list_del(&rng->list); 496 467 if (current_rng == rng) { 497 468 drop_current_rng(); 469 + cur_rng_set_by_user = 0; 470 + /* rng_list is sorted by quality, use the best (=first) one */ 498 471 if (!list_empty(&rng_list)) { 499 - struct hwrng *tail; 472 + struct hwrng *new_rng; 500 473 501 - tail = list_entry(rng_list.prev, struct hwrng, list); 502 - 503 - set_current_rng(tail); 474 + new_rng = list_entry(rng_list.next, struct hwrng, list); 475 + set_current_rng(new_rng); 504 476 } 505 477 } 506 478

+331

drivers/char/hw_random/imx-rngc.c

··· 1 + /* 2 + * RNG driver for Freescale RNGC 3 + * 4 + * Copyright (C) 2008-2012 Freescale Semiconductor, Inc. 5 + * Copyright (C) 2017 Martin Kaiser <martin@kaiser.cx> 6 + * 7 + * The code contained herein is licensed under the GNU General Public 8 + * License. You may obtain a copy of the GNU General Public License 9 + * Version 2 or later at the following locations: 10 + * 11 + * http://www.opensource.org/licenses/gpl-license.html 12 + * http://www.gnu.org/copyleft/gpl.html 13 + */ 14 + 15 + #include <linux/module.h> 16 + #include <linux/init.h> 17 + #include <linux/kernel.h> 18 + #include <linux/clk.h> 19 + #include <linux/err.h> 20 + #include <linux/platform_device.h> 21 + #include <linux/interrupt.h> 22 + #include <linux/hw_random.h> 23 + #include <linux/completion.h> 24 + #include <linux/io.h> 25 + 26 + #define RNGC_COMMAND 0x0004 27 + #define RNGC_CONTROL 0x0008 28 + #define RNGC_STATUS 0x000C 29 + #define RNGC_ERROR 0x0010 30 + #define RNGC_FIFO 0x0014 31 + 32 + #define RNGC_CMD_CLR_ERR 0x00000020 33 + #define RNGC_CMD_CLR_INT 0x00000010 34 + #define RNGC_CMD_SEED 0x00000002 35 + #define RNGC_CMD_SELF_TEST 0x00000001 36 + 37 + #define RNGC_CTRL_MASK_ERROR 0x00000040 38 + #define RNGC_CTRL_MASK_DONE 0x00000020 39 + 40 + #define RNGC_STATUS_ERROR 0x00010000 41 + #define RNGC_STATUS_FIFO_LEVEL_MASK 0x00000f00 42 + #define RNGC_STATUS_FIFO_LEVEL_SHIFT 8 43 + #define RNGC_STATUS_SEED_DONE 0x00000020 44 + #define RNGC_STATUS_ST_DONE 0x00000010 45 + 46 + #define RNGC_ERROR_STATUS_STAT_ERR 0x00000008 47 + 48 + #define RNGC_TIMEOUT 3000 /* 3 sec */ 49 + 50 + 51 + static bool self_test = true; 52 + module_param(self_test, bool, 0); 53 + 54 + struct imx_rngc { 55 + struct device *dev; 56 + struct clk *clk; 57 + void __iomem *base; 58 + struct hwrng rng; 59 + struct completion rng_op_done; 60 + /* 61 + * err_reg is written only by the irq handler and read only 62 + * when interrupts are masked, we need no spinlock 63 + */ 64 + u32 err_reg; 65 + }; 66 + 67 + 68 + static inline void imx_rngc_irq_mask_clear(struct imx_rngc *rngc) 69 + { 70 + u32 ctrl, cmd; 71 + 72 + /* mask interrupts */ 73 + ctrl = readl(rngc->base + RNGC_CONTROL); 74 + ctrl |= RNGC_CTRL_MASK_DONE | RNGC_CTRL_MASK_ERROR; 75 + writel(ctrl, rngc->base + RNGC_CONTROL); 76 + 77 + /* 78 + * CLR_INT clears the interrupt only if there's no error 79 + * CLR_ERR clear the interrupt and the error register if there 80 + * is an error 81 + */ 82 + cmd = readl(rngc->base + RNGC_COMMAND); 83 + cmd |= RNGC_CMD_CLR_INT | RNGC_CMD_CLR_ERR; 84 + writel(cmd, rngc->base + RNGC_COMMAND); 85 + } 86 + 87 + static inline void imx_rngc_irq_unmask(struct imx_rngc *rngc) 88 + { 89 + u32 ctrl; 90 + 91 + ctrl = readl(rngc->base + RNGC_CONTROL); 92 + ctrl &= ~(RNGC_CTRL_MASK_DONE | RNGC_CTRL_MASK_ERROR); 93 + writel(ctrl, rngc->base + RNGC_CONTROL); 94 + } 95 + 96 + static int imx_rngc_self_test(struct imx_rngc *rngc) 97 + { 98 + u32 cmd; 99 + int ret; 100 + 101 + imx_rngc_irq_unmask(rngc); 102 + 103 + /* run self test */ 104 + cmd = readl(rngc->base + RNGC_COMMAND); 105 + writel(cmd | RNGC_CMD_SELF_TEST, rngc->base + RNGC_COMMAND); 106 + 107 + ret = wait_for_completion_timeout(&rngc->rng_op_done, RNGC_TIMEOUT); 108 + if (!ret) { 109 + imx_rngc_irq_mask_clear(rngc); 110 + return -ETIMEDOUT; 111 + } 112 + 113 + if (rngc->err_reg != 0) 114 + return -EIO; 115 + 116 + return 0; 117 + } 118 + 119 + static int imx_rngc_read(struct hwrng *rng, void *data, size_t max, bool wait) 120 + { 121 + struct imx_rngc *rngc = container_of(rng, struct imx_rngc, rng); 122 + unsigned int status; 123 + unsigned int level; 124 + int retval = 0; 125 + 126 + while (max >= sizeof(u32)) { 127 + status = readl(rngc->base + RNGC_STATUS); 128 + 129 + /* is there some error while reading this random number? */ 130 + if (status & RNGC_STATUS_ERROR) 131 + break; 132 + 133 + /* how many random numbers are in FIFO? [0-16] */ 134 + level = (status & RNGC_STATUS_FIFO_LEVEL_MASK) >> 135 + RNGC_STATUS_FIFO_LEVEL_SHIFT; 136 + 137 + if (level) { 138 + /* retrieve a random number from FIFO */ 139 + *(u32 *)data = readl(rngc->base + RNGC_FIFO); 140 + 141 + retval += sizeof(u32); 142 + data += sizeof(u32); 143 + max -= sizeof(u32); 144 + } 145 + } 146 + 147 + return retval ? retval : -EIO; 148 + } 149 + 150 + static irqreturn_t imx_rngc_irq(int irq, void *priv) 151 + { 152 + struct imx_rngc *rngc = (struct imx_rngc *)priv; 153 + u32 status; 154 + 155 + /* 156 + * clearing the interrupt will also clear the error register 157 + * read error and status before clearing 158 + */ 159 + status = readl(rngc->base + RNGC_STATUS); 160 + rngc->err_reg = readl(rngc->base + RNGC_ERROR); 161 + 162 + imx_rngc_irq_mask_clear(rngc); 163 + 164 + if (status & (RNGC_STATUS_SEED_DONE | RNGC_STATUS_ST_DONE)) 165 + complete(&rngc->rng_op_done); 166 + 167 + return IRQ_HANDLED; 168 + } 169 + 170 + static int imx_rngc_init(struct hwrng *rng) 171 + { 172 + struct imx_rngc *rngc = container_of(rng, struct imx_rngc, rng); 173 + u32 cmd; 174 + int ret; 175 + 176 + /* clear error */ 177 + cmd = readl(rngc->base + RNGC_COMMAND); 178 + writel(cmd | RNGC_CMD_CLR_ERR, rngc->base + RNGC_COMMAND); 179 + 180 + /* create seed, repeat while there is some statistical error */ 181 + do { 182 + imx_rngc_irq_unmask(rngc); 183 + 184 + /* seed creation */ 185 + cmd = readl(rngc->base + RNGC_COMMAND); 186 + writel(cmd | RNGC_CMD_SEED, rngc->base + RNGC_COMMAND); 187 + 188 + ret = wait_for_completion_timeout(&rngc->rng_op_done, 189 + RNGC_TIMEOUT); 190 + 191 + if (!ret) { 192 + imx_rngc_irq_mask_clear(rngc); 193 + return -ETIMEDOUT; 194 + } 195 + 196 + } while (rngc->err_reg == RNGC_ERROR_STATUS_STAT_ERR); 197 + 198 + return rngc->err_reg ? -EIO : 0; 199 + } 200 + 201 + static int imx_rngc_probe(struct platform_device *pdev) 202 + { 203 + struct imx_rngc *rngc; 204 + struct resource *res; 205 + int ret; 206 + int irq; 207 + 208 + rngc = devm_kzalloc(&pdev->dev, sizeof(*rngc), GFP_KERNEL); 209 + if (!rngc) 210 + return -ENOMEM; 211 + 212 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 213 + rngc->base = devm_ioremap_resource(&pdev->dev, res); 214 + if (IS_ERR(rngc->base)) 215 + return PTR_ERR(rngc->base); 216 + 217 + rngc->clk = devm_clk_get(&pdev->dev, NULL); 218 + if (IS_ERR(rngc->clk)) { 219 + dev_err(&pdev->dev, "Can not get rng_clk\n"); 220 + return PTR_ERR(rngc->clk); 221 + } 222 + 223 + irq = platform_get_irq(pdev, 0); 224 + if (irq <= 0) { 225 + dev_err(&pdev->dev, "Couldn't get irq %d\n", irq); 226 + return irq; 227 + } 228 + 229 + ret = clk_prepare_enable(rngc->clk); 230 + if (ret) 231 + return ret; 232 + 233 + ret = devm_request_irq(&pdev->dev, 234 + irq, imx_rngc_irq, 0, pdev->name, (void *)rngc); 235 + if (ret) { 236 + dev_err(rngc->dev, "Can't get interrupt working.\n"); 237 + goto err; 238 + } 239 + 240 + init_completion(&rngc->rng_op_done); 241 + 242 + rngc->rng.name = pdev->name; 243 + rngc->rng.init = imx_rngc_init; 244 + rngc->rng.read = imx_rngc_read; 245 + 246 + rngc->dev = &pdev->dev; 247 + platform_set_drvdata(pdev, rngc); 248 + 249 + imx_rngc_irq_mask_clear(rngc); 250 + 251 + if (self_test) { 252 + ret = imx_rngc_self_test(rngc); 253 + if (ret) { 254 + dev_err(rngc->dev, "FSL RNGC self test failed.\n"); 255 + goto err; 256 + } 257 + } 258 + 259 + ret = hwrng_register(&rngc->rng); 260 + if (ret) { 261 + dev_err(&pdev->dev, "FSL RNGC registering failed (%d)\n", ret); 262 + goto err; 263 + } 264 + 265 + dev_info(&pdev->dev, "Freescale RNGC registered.\n"); 266 + return 0; 267 + 268 + err: 269 + clk_disable_unprepare(rngc->clk); 270 + 271 + return ret; 272 + } 273 + 274 + static int __exit imx_rngc_remove(struct platform_device *pdev) 275 + { 276 + struct imx_rngc *rngc = platform_get_drvdata(pdev); 277 + 278 + hwrng_unregister(&rngc->rng); 279 + 280 + clk_disable_unprepare(rngc->clk); 281 + 282 + return 0; 283 + } 284 + 285 + #ifdef CONFIG_PM 286 + static int imx_rngc_suspend(struct device *dev) 287 + { 288 + struct imx_rngc *rngc = dev_get_drvdata(dev); 289 + 290 + clk_disable_unprepare(rngc->clk); 291 + 292 + return 0; 293 + } 294 + 295 + static int imx_rngc_resume(struct device *dev) 296 + { 297 + struct imx_rngc *rngc = dev_get_drvdata(dev); 298 + 299 + clk_prepare_enable(rngc->clk); 300 + 301 + return 0; 302 + } 303 + 304 + static const struct dev_pm_ops imx_rngc_pm_ops = { 305 + .suspend = imx_rngc_suspend, 306 + .resume = imx_rngc_resume, 307 + }; 308 + #endif 309 + 310 + static const struct of_device_id imx_rngc_dt_ids[] = { 311 + { .compatible = "fsl,imx25-rngb", .data = NULL, }, 312 + { /* sentinel */ } 313 + }; 314 + MODULE_DEVICE_TABLE(of, imx_rngc_dt_ids); 315 + 316 + static struct platform_driver imx_rngc_driver = { 317 + .driver = { 318 + .name = "imx_rngc", 319 + #ifdef CONFIG_PM 320 + .pm = &imx_rngc_pm_ops, 321 + #endif 322 + .of_match_table = imx_rngc_dt_ids, 323 + }, 324 + .remove = __exit_p(imx_rngc_remove), 325 + }; 326 + 327 + module_platform_driver_probe(imx_rngc_driver, imx_rngc_probe); 328 + 329 + MODULE_AUTHOR("Freescale Semiconductor, Inc."); 330 + MODULE_DESCRIPTION("H/W RNGC driver for i.MX"); 331 + MODULE_LICENSE("GPL");

+46 -3

drivers/crypto/Kconfig

··· 525 525 To compile this driver as a module, choose M here: the module 526 526 will be called atmel-sha. 527 527 528 + config CRYPTO_DEV_ATMEL_ECC 529 + tristate "Support for Microchip / Atmel ECC hw accelerator" 530 + depends on ARCH_AT91 || COMPILE_TEST 531 + depends on I2C 532 + select CRYPTO_ECDH 533 + select CRC16 534 + help 535 + Microhip / Atmel ECC hw accelerator. 536 + Select this if you want to use the Microchip / Atmel module for 537 + ECDH algorithm. 538 + 539 + To compile this driver as a module, choose M here: the module 540 + will be called atmel-ecc. 541 + 528 542 config CRYPTO_DEV_CCP 529 - bool "Support for AMD Cryptographic Coprocessor" 543 + bool "Support for AMD Secure Processor" 530 544 depends on ((X86 && PCI) || (ARM64 && (OF_ADDRESS || ACPI))) && HAS_IOMEM 531 545 help 532 - The AMD Cryptographic Coprocessor provides hardware offload support 533 - for encryption, hashing and related operations. 546 + The AMD Secure Processor provides support for the Cryptographic Coprocessor 547 + (CCP) and the Platform Security Processor (PSP) devices. 534 548 535 549 if CRYPTO_DEV_CCP 536 550 source "drivers/crypto/ccp/Kconfig" ··· 630 616 To compile this driver as a module, choose M here: the module 631 617 will be called sun4i-ss. 632 618 619 + config CRYPTO_DEV_SUN4I_SS_PRNG 620 + bool "Support for Allwinner Security System PRNG" 621 + depends on CRYPTO_DEV_SUN4I_SS 622 + select CRYPTO_RNG 623 + help 624 + Select this option if you want to provide kernel-side support for 625 + the Pseudo-Random Number Generator found in the Security System. 626 + 633 627 config CRYPTO_DEV_ROCKCHIP 634 628 tristate "Rockchip's Cryptographic Engine driver" 635 629 depends on OF && ARCH_ROCKCHIP ··· 707 685 designed by Inside Secure. Select this if you want to use CBC/ECB 708 686 chain mode, AES cipher mode and SHA1/SHA224/SHA256/SHA512 hash 709 687 algorithms. 688 + 689 + config CRYPTO_DEV_ARTPEC6 690 + tristate "Support for Axis ARTPEC-6/7 hardware crypto acceleration." 691 + depends on ARM && (ARCH_ARTPEC || COMPILE_TEST) 692 + depends on HAS_DMA 693 + depends on OF 694 + select CRYPTO_AEAD 695 + select CRYPTO_AES 696 + select CRYPTO_ALGAPI 697 + select CRYPTO_BLKCIPHER 698 + select CRYPTO_CTR 699 + select CRYPTO_HASH 700 + select CRYPTO_SHA1 701 + select CRYPTO_SHA256 702 + select CRYPTO_SHA384 703 + select CRYPTO_SHA512 704 + help 705 + Enables the driver for the on-chip crypto accelerator 706 + of Axis ARTPEC SoCs. 707 + 708 + To compile this driver as a module, choose M here. 710 709 711 710 endif # CRYPTO_HW

+3 -1

drivers/crypto/Makefile

··· 1 1 obj-$(CONFIG_CRYPTO_DEV_ATMEL_AES) += atmel-aes.o 2 2 obj-$(CONFIG_CRYPTO_DEV_ATMEL_SHA) += atmel-sha.o 3 3 obj-$(CONFIG_CRYPTO_DEV_ATMEL_TDES) += atmel-tdes.o 4 + obj-$(CONFIG_CRYPTO_DEV_ATMEL_ECC) += atmel-ecc.o 4 5 obj-$(CONFIG_CRYPTO_DEV_BFIN_CRC) += bfin_crc.o 5 6 obj-$(CONFIG_CRYPTO_DEV_CAVIUM_ZIP) += cavium/ 6 7 obj-$(CONFIG_CRYPTO_DEV_CCP) += ccp/ ··· 36 35 obj-$(CONFIG_CRYPTO_DEV_ROCKCHIP) += rockchip/ 37 36 obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o 38 37 obj-$(CONFIG_CRYPTO_DEV_SAHARA) += sahara.o 39 - obj-$(CONFIG_CRYPTO_DEV_STM32) += stm32/ 38 + obj-$(CONFIG_ARCH_STM32) += stm32/ 40 39 obj-$(CONFIG_CRYPTO_DEV_SUN4I_SS) += sunxi-ss/ 41 40 obj-$(CONFIG_CRYPTO_DEV_TALITOS) += talitos.o 42 41 obj-$(CONFIG_CRYPTO_DEV_UX500) += ux500/ ··· 44 43 obj-$(CONFIG_CRYPTO_DEV_VMX) += vmx/ 45 44 obj-$(CONFIG_CRYPTO_DEV_BCM_SPU) += bcm/ 46 45 obj-$(CONFIG_CRYPTO_DEV_SAFEXCEL) += inside-secure/ 46 + obj-$(CONFIG_CRYPTO_DEV_ARTPEC6) += axis/

+781

drivers/crypto/atmel-ecc.c

··· 1 + /* 2 + * Microchip / Atmel ECC (I2C) driver. 3 + * 4 + * Copyright (c) 2017, Microchip Technology Inc. 5 + * Author: Tudor Ambarus <tudor.ambarus@microchip.com> 6 + * 7 + * This software is licensed under the terms of the GNU General Public 8 + * License version 2, as published by the Free Software Foundation, and 9 + * may be copied, distributed, and modified under those terms. 10 + * 11 + * This program is distributed in the hope that it will be useful, 12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 + * GNU General Public License for more details. 15 + * 16 + */ 17 + 18 + #include <linux/bitrev.h> 19 + #include <linux/crc16.h> 20 + #include <linux/delay.h> 21 + #include <linux/device.h> 22 + #include <linux/err.h> 23 + #include <linux/errno.h> 24 + #include <linux/i2c.h> 25 + #include <linux/init.h> 26 + #include <linux/kernel.h> 27 + #include <linux/module.h> 28 + #include <linux/of_device.h> 29 + #include <linux/scatterlist.h> 30 + #include <linux/slab.h> 31 + #include <linux/workqueue.h> 32 + #include <crypto/internal/kpp.h> 33 + #include <crypto/ecdh.h> 34 + #include <crypto/kpp.h> 35 + #include "atmel-ecc.h" 36 + 37 + /* Used for binding tfm objects to i2c clients. */ 38 + struct atmel_ecc_driver_data { 39 + struct list_head i2c_client_list; 40 + spinlock_t i2c_list_lock; 41 + } ____cacheline_aligned; 42 + 43 + static struct atmel_ecc_driver_data driver_data; 44 + 45 + /** 46 + * atmel_ecc_i2c_client_priv - i2c_client private data 47 + * @client : pointer to i2c client device 48 + * @i2c_client_list_node: part of i2c_client_list 49 + * @lock : lock for sending i2c commands 50 + * @wake_token : wake token array of zeros 51 + * @wake_token_sz : size in bytes of the wake_token 52 + * @tfm_count : number of active crypto transformations on i2c client 53 + * 54 + * Reads and writes from/to the i2c client are sequential. The first byte 55 + * transmitted to the device is treated as the byte size. Any attempt to send 56 + * more than this number of bytes will cause the device to not ACK those bytes. 57 + * After the host writes a single command byte to the input buffer, reads are 58 + * prohibited until after the device completes command execution. Use a mutex 59 + * when sending i2c commands. 60 + */ 61 + struct atmel_ecc_i2c_client_priv { 62 + struct i2c_client *client; 63 + struct list_head i2c_client_list_node; 64 + struct mutex lock; 65 + u8 wake_token[WAKE_TOKEN_MAX_SIZE]; 66 + size_t wake_token_sz; 67 + atomic_t tfm_count ____cacheline_aligned; 68 + }; 69 + 70 + /** 71 + * atmel_ecdh_ctx - transformation context 72 + * @client : pointer to i2c client device 73 + * @fallback : used for unsupported curves or when user wants to use its own 74 + * private key. 75 + * @public_key : generated when calling set_secret(). It's the responsibility 76 + * of the user to not call set_secret() while 77 + * generate_public_key() or compute_shared_secret() are in flight. 78 + * @curve_id : elliptic curve id 79 + * @n_sz : size in bytes of the n prime 80 + * @do_fallback: true when the device doesn't support the curve or when the user 81 + * wants to use its own private key. 82 + */ 83 + struct atmel_ecdh_ctx { 84 + struct i2c_client *client; 85 + struct crypto_kpp *fallback; 86 + const u8 *public_key; 87 + unsigned int curve_id; 88 + size_t n_sz; 89 + bool do_fallback; 90 + }; 91 + 92 + /** 93 + * atmel_ecc_work_data - data structure representing the work 94 + * @ctx : transformation context. 95 + * @cbk : pointer to a callback function to be invoked upon completion of this 96 + * request. This has the form: 97 + * callback(struct atmel_ecc_work_data *work_data, void *areq, u8 status) 98 + * where: 99 + * @work_data: data structure representing the work 100 + * @areq : optional pointer to an argument passed with the original 101 + * request. 102 + * @status : status returned from the i2c client device or i2c error. 103 + * @areq: optional pointer to a user argument for use at callback time. 104 + * @work: describes the task to be executed. 105 + * @cmd : structure used for communicating with the device. 106 + */ 107 + struct atmel_ecc_work_data { 108 + struct atmel_ecdh_ctx *ctx; 109 + void (*cbk)(struct atmel_ecc_work_data *work_data, void *areq, 110 + int status); 111 + void *areq; 112 + struct work_struct work; 113 + struct atmel_ecc_cmd cmd; 114 + }; 115 + 116 + static u16 atmel_ecc_crc16(u16 crc, const u8 *buffer, size_t len) 117 + { 118 + return cpu_to_le16(bitrev16(crc16(crc, buffer, len))); 119 + } 120 + 121 + /** 122 + * atmel_ecc_checksum() - Generate 16-bit CRC as required by ATMEL ECC. 123 + * CRC16 verification of the count, opcode, param1, param2 and data bytes. 124 + * The checksum is saved in little-endian format in the least significant 125 + * two bytes of the command. CRC polynomial is 0x8005 and the initial register 126 + * value should be zero. 127 + * 128 + * @cmd : structure used for communicating with the device. 129 + */ 130 + static void atmel_ecc_checksum(struct atmel_ecc_cmd *cmd) 131 + { 132 + u8 *data = &cmd->count; 133 + size_t len = cmd->count - CRC_SIZE; 134 + u16 *crc16 = (u16 *)(data + len); 135 + 136 + *crc16 = atmel_ecc_crc16(0, data, len); 137 + } 138 + 139 + static void atmel_ecc_init_read_cmd(struct atmel_ecc_cmd *cmd) 140 + { 141 + cmd->word_addr = COMMAND; 142 + cmd->opcode = OPCODE_READ; 143 + /* 144 + * Read the word from Configuration zone that contains the lock bytes 145 + * (UserExtra, Selector, LockValue, LockConfig). 146 + */ 147 + cmd->param1 = CONFIG_ZONE; 148 + cmd->param2 = DEVICE_LOCK_ADDR; 149 + cmd->count = READ_COUNT; 150 + 151 + atmel_ecc_checksum(cmd); 152 + 153 + cmd->msecs = MAX_EXEC_TIME_READ; 154 + cmd->rxsize = READ_RSP_SIZE; 155 + } 156 + 157 + static void atmel_ecc_init_genkey_cmd(struct atmel_ecc_cmd *cmd, u16 keyid) 158 + { 159 + cmd->word_addr = COMMAND; 160 + cmd->count = GENKEY_COUNT; 161 + cmd->opcode = OPCODE_GENKEY; 162 + cmd->param1 = GENKEY_MODE_PRIVATE; 163 + /* a random private key will be generated and stored in slot keyID */ 164 + cmd->param2 = cpu_to_le16(keyid); 165 + 166 + atmel_ecc_checksum(cmd); 167 + 168 + cmd->msecs = MAX_EXEC_TIME_GENKEY; 169 + cmd->rxsize = GENKEY_RSP_SIZE; 170 + } 171 + 172 + static int atmel_ecc_init_ecdh_cmd(struct atmel_ecc_cmd *cmd, 173 + struct scatterlist *pubkey) 174 + { 175 + size_t copied; 176 + 177 + cmd->word_addr = COMMAND; 178 + cmd->count = ECDH_COUNT; 179 + cmd->opcode = OPCODE_ECDH; 180 + cmd->param1 = ECDH_PREFIX_MODE; 181 + /* private key slot */ 182 + cmd->param2 = cpu_to_le16(DATA_SLOT_2); 183 + 184 + /* 185 + * The device only supports NIST P256 ECC keys. The public key size will 186 + * always be the same. Use a macro for the key size to avoid unnecessary 187 + * computations. 188 + */ 189 + copied = sg_copy_to_buffer(pubkey, 1, cmd->data, ATMEL_ECC_PUBKEY_SIZE); 190 + if (copied != ATMEL_ECC_PUBKEY_SIZE) 191 + return -EINVAL; 192 + 193 + atmel_ecc_checksum(cmd); 194 + 195 + cmd->msecs = MAX_EXEC_TIME_ECDH; 196 + cmd->rxsize = ECDH_RSP_SIZE; 197 + 198 + return 0; 199 + } 200 + 201 + /* 202 + * After wake and after execution of a command, there will be error, status, or 203 + * result bytes in the device's output register that can be retrieved by the 204 + * system. When the length of that group is four bytes, the codes returned are 205 + * detailed in error_list. 206 + */ 207 + static int atmel_ecc_status(struct device *dev, u8 *status) 208 + { 209 + size_t err_list_len = ARRAY_SIZE(error_list); 210 + int i; 211 + u8 err_id = status[1]; 212 + 213 + if (*status != STATUS_SIZE) 214 + return 0; 215 + 216 + if (err_id == STATUS_WAKE_SUCCESSFUL || err_id == STATUS_NOERR) 217 + return 0; 218 + 219 + for (i = 0; i < err_list_len; i++) 220 + if (error_list[i].value == err_id) 221 + break; 222 + 223 + /* if err_id is not in the error_list then ignore it */ 224 + if (i != err_list_len) { 225 + dev_err(dev, "%02x: %s:\n", err_id, error_list[i].error_text); 226 + return err_id; 227 + } 228 + 229 + return 0; 230 + } 231 + 232 + static int atmel_ecc_wakeup(struct i2c_client *client) 233 + { 234 + struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); 235 + u8 status[STATUS_RSP_SIZE]; 236 + int ret; 237 + 238 + /* 239 + * The device ignores any levels or transitions on the SCL pin when the 240 + * device is idle, asleep or during waking up. Don't check for error 241 + * when waking up the device. 242 + */ 243 + i2c_master_send(client, i2c_priv->wake_token, i2c_priv->wake_token_sz); 244 + 245 + /* 246 + * Wait to wake the device. Typical execution times for ecdh and genkey 247 + * are around tens of milliseconds. Delta is chosen to 50 microseconds. 248 + */ 249 + usleep_range(TWHI_MIN, TWHI_MAX); 250 + 251 + ret = i2c_master_recv(client, status, STATUS_SIZE); 252 + if (ret < 0) 253 + return ret; 254 + 255 + return atmel_ecc_status(&client->dev, status); 256 + } 257 + 258 + static int atmel_ecc_sleep(struct i2c_client *client) 259 + { 260 + u8 sleep = SLEEP_TOKEN; 261 + 262 + return i2c_master_send(client, &sleep, 1); 263 + } 264 + 265 + static void atmel_ecdh_done(struct atmel_ecc_work_data *work_data, void *areq, 266 + int status) 267 + { 268 + struct kpp_request *req = areq; 269 + struct atmel_ecdh_ctx *ctx = work_data->ctx; 270 + struct atmel_ecc_cmd *cmd = &work_data->cmd; 271 + size_t copied; 272 + size_t n_sz = ctx->n_sz; 273 + 274 + if (status) 275 + goto free_work_data; 276 + 277 + /* copy the shared secret */ 278 + copied = sg_copy_from_buffer(req->dst, 1, &cmd->data[RSP_DATA_IDX], 279 + n_sz); 280 + if (copied != n_sz) 281 + status = -EINVAL; 282 + 283 + /* fall through */ 284 + free_work_data: 285 + kzfree(work_data); 286 + kpp_request_complete(req, status); 287 + } 288 + 289 + /* 290 + * atmel_ecc_send_receive() - send a command to the device and receive its 291 + * response. 292 + * @client: i2c client device 293 + * @cmd : structure used to communicate with the device 294 + * 295 + * After the device receives a Wake token, a watchdog counter starts within the 296 + * device. After the watchdog timer expires, the device enters sleep mode 297 + * regardless of whether some I/O transmission or command execution is in 298 + * progress. If a command is attempted when insufficient time remains prior to 299 + * watchdog timer execution, the device will return the watchdog timeout error 300 + * code without attempting to execute the command. There is no way to reset the 301 + * counter other than to put the device into sleep or idle mode and then 302 + * wake it up again. 303 + */ 304 + static int atmel_ecc_send_receive(struct i2c_client *client, 305 + struct atmel_ecc_cmd *cmd) 306 + { 307 + struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); 308 + int ret; 309 + 310 + mutex_lock(&i2c_priv->lock); 311 + 312 + ret = atmel_ecc_wakeup(client); 313 + if (ret) 314 + goto err; 315 + 316 + /* send the command */ 317 + ret = i2c_master_send(client, (u8 *)cmd, cmd->count + WORD_ADDR_SIZE); 318 + if (ret < 0) 319 + goto err; 320 + 321 + /* delay the appropriate amount of time for command to execute */ 322 + msleep(cmd->msecs); 323 + 324 + /* receive the response */ 325 + ret = i2c_master_recv(client, cmd->data, cmd->rxsize); 326 + if (ret < 0) 327 + goto err; 328 + 329 + /* put the device into low-power mode */ 330 + ret = atmel_ecc_sleep(client); 331 + if (ret < 0) 332 + goto err; 333 + 334 + mutex_unlock(&i2c_priv->lock); 335 + return atmel_ecc_status(&client->dev, cmd->data); 336 + err: 337 + mutex_unlock(&i2c_priv->lock); 338 + return ret; 339 + } 340 + 341 + static void atmel_ecc_work_handler(struct work_struct *work) 342 + { 343 + struct atmel_ecc_work_data *work_data = 344 + container_of(work, struct atmel_ecc_work_data, work); 345 + struct atmel_ecc_cmd *cmd = &work_data->cmd; 346 + struct i2c_client *client = work_data->ctx->client; 347 + int status; 348 + 349 + status = atmel_ecc_send_receive(client, cmd); 350 + work_data->cbk(work_data, work_data->areq, status); 351 + } 352 + 353 + static void atmel_ecc_enqueue(struct atmel_ecc_work_data *work_data, 354 + void (*cbk)(struct atmel_ecc_work_data *work_data, 355 + void *areq, int status), 356 + void *areq) 357 + { 358 + work_data->cbk = (void *)cbk; 359 + work_data->areq = areq; 360 + 361 + INIT_WORK(&work_data->work, atmel_ecc_work_handler); 362 + schedule_work(&work_data->work); 363 + } 364 + 365 + static unsigned int atmel_ecdh_supported_curve(unsigned int curve_id) 366 + { 367 + if (curve_id == ECC_CURVE_NIST_P256) 368 + return ATMEL_ECC_NIST_P256_N_SIZE; 369 + 370 + return 0; 371 + } 372 + 373 + /* 374 + * A random private key is generated and stored in the device. The device 375 + * returns the pair public key. 376 + */ 377 + static int atmel_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, 378 + unsigned int len) 379 + { 380 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 381 + struct atmel_ecc_cmd *cmd; 382 + void *public_key; 383 + struct ecdh params; 384 + int ret = -ENOMEM; 385 + 386 + /* free the old public key, if any */ 387 + kfree(ctx->public_key); 388 + /* make sure you don't free the old public key twice */ 389 + ctx->public_key = NULL; 390 + 391 + if (crypto_ecdh_decode_key(buf, len, &params) < 0) { 392 + dev_err(&ctx->client->dev, "crypto_ecdh_decode_key failed\n"); 393 + return -EINVAL; 394 + } 395 + 396 + ctx->n_sz = atmel_ecdh_supported_curve(params.curve_id); 397 + if (!ctx->n_sz || params.key_size) { 398 + /* fallback to ecdh software implementation */ 399 + ctx->do_fallback = true; 400 + return crypto_kpp_set_secret(ctx->fallback, buf, len); 401 + } 402 + 403 + cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); 404 + if (!cmd) 405 + return -ENOMEM; 406 + 407 + /* 408 + * The device only supports NIST P256 ECC keys. The public key size will 409 + * always be the same. Use a macro for the key size to avoid unnecessary 410 + * computations. 411 + */ 412 + public_key = kmalloc(ATMEL_ECC_PUBKEY_SIZE, GFP_KERNEL); 413 + if (!public_key) 414 + goto free_cmd; 415 + 416 + ctx->do_fallback = false; 417 + ctx->curve_id = params.curve_id; 418 + 419 + atmel_ecc_init_genkey_cmd(cmd, DATA_SLOT_2); 420 + 421 + ret = atmel_ecc_send_receive(ctx->client, cmd); 422 + if (ret) 423 + goto free_public_key; 424 + 425 + /* save the public key */ 426 + memcpy(public_key, &cmd->data[RSP_DATA_IDX], ATMEL_ECC_PUBKEY_SIZE); 427 + ctx->public_key = public_key; 428 + 429 + kfree(cmd); 430 + return 0; 431 + 432 + free_public_key: 433 + kfree(public_key); 434 + free_cmd: 435 + kfree(cmd); 436 + return ret; 437 + } 438 + 439 + static int atmel_ecdh_generate_public_key(struct kpp_request *req) 440 + { 441 + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 442 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 443 + size_t copied; 444 + int ret = 0; 445 + 446 + if (ctx->do_fallback) { 447 + kpp_request_set_tfm(req, ctx->fallback); 448 + return crypto_kpp_generate_public_key(req); 449 + } 450 + 451 + /* public key was saved at private key generation */ 452 + copied = sg_copy_from_buffer(req->dst, 1, ctx->public_key, 453 + ATMEL_ECC_PUBKEY_SIZE); 454 + if (copied != ATMEL_ECC_PUBKEY_SIZE) 455 + ret = -EINVAL; 456 + 457 + return ret; 458 + } 459 + 460 + static int atmel_ecdh_compute_shared_secret(struct kpp_request *req) 461 + { 462 + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 463 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 464 + struct atmel_ecc_work_data *work_data; 465 + gfp_t gfp; 466 + int ret; 467 + 468 + if (ctx->do_fallback) { 469 + kpp_request_set_tfm(req, ctx->fallback); 470 + return crypto_kpp_compute_shared_secret(req); 471 + } 472 + 473 + gfp = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? GFP_KERNEL : 474 + GFP_ATOMIC; 475 + 476 + work_data = kmalloc(sizeof(*work_data), gfp); 477 + if (!work_data) 478 + return -ENOMEM; 479 + 480 + work_data->ctx = ctx; 481 + 482 + ret = atmel_ecc_init_ecdh_cmd(&work_data->cmd, req->src); 483 + if (ret) 484 + goto free_work_data; 485 + 486 + atmel_ecc_enqueue(work_data, atmel_ecdh_done, req); 487 + 488 + return -EINPROGRESS; 489 + 490 + free_work_data: 491 + kfree(work_data); 492 + return ret; 493 + } 494 + 495 + static struct i2c_client *atmel_ecc_i2c_client_alloc(void) 496 + { 497 + struct atmel_ecc_i2c_client_priv *i2c_priv, *min_i2c_priv = NULL; 498 + struct i2c_client *client = ERR_PTR(-ENODEV); 499 + int min_tfm_cnt = INT_MAX; 500 + int tfm_cnt; 501 + 502 + spin_lock(&driver_data.i2c_list_lock); 503 + 504 + if (list_empty(&driver_data.i2c_client_list)) { 505 + spin_unlock(&driver_data.i2c_list_lock); 506 + return ERR_PTR(-ENODEV); 507 + } 508 + 509 + list_for_each_entry(i2c_priv, &driver_data.i2c_client_list, 510 + i2c_client_list_node) { 511 + tfm_cnt = atomic_read(&i2c_priv->tfm_count); 512 + if (tfm_cnt < min_tfm_cnt) { 513 + min_tfm_cnt = tfm_cnt; 514 + min_i2c_priv = i2c_priv; 515 + } 516 + if (!min_tfm_cnt) 517 + break; 518 + } 519 + 520 + if (min_i2c_priv) { 521 + atomic_inc(&min_i2c_priv->tfm_count); 522 + client = min_i2c_priv->client; 523 + } 524 + 525 + spin_unlock(&driver_data.i2c_list_lock); 526 + 527 + return client; 528 + } 529 + 530 + static void atmel_ecc_i2c_client_free(struct i2c_client *client) 531 + { 532 + struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); 533 + 534 + atomic_dec(&i2c_priv->tfm_count); 535 + } 536 + 537 + static int atmel_ecdh_init_tfm(struct crypto_kpp *tfm) 538 + { 539 + const char *alg = kpp_alg_name(tfm); 540 + struct crypto_kpp *fallback; 541 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 542 + 543 + ctx->client = atmel_ecc_i2c_client_alloc(); 544 + if (IS_ERR(ctx->client)) { 545 + pr_err("tfm - i2c_client binding failed\n"); 546 + return PTR_ERR(ctx->client); 547 + } 548 + 549 + fallback = crypto_alloc_kpp(alg, 0, CRYPTO_ALG_NEED_FALLBACK); 550 + if (IS_ERR(fallback)) { 551 + dev_err(&ctx->client->dev, "Failed to allocate transformation for '%s': %ld\n", 552 + alg, PTR_ERR(fallback)); 553 + return PTR_ERR(fallback); 554 + } 555 + 556 + crypto_kpp_set_flags(fallback, crypto_kpp_get_flags(tfm)); 557 + 558 + dev_info(&ctx->client->dev, "Using '%s' as fallback implementation.\n", 559 + crypto_tfm_alg_driver_name(crypto_kpp_tfm(fallback))); 560 + 561 + ctx->fallback = fallback; 562 + 563 + return 0; 564 + } 565 + 566 + static void atmel_ecdh_exit_tfm(struct crypto_kpp *tfm) 567 + { 568 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 569 + 570 + kfree(ctx->public_key); 571 + crypto_free_kpp(ctx->fallback); 572 + atmel_ecc_i2c_client_free(ctx->client); 573 + } 574 + 575 + static unsigned int atmel_ecdh_max_size(struct crypto_kpp *tfm) 576 + { 577 + struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); 578 + 579 + if (ctx->fallback) 580 + return crypto_kpp_maxsize(ctx->fallback); 581 + 582 + /* 583 + * The device only supports NIST P256 ECC keys. The public key size will 584 + * always be the same. Use a macro for the key size to avoid unnecessary 585 + * computations. 586 + */ 587 + return ATMEL_ECC_PUBKEY_SIZE; 588 + } 589 + 590 + static struct kpp_alg atmel_ecdh = { 591 + .set_secret = atmel_ecdh_set_secret, 592 + .generate_public_key = atmel_ecdh_generate_public_key, 593 + .compute_shared_secret = atmel_ecdh_compute_shared_secret, 594 + .init = atmel_ecdh_init_tfm, 595 + .exit = atmel_ecdh_exit_tfm, 596 + .max_size = atmel_ecdh_max_size, 597 + .base = { 598 + .cra_flags = CRYPTO_ALG_NEED_FALLBACK, 599 + .cra_name = "ecdh", 600 + .cra_driver_name = "atmel-ecdh", 601 + .cra_priority = ATMEL_ECC_PRIORITY, 602 + .cra_module = THIS_MODULE, 603 + .cra_ctxsize = sizeof(struct atmel_ecdh_ctx), 604 + }, 605 + }; 606 + 607 + static inline size_t atmel_ecc_wake_token_sz(u32 bus_clk_rate) 608 + { 609 + u32 no_of_bits = DIV_ROUND_UP(TWLO_USEC * bus_clk_rate, USEC_PER_SEC); 610 + 611 + /* return the size of the wake_token in bytes */ 612 + return DIV_ROUND_UP(no_of_bits, 8); 613 + } 614 + 615 + static int device_sanity_check(struct i2c_client *client) 616 + { 617 + struct atmel_ecc_cmd *cmd; 618 + int ret; 619 + 620 + cmd = kmalloc(sizeof(*cmd), GFP_KERNEL); 621 + if (!cmd) 622 + return -ENOMEM; 623 + 624 + atmel_ecc_init_read_cmd(cmd); 625 + 626 + ret = atmel_ecc_send_receive(client, cmd); 627 + if (ret) 628 + goto free_cmd; 629 + 630 + /* 631 + * It is vital that the Configuration, Data and OTP zones be locked 632 + * prior to release into the field of the system containing the device. 633 + * Failure to lock these zones may permit modification of any secret 634 + * keys and may lead to other security problems. 635 + */ 636 + if (cmd->data[LOCK_CONFIG_IDX] || cmd->data[LOCK_VALUE_IDX]) { 637 + dev_err(&client->dev, "Configuration or Data and OTP zones are unlocked!\n"); 638 + ret = -ENOTSUPP; 639 + } 640 + 641 + /* fall through */ 642 + free_cmd: 643 + kfree(cmd); 644 + return ret; 645 + } 646 + 647 + static int atmel_ecc_probe(struct i2c_client *client, 648 + const struct i2c_device_id *id) 649 + { 650 + struct atmel_ecc_i2c_client_priv *i2c_priv; 651 + struct device *dev = &client->dev; 652 + int ret; 653 + u32 bus_clk_rate; 654 + 655 + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { 656 + dev_err(dev, "I2C_FUNC_I2C not supported\n"); 657 + return -ENODEV; 658 + } 659 + 660 + ret = of_property_read_u32(client->adapter->dev.of_node, 661 + "clock-frequency", &bus_clk_rate); 662 + if (ret) { 663 + dev_err(dev, "of: failed to read clock-frequency property\n"); 664 + return ret; 665 + } 666 + 667 + if (bus_clk_rate > 1000000L) { 668 + dev_err(dev, "%d exceeds maximum supported clock frequency (1MHz)\n", 669 + bus_clk_rate); 670 + return -EINVAL; 671 + } 672 + 673 + i2c_priv = devm_kmalloc(dev, sizeof(*i2c_priv), GFP_KERNEL); 674 + if (!i2c_priv) 675 + return -ENOMEM; 676 + 677 + i2c_priv->client = client; 678 + mutex_init(&i2c_priv->lock); 679 + 680 + /* 681 + * WAKE_TOKEN_MAX_SIZE was calculated for the maximum bus_clk_rate - 682 + * 1MHz. The previous bus_clk_rate check ensures us that wake_token_sz 683 + * will always be smaller than or equal to WAKE_TOKEN_MAX_SIZE. 684 + */ 685 + i2c_priv->wake_token_sz = atmel_ecc_wake_token_sz(bus_clk_rate); 686 + 687 + memset(i2c_priv->wake_token, 0, sizeof(i2c_priv->wake_token)); 688 + 689 + atomic_set(&i2c_priv->tfm_count, 0); 690 + 691 + i2c_set_clientdata(client, i2c_priv); 692 + 693 + ret = device_sanity_check(client); 694 + if (ret) 695 + return ret; 696 + 697 + spin_lock(&driver_data.i2c_list_lock); 698 + list_add_tail(&i2c_priv->i2c_client_list_node, 699 + &driver_data.i2c_client_list); 700 + spin_unlock(&driver_data.i2c_list_lock); 701 + 702 + ret = crypto_register_kpp(&atmel_ecdh); 703 + if (ret) { 704 + spin_lock(&driver_data.i2c_list_lock); 705 + list_del(&i2c_priv->i2c_client_list_node); 706 + spin_unlock(&driver_data.i2c_list_lock); 707 + 708 + dev_err(dev, "%s alg registration failed\n", 709 + atmel_ecdh.base.cra_driver_name); 710 + } else { 711 + dev_info(dev, "atmel ecc algorithms registered in /proc/crypto\n"); 712 + } 713 + 714 + return ret; 715 + } 716 + 717 + static int atmel_ecc_remove(struct i2c_client *client) 718 + { 719 + struct atmel_ecc_i2c_client_priv *i2c_priv = i2c_get_clientdata(client); 720 + 721 + /* Return EBUSY if i2c client already allocated. */ 722 + if (atomic_read(&i2c_priv->tfm_count)) { 723 + dev_err(&client->dev, "Device is busy\n"); 724 + return -EBUSY; 725 + } 726 + 727 + crypto_unregister_kpp(&atmel_ecdh); 728 + 729 + spin_lock(&driver_data.i2c_list_lock); 730 + list_del(&i2c_priv->i2c_client_list_node); 731 + spin_unlock(&driver_data.i2c_list_lock); 732 + 733 + return 0; 734 + } 735 + 736 + #ifdef CONFIG_OF 737 + static const struct of_device_id atmel_ecc_dt_ids[] = { 738 + { 739 + .compatible = "atmel,atecc508a", 740 + }, { 741 + /* sentinel */ 742 + } 743 + }; 744 + MODULE_DEVICE_TABLE(of, atmel_ecc_dt_ids); 745 + #endif 746 + 747 + static const struct i2c_device_id atmel_ecc_id[] = { 748 + { "atecc508a", 0 }, 749 + { } 750 + }; 751 + MODULE_DEVICE_TABLE(i2c, atmel_ecc_id); 752 + 753 + static struct i2c_driver atmel_ecc_driver = { 754 + .driver = { 755 + .name = "atmel-ecc", 756 + .of_match_table = of_match_ptr(atmel_ecc_dt_ids), 757 + }, 758 + .probe = atmel_ecc_probe, 759 + .remove = atmel_ecc_remove, 760 + .id_table = atmel_ecc_id, 761 + }; 762 + 763 + static int __init atmel_ecc_init(void) 764 + { 765 + spin_lock_init(&driver_data.i2c_list_lock); 766 + INIT_LIST_HEAD(&driver_data.i2c_client_list); 767 + return i2c_add_driver(&atmel_ecc_driver); 768 + } 769 + 770 + static void __exit atmel_ecc_exit(void) 771 + { 772 + flush_scheduled_work(); 773 + i2c_del_driver(&atmel_ecc_driver); 774 + } 775 + 776 + module_init(atmel_ecc_init); 777 + module_exit(atmel_ecc_exit); 778 + 779 + MODULE_AUTHOR("Tudor Ambarus <tudor.ambarus@microchip.com>"); 780 + MODULE_DESCRIPTION("Microchip / Atmel ECC (I2C) driver"); 781 + MODULE_LICENSE("GPL v2");

+128

drivers/crypto/atmel-ecc.h

··· 1 + /* 2 + * Copyright (c) 2017, Microchip Technology Inc. 3 + * Author: Tudor Ambarus <tudor.ambarus@microchip.com> 4 + * 5 + * This program is free software; you can redistribute it and/or modify 6 + * it under the terms of the GNU General Public License version 2 as 7 + * published by the Free Software Foundation. 8 + * 9 + * This program is distributed in the hope that it will be useful, but WITHOUT 10 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 + * more details. 13 + * 14 + * You should have received a copy of the GNU General Public License along with 15 + * this program. If not, see <http://www.gnu.org/licenses/>. 16 + * 17 + */ 18 + 19 + #ifndef __ATMEL_ECC_H__ 20 + #define __ATMEL_ECC_H__ 21 + 22 + #define ATMEL_ECC_PRIORITY 300 23 + 24 + #define COMMAND 0x03 /* packet function */ 25 + #define SLEEP_TOKEN 0x01 26 + #define WAKE_TOKEN_MAX_SIZE 8 27 + 28 + /* Definitions of Data and Command sizes */ 29 + #define WORD_ADDR_SIZE 1 30 + #define COUNT_SIZE 1 31 + #define CRC_SIZE 2 32 + #define CMD_OVERHEAD_SIZE (COUNT_SIZE + CRC_SIZE) 33 + 34 + /* size in bytes of the n prime */ 35 + #define ATMEL_ECC_NIST_P256_N_SIZE 32 36 + #define ATMEL_ECC_PUBKEY_SIZE (2 * ATMEL_ECC_NIST_P256_N_SIZE) 37 + 38 + #define STATUS_RSP_SIZE 4 39 + #define ECDH_RSP_SIZE (32 + CMD_OVERHEAD_SIZE) 40 + #define GENKEY_RSP_SIZE (ATMEL_ECC_PUBKEY_SIZE + \ 41 + CMD_OVERHEAD_SIZE) 42 + #define READ_RSP_SIZE (4 + CMD_OVERHEAD_SIZE) 43 + #define MAX_RSP_SIZE GENKEY_RSP_SIZE 44 + 45 + /** 46 + * atmel_ecc_cmd - structure used for communicating with the device. 47 + * @word_addr: indicates the function of the packet sent to the device. This 48 + * byte should have a value of COMMAND for normal operation. 49 + * @count : number of bytes to be transferred to (or from) the device. 50 + * @opcode : the command code. 51 + * @param1 : the first parameter; always present. 52 + * @param2 : the second parameter; always present. 53 + * @data : optional remaining input data. Includes a 2-byte CRC. 54 + * @rxsize : size of the data received from i2c client. 55 + * @msecs : command execution time in milliseconds 56 + */ 57 + struct atmel_ecc_cmd { 58 + u8 word_addr; 59 + u8 count; 60 + u8 opcode; 61 + u8 param1; 62 + u16 param2; 63 + u8 data[MAX_RSP_SIZE]; 64 + u8 msecs; 65 + u16 rxsize; 66 + } __packed; 67 + 68 + /* Status/Error codes */ 69 + #define STATUS_SIZE 0x04 70 + #define STATUS_NOERR 0x00 71 + #define STATUS_WAKE_SUCCESSFUL 0x11 72 + 73 + static const struct { 74 + u8 value; 75 + const char *error_text; 76 + } error_list[] = { 77 + { 0x01, "CheckMac or Verify miscompare" }, 78 + { 0x03, "Parse Error" }, 79 + { 0x05, "ECC Fault" }, 80 + { 0x0F, "Execution Error" }, 81 + { 0xEE, "Watchdog about to expire" }, 82 + { 0xFF, "CRC or other communication error" }, 83 + }; 84 + 85 + /* Definitions for eeprom organization */ 86 + #define CONFIG_ZONE 0 87 + 88 + /* Definitions for Indexes common to all commands */ 89 + #define RSP_DATA_IDX 1 /* buffer index of data in response */ 90 + #define DATA_SLOT_2 2 /* used for ECDH private key */ 91 + 92 + /* Definitions for the device lock state */ 93 + #define DEVICE_LOCK_ADDR 0x15 94 + #define LOCK_VALUE_IDX (RSP_DATA_IDX + 2) 95 + #define LOCK_CONFIG_IDX (RSP_DATA_IDX + 3) 96 + 97 + /* 98 + * Wake High delay to data communication (microseconds). SDA should be stable 99 + * high for this entire duration. 100 + */ 101 + #define TWHI_MIN 1500 102 + #define TWHI_MAX 1550 103 + 104 + /* Wake Low duration */ 105 + #define TWLO_USEC 60 106 + 107 + /* Command execution time (milliseconds) */ 108 + #define MAX_EXEC_TIME_ECDH 58 109 + #define MAX_EXEC_TIME_GENKEY 115 110 + #define MAX_EXEC_TIME_READ 1 111 + 112 + /* Command opcode */ 113 + #define OPCODE_ECDH 0x43 114 + #define OPCODE_GENKEY 0x40 115 + #define OPCODE_READ 0x02 116 + 117 + /* Definitions for the READ Command */ 118 + #define READ_COUNT 7 119 + 120 + /* Definitions for the GenKey Command */ 121 + #define GENKEY_COUNT 7 122 + #define GENKEY_MODE_PRIVATE 0x04 123 + 124 + /* Definitions for the ECDH Command */ 125 + #define ECDH_COUNT 71 126 + #define ECDH_PREFIX_MODE 0x00 127 + 128 + #endif /* __ATMEL_ECC_H__ */

+1 -1

drivers/crypto/atmel-sha.c

··· 2883 2883 2884 2884 static int atmel_sha_remove(struct platform_device *pdev) 2885 2885 { 2886 - static struct atmel_sha_dev *sha_dd; 2886 + struct atmel_sha_dev *sha_dd; 2887 2887 2888 2888 sha_dd = platform_get_drvdata(pdev); 2889 2889 if (!sha_dd)

+1 -1

drivers/crypto/atmel-tdes.c

··· 1487 1487 1488 1488 static int atmel_tdes_remove(struct platform_device *pdev) 1489 1489 { 1490 - static struct atmel_tdes_dev *tdes_dd; 1490 + struct atmel_tdes_dev *tdes_dd; 1491 1491 1492 1492 tdes_dd = platform_get_drvdata(pdev); 1493 1493 if (!tdes_dd)

+1

drivers/crypto/axis/Makefile

··· 1 + obj-$(CONFIG_CRYPTO_DEV_ARTPEC6) := artpec6_crypto.o

+3192

drivers/crypto/axis/artpec6_crypto.c

··· 1 + /* 2 + * Driver for ARTPEC-6 crypto block using the kernel asynchronous crypto api. 3 + * 4 + * Copyright (C) 2014-2017 Axis Communications AB 5 + */ 6 + #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 + 8 + #include <linux/bitfield.h> 9 + #include <linux/crypto.h> 10 + #include <linux/debugfs.h> 11 + #include <linux/delay.h> 12 + #include <linux/dma-mapping.h> 13 + #include <linux/fault-inject.h> 14 + #include <linux/init.h> 15 + #include <linux/interrupt.h> 16 + #include <linux/kernel.h> 17 + #include <linux/list.h> 18 + #include <linux/module.h> 19 + #include <linux/of.h> 20 + #include <linux/platform_device.h> 21 + #include <linux/scatterlist.h> 22 + #include <linux/slab.h> 23 + 24 + #include <crypto/aes.h> 25 + #include <crypto/internal/aead.h> 26 + #include <crypto/internal/hash.h> 27 + #include <crypto/internal/skcipher.h> 28 + #include <crypto/scatterwalk.h> 29 + #include <crypto/sha.h> 30 + #include <crypto/xts.h> 31 + 32 + /* Max length of a line in all cache levels for Artpec SoCs. */ 33 + #define ARTPEC_CACHE_LINE_MAX 32 34 + 35 + #define PDMA_OUT_CFG 0x0000 36 + #define PDMA_OUT_BUF_CFG 0x0004 37 + #define PDMA_OUT_CMD 0x0008 38 + #define PDMA_OUT_DESCRQ_PUSH 0x0010 39 + #define PDMA_OUT_DESCRQ_STAT 0x0014 40 + 41 + #define A6_PDMA_IN_CFG 0x0028 42 + #define A6_PDMA_IN_BUF_CFG 0x002c 43 + #define A6_PDMA_IN_CMD 0x0030 44 + #define A6_PDMA_IN_STATQ_PUSH 0x0038 45 + #define A6_PDMA_IN_DESCRQ_PUSH 0x0044 46 + #define A6_PDMA_IN_DESCRQ_STAT 0x0048 47 + #define A6_PDMA_INTR_MASK 0x0068 48 + #define A6_PDMA_ACK_INTR 0x006c 49 + #define A6_PDMA_MASKED_INTR 0x0074 50 + 51 + #define A7_PDMA_IN_CFG 0x002c 52 + #define A7_PDMA_IN_BUF_CFG 0x0030 53 + #define A7_PDMA_IN_CMD 0x0034 54 + #define A7_PDMA_IN_STATQ_PUSH 0x003c 55 + #define A7_PDMA_IN_DESCRQ_PUSH 0x0048 56 + #define A7_PDMA_IN_DESCRQ_STAT 0x004C 57 + #define A7_PDMA_INTR_MASK 0x006c 58 + #define A7_PDMA_ACK_INTR 0x0070 59 + #define A7_PDMA_MASKED_INTR 0x0078 60 + 61 + #define PDMA_OUT_CFG_EN BIT(0) 62 + 63 + #define PDMA_OUT_BUF_CFG_DATA_BUF_SIZE GENMASK(4, 0) 64 + #define PDMA_OUT_BUF_CFG_DESCR_BUF_SIZE GENMASK(9, 5) 65 + 66 + #define PDMA_OUT_CMD_START BIT(0) 67 + #define A6_PDMA_OUT_CMD_STOP BIT(3) 68 + #define A7_PDMA_OUT_CMD_STOP BIT(2) 69 + 70 + #define PDMA_OUT_DESCRQ_PUSH_LEN GENMASK(5, 0) 71 + #define PDMA_OUT_DESCRQ_PUSH_ADDR GENMASK(31, 6) 72 + 73 + #define PDMA_OUT_DESCRQ_STAT_LEVEL GENMASK(3, 0) 74 + #define PDMA_OUT_DESCRQ_STAT_SIZE GENMASK(7, 4) 75 + 76 + #define PDMA_IN_CFG_EN BIT(0) 77 + 78 + #define PDMA_IN_BUF_CFG_DATA_BUF_SIZE GENMASK(4, 0) 79 + #define PDMA_IN_BUF_CFG_DESCR_BUF_SIZE GENMASK(9, 5) 80 + #define PDMA_IN_BUF_CFG_STAT_BUF_SIZE GENMASK(14, 10) 81 + 82 + #define PDMA_IN_CMD_START BIT(0) 83 + #define A6_PDMA_IN_CMD_FLUSH_STAT BIT(2) 84 + #define A6_PDMA_IN_CMD_STOP BIT(3) 85 + #define A7_PDMA_IN_CMD_FLUSH_STAT BIT(1) 86 + #define A7_PDMA_IN_CMD_STOP BIT(2) 87 + 88 + #define PDMA_IN_STATQ_PUSH_LEN GENMASK(5, 0) 89 + #define PDMA_IN_STATQ_PUSH_ADDR GENMASK(31, 6) 90 + 91 + #define PDMA_IN_DESCRQ_PUSH_LEN GENMASK(5, 0) 92 + #define PDMA_IN_DESCRQ_PUSH_ADDR GENMASK(31, 6) 93 + 94 + #define PDMA_IN_DESCRQ_STAT_LEVEL GENMASK(3, 0) 95 + #define PDMA_IN_DESCRQ_STAT_SIZE GENMASK(7, 4) 96 + 97 + #define A6_PDMA_INTR_MASK_IN_DATA BIT(2) 98 + #define A6_PDMA_INTR_MASK_IN_EOP BIT(3) 99 + #define A6_PDMA_INTR_MASK_IN_EOP_FLUSH BIT(4) 100 + 101 + #define A7_PDMA_INTR_MASK_IN_DATA BIT(3) 102 + #define A7_PDMA_INTR_MASK_IN_EOP BIT(4) 103 + #define A7_PDMA_INTR_MASK_IN_EOP_FLUSH BIT(5) 104 + 105 + #define A6_CRY_MD_OPER GENMASK(19, 16) 106 + 107 + #define A6_CRY_MD_HASH_SEL_CTX GENMASK(21, 20) 108 + #define A6_CRY_MD_HASH_HMAC_FIN BIT(23) 109 + 110 + #define A6_CRY_MD_CIPHER_LEN GENMASK(21, 20) 111 + #define A6_CRY_MD_CIPHER_DECR BIT(22) 112 + #define A6_CRY_MD_CIPHER_TWEAK BIT(23) 113 + #define A6_CRY_MD_CIPHER_DSEQ BIT(24) 114 + 115 + #define A7_CRY_MD_OPER GENMASK(11, 8) 116 + 117 + #define A7_CRY_MD_HASH_SEL_CTX GENMASK(13, 12) 118 + #define A7_CRY_MD_HASH_HMAC_FIN BIT(15) 119 + 120 + #define A7_CRY_MD_CIPHER_LEN GENMASK(13, 12) 121 + #define A7_CRY_MD_CIPHER_DECR BIT(14) 122 + #define A7_CRY_MD_CIPHER_TWEAK BIT(15) 123 + #define A7_CRY_MD_CIPHER_DSEQ BIT(16) 124 + 125 + /* DMA metadata constants */ 126 + #define regk_crypto_aes_cbc 0x00000002 127 + #define regk_crypto_aes_ctr 0x00000003 128 + #define regk_crypto_aes_ecb 0x00000001 129 + #define regk_crypto_aes_gcm 0x00000004 130 + #define regk_crypto_aes_xts 0x00000005 131 + #define regk_crypto_cache 0x00000002 132 + #define a6_regk_crypto_dlkey 0x0000000a 133 + #define a7_regk_crypto_dlkey 0x0000000e 134 + #define regk_crypto_ext 0x00000001 135 + #define regk_crypto_hmac_sha1 0x00000007 136 + #define regk_crypto_hmac_sha256 0x00000009 137 + #define regk_crypto_hmac_sha384 0x0000000b 138 + #define regk_crypto_hmac_sha512 0x0000000d 139 + #define regk_crypto_init 0x00000000 140 + #define regk_crypto_key_128 0x00000000 141 + #define regk_crypto_key_192 0x00000001 142 + #define regk_crypto_key_256 0x00000002 143 + #define regk_crypto_null 0x00000000 144 + #define regk_crypto_sha1 0x00000006 145 + #define regk_crypto_sha256 0x00000008 146 + #define regk_crypto_sha384 0x0000000a 147 + #define regk_crypto_sha512 0x0000000c 148 + 149 + /* DMA descriptor structures */ 150 + struct pdma_descr_ctrl { 151 + unsigned char short_descr : 1; 152 + unsigned char pad1 : 1; 153 + unsigned char eop : 1; 154 + unsigned char intr : 1; 155 + unsigned char short_len : 3; 156 + unsigned char pad2 : 1; 157 + } __packed; 158 + 159 + struct pdma_data_descr { 160 + unsigned int len : 24; 161 + unsigned int buf : 32; 162 + } __packed; 163 + 164 + struct pdma_short_descr { 165 + unsigned char data[7]; 166 + } __packed; 167 + 168 + struct pdma_descr { 169 + struct pdma_descr_ctrl ctrl; 170 + union { 171 + struct pdma_data_descr data; 172 + struct pdma_short_descr shrt; 173 + }; 174 + }; 175 + 176 + struct pdma_stat_descr { 177 + unsigned char pad1 : 1; 178 + unsigned char pad2 : 1; 179 + unsigned char eop : 1; 180 + unsigned char pad3 : 5; 181 + unsigned int len : 24; 182 + }; 183 + 184 + /* Each descriptor array can hold max 64 entries */ 185 + #define PDMA_DESCR_COUNT 64 186 + 187 + #define MODULE_NAME "Artpec-6 CA" 188 + 189 + /* Hash modes (including HMAC variants) */ 190 + #define ARTPEC6_CRYPTO_HASH_SHA1 1 191 + #define ARTPEC6_CRYPTO_HASH_SHA256 2 192 + #define ARTPEC6_CRYPTO_HASH_SHA384 3 193 + #define ARTPEC6_CRYPTO_HASH_SHA512 4 194 + 195 + /* Crypto modes */ 196 + #define ARTPEC6_CRYPTO_CIPHER_AES_ECB 1 197 + #define ARTPEC6_CRYPTO_CIPHER_AES_CBC 2 198 + #define ARTPEC6_CRYPTO_CIPHER_AES_CTR 3 199 + #define ARTPEC6_CRYPTO_CIPHER_AES_XTS 5 200 + 201 + /* The PDMA is a DMA-engine tightly coupled with a ciphering engine. 202 + * It operates on a descriptor array with up to 64 descriptor entries. 203 + * The arrays must be 64 byte aligned in memory. 204 + * 205 + * The ciphering unit has no registers and is completely controlled by 206 + * a 4-byte metadata that is inserted at the beginning of each dma packet. 207 + * 208 + * A dma packet is a sequence of descriptors terminated by setting the .eop 209 + * field in the final descriptor of the packet. 210 + * 211 + * Multiple packets are used for providing context data, key data and 212 + * the plain/ciphertext. 213 + * 214 + * PDMA Descriptors (Array) 215 + * +------+------+------+~~+-------+------+---- 216 + * | 0 | 1 | 2 |~~| 11 EOP| 12 | .... 217 + * +--+---+--+---+----+-+~~+-------+----+-+---- 218 + * | | | | | 219 + * | | | | | 220 + * __|__ +-------++-------++-------+ +----+ 221 + * | MD | |Payload||Payload||Payload| | MD | 222 + * +-----+ +-------++-------++-------+ +----+ 223 + */ 224 + 225 + struct artpec6_crypto_bounce_buffer { 226 + struct list_head list; 227 + size_t length; 228 + struct scatterlist *sg; 229 + size_t offset; 230 + /* buf is aligned to ARTPEC_CACHE_LINE_MAX and 231 + * holds up to ARTPEC_CACHE_LINE_MAX bytes data. 232 + */ 233 + void *buf; 234 + }; 235 + 236 + struct artpec6_crypto_dma_map { 237 + dma_addr_t dma_addr; 238 + size_t size; 239 + enum dma_data_direction dir; 240 + }; 241 + 242 + struct artpec6_crypto_dma_descriptors { 243 + struct pdma_descr out[PDMA_DESCR_COUNT] __aligned(64); 244 + struct pdma_descr in[PDMA_DESCR_COUNT] __aligned(64); 245 + u32 stat[PDMA_DESCR_COUNT] __aligned(64); 246 + struct list_head bounce_buffers; 247 + /* Enough maps for all out/in buffers, and all three descr. arrays */ 248 + struct artpec6_crypto_dma_map maps[PDMA_DESCR_COUNT * 2 + 2]; 249 + dma_addr_t out_dma_addr; 250 + dma_addr_t in_dma_addr; 251 + dma_addr_t stat_dma_addr; 252 + size_t out_cnt; 253 + size_t in_cnt; 254 + size_t map_count; 255 + }; 256 + 257 + enum artpec6_crypto_variant { 258 + ARTPEC6_CRYPTO, 259 + ARTPEC7_CRYPTO, 260 + }; 261 + 262 + struct artpec6_crypto { 263 + void __iomem *base; 264 + spinlock_t queue_lock; 265 + struct list_head queue; /* waiting for pdma fifo space */ 266 + struct list_head pending; /* submitted to pdma fifo */ 267 + struct tasklet_struct task; 268 + struct kmem_cache *dma_cache; 269 + int pending_count; 270 + struct timer_list timer; 271 + enum artpec6_crypto_variant variant; 272 + void *pad_buffer; /* cache-aligned block padding buffer */ 273 + void *zero_buffer; 274 + }; 275 + 276 + enum artpec6_crypto_hash_flags { 277 + HASH_FLAG_INIT_CTX = 2, 278 + HASH_FLAG_UPDATE = 4, 279 + HASH_FLAG_FINALIZE = 8, 280 + HASH_FLAG_HMAC = 16, 281 + HASH_FLAG_UPDATE_KEY = 32, 282 + }; 283 + 284 + struct artpec6_crypto_req_common { 285 + struct list_head list; 286 + struct artpec6_crypto_dma_descriptors *dma; 287 + struct crypto_async_request *req; 288 + void (*complete)(struct crypto_async_request *req); 289 + gfp_t gfp_flags; 290 + }; 291 + 292 + struct artpec6_hash_request_context { 293 + char partial_buffer[SHA512_BLOCK_SIZE]; 294 + char partial_buffer_out[SHA512_BLOCK_SIZE]; 295 + char key_buffer[SHA512_BLOCK_SIZE]; 296 + char pad_buffer[SHA512_BLOCK_SIZE + 32]; 297 + unsigned char digeststate[SHA512_DIGEST_SIZE]; 298 + size_t partial_bytes; 299 + u64 digcnt; 300 + u32 key_md; 301 + u32 hash_md; 302 + enum artpec6_crypto_hash_flags hash_flags; 303 + struct artpec6_crypto_req_common common; 304 + }; 305 + 306 + struct artpec6_hash_export_state { 307 + char partial_buffer[SHA512_BLOCK_SIZE]; 308 + unsigned char digeststate[SHA512_DIGEST_SIZE]; 309 + size_t partial_bytes; 310 + u64 digcnt; 311 + int oper; 312 + unsigned int hash_flags; 313 + }; 314 + 315 + struct artpec6_hashalg_context { 316 + char hmac_key[SHA512_BLOCK_SIZE]; 317 + size_t hmac_key_length; 318 + struct crypto_shash *child_hash; 319 + }; 320 + 321 + struct artpec6_crypto_request_context { 322 + u32 cipher_md; 323 + bool decrypt; 324 + struct artpec6_crypto_req_common common; 325 + }; 326 + 327 + struct artpec6_cryptotfm_context { 328 + unsigned char aes_key[2*AES_MAX_KEY_SIZE]; 329 + size_t key_length; 330 + u32 key_md; 331 + int crypto_type; 332 + struct crypto_skcipher *fallback; 333 + }; 334 + 335 + struct artpec6_crypto_aead_hw_ctx { 336 + __be64 aad_length_bits; 337 + __be64 text_length_bits; 338 + __u8 J0[AES_BLOCK_SIZE]; 339 + }; 340 + 341 + struct artpec6_crypto_aead_req_ctx { 342 + struct artpec6_crypto_aead_hw_ctx hw_ctx; 343 + u32 cipher_md; 344 + bool decrypt; 345 + struct artpec6_crypto_req_common common; 346 + __u8 decryption_tag[AES_BLOCK_SIZE] ____cacheline_aligned; 347 + }; 348 + 349 + /* The crypto framework makes it hard to avoid this global. */ 350 + static struct device *artpec6_crypto_dev; 351 + 352 + static struct dentry *dbgfs_root; 353 + 354 + #ifdef CONFIG_FAULT_INJECTION 355 + static DECLARE_FAULT_ATTR(artpec6_crypto_fail_status_read); 356 + static DECLARE_FAULT_ATTR(artpec6_crypto_fail_dma_array_full); 357 + #endif 358 + 359 + enum { 360 + ARTPEC6_CRYPTO_PREPARE_HASH_NO_START, 361 + ARTPEC6_CRYPTO_PREPARE_HASH_START, 362 + }; 363 + 364 + static int artpec6_crypto_prepare_aead(struct aead_request *areq); 365 + static int artpec6_crypto_prepare_crypto(struct skcipher_request *areq); 366 + static int artpec6_crypto_prepare_hash(struct ahash_request *areq); 367 + 368 + static void 369 + artpec6_crypto_complete_crypto(struct crypto_async_request *req); 370 + static void 371 + artpec6_crypto_complete_cbc_encrypt(struct crypto_async_request *req); 372 + static void 373 + artpec6_crypto_complete_cbc_decrypt(struct crypto_async_request *req); 374 + static void 375 + artpec6_crypto_complete_aead(struct crypto_async_request *req); 376 + static void 377 + artpec6_crypto_complete_hash(struct crypto_async_request *req); 378 + 379 + static int 380 + artpec6_crypto_common_destroy(struct artpec6_crypto_req_common *common); 381 + 382 + static void 383 + artpec6_crypto_start_dma(struct artpec6_crypto_req_common *common); 384 + 385 + struct artpec6_crypto_walk { 386 + struct scatterlist *sg; 387 + size_t offset; 388 + }; 389 + 390 + static void artpec6_crypto_walk_init(struct artpec6_crypto_walk *awalk, 391 + struct scatterlist *sg) 392 + { 393 + awalk->sg = sg; 394 + awalk->offset = 0; 395 + } 396 + 397 + static size_t artpec6_crypto_walk_advance(struct artpec6_crypto_walk *awalk, 398 + size_t nbytes) 399 + { 400 + while (nbytes && awalk->sg) { 401 + size_t piece; 402 + 403 + WARN_ON(awalk->offset > awalk->sg->length); 404 + 405 + piece = min(nbytes, (size_t)awalk->sg->length - awalk->offset); 406 + nbytes -= piece; 407 + awalk->offset += piece; 408 + if (awalk->offset == awalk->sg->length) { 409 + awalk->sg = sg_next(awalk->sg); 410 + awalk->offset = 0; 411 + } 412 + 413 + } 414 + 415 + return nbytes; 416 + } 417 + 418 + static size_t 419 + artpec6_crypto_walk_chunklen(const struct artpec6_crypto_walk *awalk) 420 + { 421 + WARN_ON(awalk->sg->length == awalk->offset); 422 + 423 + return awalk->sg->length - awalk->offset; 424 + } 425 + 426 + static dma_addr_t 427 + artpec6_crypto_walk_chunk_phys(const struct artpec6_crypto_walk *awalk) 428 + { 429 + return sg_phys(awalk->sg) + awalk->offset; 430 + } 431 + 432 + static void 433 + artpec6_crypto_copy_bounce_buffers(struct artpec6_crypto_req_common *common) 434 + { 435 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 436 + struct artpec6_crypto_bounce_buffer *b; 437 + struct artpec6_crypto_bounce_buffer *next; 438 + 439 + list_for_each_entry_safe(b, next, &dma->bounce_buffers, list) { 440 + pr_debug("bounce entry %p: %zu bytes @ %zu from %p\n", 441 + b, b->length, b->offset, b->buf); 442 + sg_pcopy_from_buffer(b->sg, 443 + 1, 444 + b->buf, 445 + b->length, 446 + b->offset); 447 + 448 + list_del(&b->list); 449 + kfree(b); 450 + } 451 + } 452 + 453 + static inline bool artpec6_crypto_busy(void) 454 + { 455 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 456 + int fifo_count = ac->pending_count; 457 + 458 + return fifo_count > 6; 459 + } 460 + 461 + static int artpec6_crypto_submit(struct artpec6_crypto_req_common *req) 462 + { 463 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 464 + int ret = -EBUSY; 465 + 466 + spin_lock_bh(&ac->queue_lock); 467 + 468 + if (!artpec6_crypto_busy()) { 469 + list_add_tail(&req->list, &ac->pending); 470 + artpec6_crypto_start_dma(req); 471 + ret = -EINPROGRESS; 472 + } else if (req->req->flags & CRYPTO_TFM_REQ_MAY_BACKLOG) { 473 + list_add_tail(&req->list, &ac->queue); 474 + } else { 475 + artpec6_crypto_common_destroy(req); 476 + } 477 + 478 + spin_unlock_bh(&ac->queue_lock); 479 + 480 + return ret; 481 + } 482 + 483 + static void artpec6_crypto_start_dma(struct artpec6_crypto_req_common *common) 484 + { 485 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 486 + enum artpec6_crypto_variant variant = ac->variant; 487 + void __iomem *base = ac->base; 488 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 489 + u32 ind, statd, outd; 490 + 491 + /* Make descriptor content visible to the DMA before starting it. */ 492 + wmb(); 493 + 494 + ind = FIELD_PREP(PDMA_IN_DESCRQ_PUSH_LEN, dma->in_cnt - 1) | 495 + FIELD_PREP(PDMA_IN_DESCRQ_PUSH_ADDR, dma->in_dma_addr >> 6); 496 + 497 + statd = FIELD_PREP(PDMA_IN_STATQ_PUSH_LEN, dma->in_cnt - 1) | 498 + FIELD_PREP(PDMA_IN_STATQ_PUSH_ADDR, dma->stat_dma_addr >> 6); 499 + 500 + outd = FIELD_PREP(PDMA_OUT_DESCRQ_PUSH_LEN, dma->out_cnt - 1) | 501 + FIELD_PREP(PDMA_OUT_DESCRQ_PUSH_ADDR, dma->out_dma_addr >> 6); 502 + 503 + if (variant == ARTPEC6_CRYPTO) { 504 + writel_relaxed(ind, base + A6_PDMA_IN_DESCRQ_PUSH); 505 + writel_relaxed(statd, base + A6_PDMA_IN_STATQ_PUSH); 506 + writel_relaxed(PDMA_IN_CMD_START, base + A6_PDMA_IN_CMD); 507 + } else { 508 + writel_relaxed(ind, base + A7_PDMA_IN_DESCRQ_PUSH); 509 + writel_relaxed(statd, base + A7_PDMA_IN_STATQ_PUSH); 510 + writel_relaxed(PDMA_IN_CMD_START, base + A7_PDMA_IN_CMD); 511 + } 512 + 513 + writel_relaxed(outd, base + PDMA_OUT_DESCRQ_PUSH); 514 + writel_relaxed(PDMA_OUT_CMD_START, base + PDMA_OUT_CMD); 515 + 516 + ac->pending_count++; 517 + } 518 + 519 + static void 520 + artpec6_crypto_init_dma_operation(struct artpec6_crypto_req_common *common) 521 + { 522 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 523 + 524 + dma->out_cnt = 0; 525 + dma->in_cnt = 0; 526 + dma->map_count = 0; 527 + INIT_LIST_HEAD(&dma->bounce_buffers); 528 + } 529 + 530 + static bool fault_inject_dma_descr(void) 531 + { 532 + #ifdef CONFIG_FAULT_INJECTION 533 + return should_fail(&artpec6_crypto_fail_dma_array_full, 1); 534 + #else 535 + return false; 536 + #endif 537 + } 538 + 539 + /** artpec6_crypto_setup_out_descr_phys - Setup an out channel with a 540 + * physical address 541 + * 542 + * @addr: The physical address of the data buffer 543 + * @len: The length of the data buffer 544 + * @eop: True if this is the last buffer in the packet 545 + * 546 + * @return 0 on success or -ENOSPC if there are no more descriptors available 547 + */ 548 + static int 549 + artpec6_crypto_setup_out_descr_phys(struct artpec6_crypto_req_common *common, 550 + dma_addr_t addr, size_t len, bool eop) 551 + { 552 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 553 + struct pdma_descr *d; 554 + 555 + if (dma->out_cnt >= PDMA_DESCR_COUNT || 556 + fault_inject_dma_descr()) { 557 + pr_err("No free OUT DMA descriptors available!\n"); 558 + return -ENOSPC; 559 + } 560 + 561 + d = &dma->out[dma->out_cnt++]; 562 + memset(d, 0, sizeof(*d)); 563 + 564 + d->ctrl.short_descr = 0; 565 + d->ctrl.eop = eop; 566 + d->data.len = len; 567 + d->data.buf = addr; 568 + return 0; 569 + } 570 + 571 + /** artpec6_crypto_setup_out_descr_short - Setup a short out descriptor 572 + * 573 + * @dst: The virtual address of the data 574 + * @len: The length of the data, must be between 1 to 7 bytes 575 + * @eop: True if this is the last buffer in the packet 576 + * 577 + * @return 0 on success 578 + * -ENOSPC if no more descriptors are available 579 + * -EINVAL if the data length exceeds 7 bytes 580 + */ 581 + static int 582 + artpec6_crypto_setup_out_descr_short(struct artpec6_crypto_req_common *common, 583 + void *dst, unsigned int len, bool eop) 584 + { 585 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 586 + struct pdma_descr *d; 587 + 588 + if (dma->out_cnt >= PDMA_DESCR_COUNT || 589 + fault_inject_dma_descr()) { 590 + pr_err("No free OUT DMA descriptors available!\n"); 591 + return -ENOSPC; 592 + } else if (len > 7 || len < 1) { 593 + return -EINVAL; 594 + } 595 + d = &dma->out[dma->out_cnt++]; 596 + memset(d, 0, sizeof(*d)); 597 + 598 + d->ctrl.short_descr = 1; 599 + d->ctrl.short_len = len; 600 + d->ctrl.eop = eop; 601 + memcpy(d->shrt.data, dst, len); 602 + return 0; 603 + } 604 + 605 + static int artpec6_crypto_dma_map_page(struct artpec6_crypto_req_common *common, 606 + struct page *page, size_t offset, 607 + size_t size, 608 + enum dma_data_direction dir, 609 + dma_addr_t *dma_addr_out) 610 + { 611 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 612 + struct device *dev = artpec6_crypto_dev; 613 + struct artpec6_crypto_dma_map *map; 614 + dma_addr_t dma_addr; 615 + 616 + *dma_addr_out = 0; 617 + 618 + if (dma->map_count >= ARRAY_SIZE(dma->maps)) 619 + return -ENOMEM; 620 + 621 + dma_addr = dma_map_page(dev, page, offset, size, dir); 622 + if (dma_mapping_error(dev, dma_addr)) 623 + return -ENOMEM; 624 + 625 + map = &dma->maps[dma->map_count++]; 626 + map->size = size; 627 + map->dma_addr = dma_addr; 628 + map->dir = dir; 629 + 630 + *dma_addr_out = dma_addr; 631 + 632 + return 0; 633 + } 634 + 635 + static int 636 + artpec6_crypto_dma_map_single(struct artpec6_crypto_req_common *common, 637 + void *ptr, size_t size, 638 + enum dma_data_direction dir, 639 + dma_addr_t *dma_addr_out) 640 + { 641 + struct page *page = virt_to_page(ptr); 642 + size_t offset = (uintptr_t)ptr & ~PAGE_MASK; 643 + 644 + return artpec6_crypto_dma_map_page(common, page, offset, size, dir, 645 + dma_addr_out); 646 + } 647 + 648 + static int 649 + artpec6_crypto_dma_map_descs(struct artpec6_crypto_req_common *common) 650 + { 651 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 652 + int ret; 653 + 654 + ret = artpec6_crypto_dma_map_single(common, dma->in, 655 + sizeof(dma->in[0]) * dma->in_cnt, 656 + DMA_TO_DEVICE, &dma->in_dma_addr); 657 + if (ret) 658 + return ret; 659 + 660 + ret = artpec6_crypto_dma_map_single(common, dma->out, 661 + sizeof(dma->out[0]) * dma->out_cnt, 662 + DMA_TO_DEVICE, &dma->out_dma_addr); 663 + if (ret) 664 + return ret; 665 + 666 + /* We only read one stat descriptor */ 667 + dma->stat[dma->in_cnt - 1] = 0; 668 + 669 + /* 670 + * DMA_BIDIRECTIONAL since we need our zeroing of the stat descriptor 671 + * to be written. 672 + */ 673 + return artpec6_crypto_dma_map_single(common, 674 + dma->stat + dma->in_cnt - 1, 675 + sizeof(dma->stat[0]), 676 + DMA_BIDIRECTIONAL, 677 + &dma->stat_dma_addr); 678 + } 679 + 680 + static void 681 + artpec6_crypto_dma_unmap_all(struct artpec6_crypto_req_common *common) 682 + { 683 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 684 + struct device *dev = artpec6_crypto_dev; 685 + int i; 686 + 687 + for (i = 0; i < dma->map_count; i++) { 688 + struct artpec6_crypto_dma_map *map = &dma->maps[i]; 689 + 690 + dma_unmap_page(dev, map->dma_addr, map->size, map->dir); 691 + } 692 + 693 + dma->map_count = 0; 694 + } 695 + 696 + /** artpec6_crypto_setup_out_descr - Setup an out descriptor 697 + * 698 + * @dst: The virtual address of the data 699 + * @len: The length of the data 700 + * @eop: True if this is the last buffer in the packet 701 + * @use_short: If this is true and the data length is 7 bytes or less then 702 + * a short descriptor will be used 703 + * 704 + * @return 0 on success 705 + * Any errors from artpec6_crypto_setup_out_descr_short() or 706 + * setup_out_descr_phys() 707 + */ 708 + static int 709 + artpec6_crypto_setup_out_descr(struct artpec6_crypto_req_common *common, 710 + void *dst, unsigned int len, bool eop, 711 + bool use_short) 712 + { 713 + if (use_short && len < 7) { 714 + return artpec6_crypto_setup_out_descr_short(common, dst, len, 715 + eop); 716 + } else { 717 + int ret; 718 + dma_addr_t dma_addr; 719 + 720 + ret = artpec6_crypto_dma_map_single(common, dst, len, 721 + DMA_TO_DEVICE, 722 + &dma_addr); 723 + if (ret) 724 + return ret; 725 + 726 + return artpec6_crypto_setup_out_descr_phys(common, dma_addr, 727 + len, eop); 728 + } 729 + } 730 + 731 + /** artpec6_crypto_setup_in_descr_phys - Setup an in channel with a 732 + * physical address 733 + * 734 + * @addr: The physical address of the data buffer 735 + * @len: The length of the data buffer 736 + * @intr: True if an interrupt should be fired after HW processing of this 737 + * descriptor 738 + * 739 + */ 740 + static int 741 + artpec6_crypto_setup_in_descr_phys(struct artpec6_crypto_req_common *common, 742 + dma_addr_t addr, unsigned int len, bool intr) 743 + { 744 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 745 + struct pdma_descr *d; 746 + 747 + if (dma->in_cnt >= PDMA_DESCR_COUNT || 748 + fault_inject_dma_descr()) { 749 + pr_err("No free IN DMA descriptors available!\n"); 750 + return -ENOSPC; 751 + } 752 + d = &dma->in[dma->in_cnt++]; 753 + memset(d, 0, sizeof(*d)); 754 + 755 + d->ctrl.intr = intr; 756 + d->data.len = len; 757 + d->data.buf = addr; 758 + return 0; 759 + } 760 + 761 + /** artpec6_crypto_setup_in_descr - Setup an in channel descriptor 762 + * 763 + * @buffer: The virtual address to of the data buffer 764 + * @len: The length of the data buffer 765 + * @last: If this is the last data buffer in the request (i.e. an interrupt 766 + * is needed 767 + * 768 + * Short descriptors are not used for the in channel 769 + */ 770 + static int 771 + artpec6_crypto_setup_in_descr(struct artpec6_crypto_req_common *common, 772 + void *buffer, unsigned int len, bool last) 773 + { 774 + dma_addr_t dma_addr; 775 + int ret; 776 + 777 + ret = artpec6_crypto_dma_map_single(common, buffer, len, 778 + DMA_FROM_DEVICE, &dma_addr); 779 + if (ret) 780 + return ret; 781 + 782 + return artpec6_crypto_setup_in_descr_phys(common, dma_addr, len, last); 783 + } 784 + 785 + static struct artpec6_crypto_bounce_buffer * 786 + artpec6_crypto_alloc_bounce(gfp_t flags) 787 + { 788 + void *base; 789 + size_t alloc_size = sizeof(struct artpec6_crypto_bounce_buffer) + 790 + 2 * ARTPEC_CACHE_LINE_MAX; 791 + struct artpec6_crypto_bounce_buffer *bbuf = kzalloc(alloc_size, flags); 792 + 793 + if (!bbuf) 794 + return NULL; 795 + 796 + base = bbuf + 1; 797 + bbuf->buf = PTR_ALIGN(base, ARTPEC_CACHE_LINE_MAX); 798 + return bbuf; 799 + } 800 + 801 + static int setup_bounce_buffer_in(struct artpec6_crypto_req_common *common, 802 + struct artpec6_crypto_walk *walk, size_t size) 803 + { 804 + struct artpec6_crypto_bounce_buffer *bbuf; 805 + int ret; 806 + 807 + bbuf = artpec6_crypto_alloc_bounce(common->gfp_flags); 808 + if (!bbuf) 809 + return -ENOMEM; 810 + 811 + bbuf->length = size; 812 + bbuf->sg = walk->sg; 813 + bbuf->offset = walk->offset; 814 + 815 + ret = artpec6_crypto_setup_in_descr(common, bbuf->buf, size, false); 816 + if (ret) { 817 + kfree(bbuf); 818 + return ret; 819 + } 820 + 821 + pr_debug("BOUNCE %zu offset %zu\n", size, walk->offset); 822 + list_add_tail(&bbuf->list, &common->dma->bounce_buffers); 823 + return 0; 824 + } 825 + 826 + static int 827 + artpec6_crypto_setup_sg_descrs_in(struct artpec6_crypto_req_common *common, 828 + struct artpec6_crypto_walk *walk, 829 + size_t count) 830 + { 831 + size_t chunk; 832 + int ret; 833 + dma_addr_t addr; 834 + 835 + while (walk->sg && count) { 836 + chunk = min(count, artpec6_crypto_walk_chunklen(walk)); 837 + addr = artpec6_crypto_walk_chunk_phys(walk); 838 + 839 + /* When destination buffers are not aligned to the cache line 840 + * size we need bounce buffers. The DMA-API requires that the 841 + * entire line is owned by the DMA buffer and this holds also 842 + * for the case when coherent DMA is used. 843 + */ 844 + if (!IS_ALIGNED(addr, ARTPEC_CACHE_LINE_MAX)) { 845 + chunk = min_t(dma_addr_t, chunk, 846 + ALIGN(addr, ARTPEC_CACHE_LINE_MAX) - 847 + addr); 848 + 849 + pr_debug("CHUNK-b %pad:%zu\n", &addr, chunk); 850 + ret = setup_bounce_buffer_in(common, walk, chunk); 851 + } else if (chunk < ARTPEC_CACHE_LINE_MAX) { 852 + pr_debug("CHUNK-b %pad:%zu\n", &addr, chunk); 853 + ret = setup_bounce_buffer_in(common, walk, chunk); 854 + } else { 855 + dma_addr_t dma_addr; 856 + 857 + chunk = chunk & ~(ARTPEC_CACHE_LINE_MAX-1); 858 + 859 + pr_debug("CHUNK %pad:%zu\n", &addr, chunk); 860 + 861 + ret = artpec6_crypto_dma_map_page(common, 862 + sg_page(walk->sg), 863 + walk->sg->offset + 864 + walk->offset, 865 + chunk, 866 + DMA_FROM_DEVICE, 867 + &dma_addr); 868 + if (ret) 869 + return ret; 870 + 871 + ret = artpec6_crypto_setup_in_descr_phys(common, 872 + dma_addr, 873 + chunk, false); 874 + } 875 + 876 + if (ret) 877 + return ret; 878 + 879 + count = count - chunk; 880 + artpec6_crypto_walk_advance(walk, chunk); 881 + } 882 + 883 + if (count) 884 + pr_err("EOL unexpected %zu bytes left\n", count); 885 + 886 + return count ? -EINVAL : 0; 887 + } 888 + 889 + static int 890 + artpec6_crypto_setup_sg_descrs_out(struct artpec6_crypto_req_common *common, 891 + struct artpec6_crypto_walk *walk, 892 + size_t count) 893 + { 894 + size_t chunk; 895 + int ret; 896 + dma_addr_t addr; 897 + 898 + while (walk->sg && count) { 899 + chunk = min(count, artpec6_crypto_walk_chunklen(walk)); 900 + addr = artpec6_crypto_walk_chunk_phys(walk); 901 + 902 + pr_debug("OUT-CHUNK %pad:%zu\n", &addr, chunk); 903 + 904 + if (addr & 3) { 905 + char buf[3]; 906 + 907 + chunk = min_t(size_t, chunk, (4-(addr&3))); 908 + 909 + sg_pcopy_to_buffer(walk->sg, 1, buf, chunk, 910 + walk->offset); 911 + 912 + ret = artpec6_crypto_setup_out_descr_short(common, buf, 913 + chunk, 914 + false); 915 + } else { 916 + dma_addr_t dma_addr; 917 + 918 + ret = artpec6_crypto_dma_map_page(common, 919 + sg_page(walk->sg), 920 + walk->sg->offset + 921 + walk->offset, 922 + chunk, 923 + DMA_TO_DEVICE, 924 + &dma_addr); 925 + if (ret) 926 + return ret; 927 + 928 + ret = artpec6_crypto_setup_out_descr_phys(common, 929 + dma_addr, 930 + chunk, false); 931 + } 932 + 933 + if (ret) 934 + return ret; 935 + 936 + count = count - chunk; 937 + artpec6_crypto_walk_advance(walk, chunk); 938 + } 939 + 940 + if (count) 941 + pr_err("EOL unexpected %zu bytes left\n", count); 942 + 943 + return count ? -EINVAL : 0; 944 + } 945 + 946 + 947 + /** artpec6_crypto_terminate_out_descrs - Set the EOP on the last out descriptor 948 + * 949 + * If the out descriptor list is non-empty, then the eop flag on the 950 + * last used out descriptor will be set. 951 + * 952 + * @return 0 on success 953 + * -EINVAL if the out descriptor is empty or has overflown 954 + */ 955 + static int 956 + artpec6_crypto_terminate_out_descrs(struct artpec6_crypto_req_common *common) 957 + { 958 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 959 + struct pdma_descr *d; 960 + 961 + if (!dma->out_cnt || dma->out_cnt > PDMA_DESCR_COUNT) { 962 + pr_err("%s: OUT descriptor list is %s\n", 963 + MODULE_NAME, dma->out_cnt ? "empty" : "full"); 964 + return -EINVAL; 965 + 966 + } 967 + 968 + d = &dma->out[dma->out_cnt-1]; 969 + d->ctrl.eop = 1; 970 + 971 + return 0; 972 + } 973 + 974 + /** artpec6_crypto_terminate_in_descrs - Set the interrupt flag on the last 975 + * in descriptor 976 + * 977 + * See artpec6_crypto_terminate_out_descrs() for return values 978 + */ 979 + static int 980 + artpec6_crypto_terminate_in_descrs(struct artpec6_crypto_req_common *common) 981 + { 982 + struct artpec6_crypto_dma_descriptors *dma = common->dma; 983 + struct pdma_descr *d; 984 + 985 + if (!dma->in_cnt || dma->in_cnt > PDMA_DESCR_COUNT) { 986 + pr_err("%s: IN descriptor list is %s\n", 987 + MODULE_NAME, dma->in_cnt ? "empty" : "full"); 988 + return -EINVAL; 989 + } 990 + 991 + d = &dma->in[dma->in_cnt-1]; 992 + d->ctrl.intr = 1; 993 + return 0; 994 + } 995 + 996 + /** create_hash_pad - Create a Secure Hash conformant pad 997 + * 998 + * @dst: The destination buffer to write the pad. Must be at least 64 bytes 999 + * @dgstlen: The total length of the hash digest in bytes 1000 + * @bitcount: The total length of the digest in bits 1001 + * 1002 + * @return The total number of padding bytes written to @dst 1003 + */ 1004 + static size_t 1005 + create_hash_pad(int oper, unsigned char *dst, u64 dgstlen, u64 bitcount) 1006 + { 1007 + unsigned int mod, target, diff, pad_bytes, size_bytes; 1008 + __be64 bits = __cpu_to_be64(bitcount); 1009 + 1010 + switch (oper) { 1011 + case regk_crypto_sha1: 1012 + case regk_crypto_sha256: 1013 + case regk_crypto_hmac_sha1: 1014 + case regk_crypto_hmac_sha256: 1015 + target = 448 / 8; 1016 + mod = 512 / 8; 1017 + size_bytes = 8; 1018 + break; 1019 + default: 1020 + target = 896 / 8; 1021 + mod = 1024 / 8; 1022 + size_bytes = 16; 1023 + break; 1024 + } 1025 + 1026 + target -= 1; 1027 + diff = dgstlen & (mod - 1); 1028 + pad_bytes = diff > target ? target + mod - diff : target - diff; 1029 + 1030 + memset(dst + 1, 0, pad_bytes); 1031 + dst[0] = 0x80; 1032 + 1033 + if (size_bytes == 16) { 1034 + memset(dst + 1 + pad_bytes, 0, 8); 1035 + memcpy(dst + 1 + pad_bytes + 8, &bits, 8); 1036 + } else { 1037 + memcpy(dst + 1 + pad_bytes, &bits, 8); 1038 + } 1039 + 1040 + return pad_bytes + size_bytes + 1; 1041 + } 1042 + 1043 + static int artpec6_crypto_common_init(struct artpec6_crypto_req_common *common, 1044 + struct crypto_async_request *parent, 1045 + void (*complete)(struct crypto_async_request *req), 1046 + struct scatterlist *dstsg, unsigned int nbytes) 1047 + { 1048 + gfp_t flags; 1049 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 1050 + 1051 + flags = (parent->flags & CRYPTO_TFM_REQ_MAY_SLEEP) ? 1052 + GFP_KERNEL : GFP_ATOMIC; 1053 + 1054 + common->gfp_flags = flags; 1055 + common->dma = kmem_cache_alloc(ac->dma_cache, flags); 1056 + if (!common->dma) 1057 + return -ENOMEM; 1058 + 1059 + common->req = parent; 1060 + common->complete = complete; 1061 + return 0; 1062 + } 1063 + 1064 + static void 1065 + artpec6_crypto_bounce_destroy(struct artpec6_crypto_dma_descriptors *dma) 1066 + { 1067 + struct artpec6_crypto_bounce_buffer *b; 1068 + struct artpec6_crypto_bounce_buffer *next; 1069 + 1070 + list_for_each_entry_safe(b, next, &dma->bounce_buffers, list) { 1071 + kfree(b); 1072 + } 1073 + } 1074 + 1075 + static int 1076 + artpec6_crypto_common_destroy(struct artpec6_crypto_req_common *common) 1077 + { 1078 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 1079 + 1080 + artpec6_crypto_dma_unmap_all(common); 1081 + artpec6_crypto_bounce_destroy(common->dma); 1082 + kmem_cache_free(ac->dma_cache, common->dma); 1083 + common->dma = NULL; 1084 + return 0; 1085 + } 1086 + 1087 + /* 1088 + * Ciphering functions. 1089 + */ 1090 + static int artpec6_crypto_encrypt(struct skcipher_request *req) 1091 + { 1092 + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); 1093 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(cipher); 1094 + struct artpec6_crypto_request_context *req_ctx = NULL; 1095 + void (*complete)(struct crypto_async_request *req); 1096 + int ret; 1097 + 1098 + req_ctx = skcipher_request_ctx(req); 1099 + 1100 + switch (ctx->crypto_type) { 1101 + case ARTPEC6_CRYPTO_CIPHER_AES_CBC: 1102 + case ARTPEC6_CRYPTO_CIPHER_AES_ECB: 1103 + case ARTPEC6_CRYPTO_CIPHER_AES_XTS: 1104 + req_ctx->decrypt = 0; 1105 + break; 1106 + default: 1107 + break; 1108 + } 1109 + 1110 + switch (ctx->crypto_type) { 1111 + case ARTPEC6_CRYPTO_CIPHER_AES_CBC: 1112 + complete = artpec6_crypto_complete_cbc_encrypt; 1113 + break; 1114 + default: 1115 + complete = artpec6_crypto_complete_crypto; 1116 + break; 1117 + } 1118 + 1119 + ret = artpec6_crypto_common_init(&req_ctx->common, 1120 + &req->base, 1121 + complete, 1122 + req->dst, req->cryptlen); 1123 + if (ret) 1124 + return ret; 1125 + 1126 + ret = artpec6_crypto_prepare_crypto(req); 1127 + if (ret) { 1128 + artpec6_crypto_common_destroy(&req_ctx->common); 1129 + return ret; 1130 + } 1131 + 1132 + return artpec6_crypto_submit(&req_ctx->common); 1133 + } 1134 + 1135 + static int artpec6_crypto_decrypt(struct skcipher_request *req) 1136 + { 1137 + int ret; 1138 + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); 1139 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(cipher); 1140 + struct artpec6_crypto_request_context *req_ctx = NULL; 1141 + void (*complete)(struct crypto_async_request *req); 1142 + 1143 + req_ctx = skcipher_request_ctx(req); 1144 + 1145 + switch (ctx->crypto_type) { 1146 + case ARTPEC6_CRYPTO_CIPHER_AES_CBC: 1147 + case ARTPEC6_CRYPTO_CIPHER_AES_ECB: 1148 + case ARTPEC6_CRYPTO_CIPHER_AES_XTS: 1149 + req_ctx->decrypt = 1; 1150 + break; 1151 + default: 1152 + break; 1153 + } 1154 + 1155 + 1156 + switch (ctx->crypto_type) { 1157 + case ARTPEC6_CRYPTO_CIPHER_AES_CBC: 1158 + complete = artpec6_crypto_complete_cbc_decrypt; 1159 + break; 1160 + default: 1161 + complete = artpec6_crypto_complete_crypto; 1162 + break; 1163 + } 1164 + 1165 + ret = artpec6_crypto_common_init(&req_ctx->common, &req->base, 1166 + complete, 1167 + req->dst, req->cryptlen); 1168 + if (ret) 1169 + return ret; 1170 + 1171 + ret = artpec6_crypto_prepare_crypto(req); 1172 + if (ret) { 1173 + artpec6_crypto_common_destroy(&req_ctx->common); 1174 + return ret; 1175 + } 1176 + 1177 + return artpec6_crypto_submit(&req_ctx->common); 1178 + } 1179 + 1180 + static int 1181 + artpec6_crypto_ctr_crypt(struct skcipher_request *req, bool encrypt) 1182 + { 1183 + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req); 1184 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(cipher); 1185 + size_t iv_len = crypto_skcipher_ivsize(cipher); 1186 + unsigned int counter = be32_to_cpup((__be32 *) 1187 + (req->iv + iv_len - 4)); 1188 + unsigned int nblks = ALIGN(req->cryptlen, AES_BLOCK_SIZE) / 1189 + AES_BLOCK_SIZE; 1190 + 1191 + /* 1192 + * The hardware uses only the last 32-bits as the counter while the 1193 + * kernel tests (aes_ctr_enc_tv_template[4] for example) expect that 1194 + * the whole IV is a counter. So fallback if the counter is going to 1195 + * overlow. 1196 + */ 1197 + if (counter + nblks < counter) { 1198 + int ret; 1199 + 1200 + pr_debug("counter %x will overflow (nblks %u), falling back\n", 1201 + counter, counter + nblks); 1202 + 1203 + ret = crypto_skcipher_setkey(ctx->fallback, ctx->aes_key, 1204 + ctx->key_length); 1205 + if (ret) 1206 + return ret; 1207 + 1208 + { 1209 + SKCIPHER_REQUEST_ON_STACK(subreq, ctx->fallback); 1210 + 1211 + skcipher_request_set_tfm(subreq, ctx->fallback); 1212 + skcipher_request_set_callback(subreq, req->base.flags, 1213 + NULL, NULL); 1214 + skcipher_request_set_crypt(subreq, req->src, req->dst, 1215 + req->cryptlen, req->iv); 1216 + ret = encrypt ? crypto_skcipher_encrypt(subreq) 1217 + : crypto_skcipher_decrypt(subreq); 1218 + skcipher_request_zero(subreq); 1219 + } 1220 + return ret; 1221 + } 1222 + 1223 + return encrypt ? artpec6_crypto_encrypt(req) 1224 + : artpec6_crypto_decrypt(req); 1225 + } 1226 + 1227 + static int artpec6_crypto_ctr_encrypt(struct skcipher_request *req) 1228 + { 1229 + return artpec6_crypto_ctr_crypt(req, true); 1230 + } 1231 + 1232 + static int artpec6_crypto_ctr_decrypt(struct skcipher_request *req) 1233 + { 1234 + return artpec6_crypto_ctr_crypt(req, false); 1235 + } 1236 + 1237 + /* 1238 + * AEAD functions 1239 + */ 1240 + static int artpec6_crypto_aead_init(struct crypto_aead *tfm) 1241 + { 1242 + struct artpec6_cryptotfm_context *tfm_ctx = crypto_aead_ctx(tfm); 1243 + 1244 + memset(tfm_ctx, 0, sizeof(*tfm_ctx)); 1245 + 1246 + crypto_aead_set_reqsize(tfm, 1247 + sizeof(struct artpec6_crypto_aead_req_ctx)); 1248 + 1249 + return 0; 1250 + } 1251 + 1252 + static int artpec6_crypto_aead_set_key(struct crypto_aead *tfm, const u8 *key, 1253 + unsigned int len) 1254 + { 1255 + struct artpec6_cryptotfm_context *ctx = crypto_tfm_ctx(&tfm->base); 1256 + 1257 + if (len != 16 && len != 24 && len != 32) { 1258 + crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 1259 + return -1; 1260 + } 1261 + 1262 + ctx->key_length = len; 1263 + 1264 + memcpy(ctx->aes_key, key, len); 1265 + return 0; 1266 + } 1267 + 1268 + static int artpec6_crypto_aead_encrypt(struct aead_request *req) 1269 + { 1270 + int ret; 1271 + struct artpec6_crypto_aead_req_ctx *req_ctx = aead_request_ctx(req); 1272 + 1273 + req_ctx->decrypt = false; 1274 + ret = artpec6_crypto_common_init(&req_ctx->common, &req->base, 1275 + artpec6_crypto_complete_aead, 1276 + NULL, 0); 1277 + if (ret) 1278 + return ret; 1279 + 1280 + ret = artpec6_crypto_prepare_aead(req); 1281 + if (ret) { 1282 + artpec6_crypto_common_destroy(&req_ctx->common); 1283 + return ret; 1284 + } 1285 + 1286 + return artpec6_crypto_submit(&req_ctx->common); 1287 + } 1288 + 1289 + static int artpec6_crypto_aead_decrypt(struct aead_request *req) 1290 + { 1291 + int ret; 1292 + struct artpec6_crypto_aead_req_ctx *req_ctx = aead_request_ctx(req); 1293 + 1294 + req_ctx->decrypt = true; 1295 + if (req->cryptlen < AES_BLOCK_SIZE) 1296 + return -EINVAL; 1297 + 1298 + ret = artpec6_crypto_common_init(&req_ctx->common, 1299 + &req->base, 1300 + artpec6_crypto_complete_aead, 1301 + NULL, 0); 1302 + if (ret) 1303 + return ret; 1304 + 1305 + ret = artpec6_crypto_prepare_aead(req); 1306 + if (ret) { 1307 + artpec6_crypto_common_destroy(&req_ctx->common); 1308 + return ret; 1309 + } 1310 + 1311 + return artpec6_crypto_submit(&req_ctx->common); 1312 + } 1313 + 1314 + static int artpec6_crypto_prepare_hash(struct ahash_request *areq) 1315 + { 1316 + struct artpec6_hashalg_context *ctx = crypto_tfm_ctx(areq->base.tfm); 1317 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(areq); 1318 + size_t digestsize = crypto_ahash_digestsize(crypto_ahash_reqtfm(areq)); 1319 + size_t contextsize = digestsize == SHA384_DIGEST_SIZE ? 1320 + SHA512_DIGEST_SIZE : digestsize; 1321 + size_t blocksize = crypto_tfm_alg_blocksize( 1322 + crypto_ahash_tfm(crypto_ahash_reqtfm(areq))); 1323 + struct artpec6_crypto_req_common *common = &req_ctx->common; 1324 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 1325 + enum artpec6_crypto_variant variant = ac->variant; 1326 + u32 sel_ctx; 1327 + bool ext_ctx = false; 1328 + bool run_hw = false; 1329 + int error = 0; 1330 + 1331 + artpec6_crypto_init_dma_operation(common); 1332 + 1333 + /* Upload HMAC key, must be first the first packet */ 1334 + if (req_ctx->hash_flags & HASH_FLAG_HMAC) { 1335 + if (variant == ARTPEC6_CRYPTO) { 1336 + req_ctx->key_md = FIELD_PREP(A6_CRY_MD_OPER, 1337 + a6_regk_crypto_dlkey); 1338 + } else { 1339 + req_ctx->key_md = FIELD_PREP(A7_CRY_MD_OPER, 1340 + a7_regk_crypto_dlkey); 1341 + } 1342 + 1343 + /* Copy and pad up the key */ 1344 + memcpy(req_ctx->key_buffer, ctx->hmac_key, 1345 + ctx->hmac_key_length); 1346 + memset(req_ctx->key_buffer + ctx->hmac_key_length, 0, 1347 + blocksize - ctx->hmac_key_length); 1348 + 1349 + error = artpec6_crypto_setup_out_descr(common, 1350 + (void *)&req_ctx->key_md, 1351 + sizeof(req_ctx->key_md), false, false); 1352 + if (error) 1353 + return error; 1354 + 1355 + error = artpec6_crypto_setup_out_descr(common, 1356 + req_ctx->key_buffer, blocksize, 1357 + true, false); 1358 + if (error) 1359 + return error; 1360 + } 1361 + 1362 + if (!(req_ctx->hash_flags & HASH_FLAG_INIT_CTX)) { 1363 + /* Restore context */ 1364 + sel_ctx = regk_crypto_ext; 1365 + ext_ctx = true; 1366 + } else { 1367 + sel_ctx = regk_crypto_init; 1368 + } 1369 + 1370 + if (variant == ARTPEC6_CRYPTO) { 1371 + req_ctx->hash_md &= ~A6_CRY_MD_HASH_SEL_CTX; 1372 + req_ctx->hash_md |= FIELD_PREP(A6_CRY_MD_HASH_SEL_CTX, sel_ctx); 1373 + 1374 + /* If this is the final round, set the final flag */ 1375 + if (req_ctx->hash_flags & HASH_FLAG_FINALIZE) 1376 + req_ctx->hash_md |= A6_CRY_MD_HASH_HMAC_FIN; 1377 + } else { 1378 + req_ctx->hash_md &= ~A7_CRY_MD_HASH_SEL_CTX; 1379 + req_ctx->hash_md |= FIELD_PREP(A7_CRY_MD_HASH_SEL_CTX, sel_ctx); 1380 + 1381 + /* If this is the final round, set the final flag */ 1382 + if (req_ctx->hash_flags & HASH_FLAG_FINALIZE) 1383 + req_ctx->hash_md |= A7_CRY_MD_HASH_HMAC_FIN; 1384 + } 1385 + 1386 + /* Setup up metadata descriptors */ 1387 + error = artpec6_crypto_setup_out_descr(common, 1388 + (void *)&req_ctx->hash_md, 1389 + sizeof(req_ctx->hash_md), false, false); 1390 + if (error) 1391 + return error; 1392 + 1393 + error = artpec6_crypto_setup_in_descr(common, ac->pad_buffer, 4, false); 1394 + if (error) 1395 + return error; 1396 + 1397 + if (ext_ctx) { 1398 + error = artpec6_crypto_setup_out_descr(common, 1399 + req_ctx->digeststate, 1400 + contextsize, false, false); 1401 + 1402 + if (error) 1403 + return error; 1404 + } 1405 + 1406 + if (req_ctx->hash_flags & HASH_FLAG_UPDATE) { 1407 + size_t done_bytes = 0; 1408 + size_t total_bytes = areq->nbytes + req_ctx->partial_bytes; 1409 + size_t ready_bytes = round_down(total_bytes, blocksize); 1410 + struct artpec6_crypto_walk walk; 1411 + 1412 + run_hw = ready_bytes > 0; 1413 + if (req_ctx->partial_bytes && ready_bytes) { 1414 + /* We have a partial buffer and will at least some bytes 1415 + * to the HW. Empty this partial buffer before tackling 1416 + * the SG lists 1417 + */ 1418 + memcpy(req_ctx->partial_buffer_out, 1419 + req_ctx->partial_buffer, 1420 + req_ctx->partial_bytes); 1421 + 1422 + error = artpec6_crypto_setup_out_descr(common, 1423 + req_ctx->partial_buffer_out, 1424 + req_ctx->partial_bytes, 1425 + false, true); 1426 + if (error) 1427 + return error; 1428 + 1429 + /* Reset partial buffer */ 1430 + done_bytes += req_ctx->partial_bytes; 1431 + req_ctx->partial_bytes = 0; 1432 + } 1433 + 1434 + artpec6_crypto_walk_init(&walk, areq->src); 1435 + 1436 + error = artpec6_crypto_setup_sg_descrs_out(common, &walk, 1437 + ready_bytes - 1438 + done_bytes); 1439 + if (error) 1440 + return error; 1441 + 1442 + if (walk.sg) { 1443 + size_t sg_skip = ready_bytes - done_bytes; 1444 + size_t sg_rem = areq->nbytes - sg_skip; 1445 + 1446 + sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), 1447 + req_ctx->partial_buffer + 1448 + req_ctx->partial_bytes, 1449 + sg_rem, sg_skip); 1450 + 1451 + req_ctx->partial_bytes += sg_rem; 1452 + } 1453 + 1454 + req_ctx->digcnt += ready_bytes; 1455 + req_ctx->hash_flags &= ~(HASH_FLAG_UPDATE); 1456 + } 1457 + 1458 + /* Finalize */ 1459 + if (req_ctx->hash_flags & HASH_FLAG_FINALIZE) { 1460 + bool needtrim = contextsize != digestsize; 1461 + size_t hash_pad_len; 1462 + u64 digest_bits; 1463 + u32 oper; 1464 + 1465 + if (variant == ARTPEC6_CRYPTO) 1466 + oper = FIELD_GET(A6_CRY_MD_OPER, req_ctx->hash_md); 1467 + else 1468 + oper = FIELD_GET(A7_CRY_MD_OPER, req_ctx->hash_md); 1469 + 1470 + /* Write out the partial buffer if present */ 1471 + if (req_ctx->partial_bytes) { 1472 + memcpy(req_ctx->partial_buffer_out, 1473 + req_ctx->partial_buffer, 1474 + req_ctx->partial_bytes); 1475 + error = artpec6_crypto_setup_out_descr(common, 1476 + req_ctx->partial_buffer_out, 1477 + req_ctx->partial_bytes, 1478 + false, true); 1479 + if (error) 1480 + return error; 1481 + 1482 + req_ctx->digcnt += req_ctx->partial_bytes; 1483 + req_ctx->partial_bytes = 0; 1484 + } 1485 + 1486 + if (req_ctx->hash_flags & HASH_FLAG_HMAC) 1487 + digest_bits = 8 * (req_ctx->digcnt + blocksize); 1488 + else 1489 + digest_bits = 8 * req_ctx->digcnt; 1490 + 1491 + /* Add the hash pad */ 1492 + hash_pad_len = create_hash_pad(oper, req_ctx->pad_buffer, 1493 + req_ctx->digcnt, digest_bits); 1494 + error = artpec6_crypto_setup_out_descr(common, 1495 + req_ctx->pad_buffer, 1496 + hash_pad_len, false, 1497 + true); 1498 + req_ctx->digcnt = 0; 1499 + 1500 + if (error) 1501 + return error; 1502 + 1503 + /* Descriptor for the final result */ 1504 + error = artpec6_crypto_setup_in_descr(common, areq->result, 1505 + digestsize, 1506 + !needtrim); 1507 + if (error) 1508 + return error; 1509 + 1510 + if (needtrim) { 1511 + /* Discard the extra context bytes for SHA-384 */ 1512 + error = artpec6_crypto_setup_in_descr(common, 1513 + req_ctx->partial_buffer, 1514 + digestsize - contextsize, true); 1515 + if (error) 1516 + return error; 1517 + } 1518 + 1519 + } else { /* This is not the final operation for this request */ 1520 + if (!run_hw) 1521 + return ARTPEC6_CRYPTO_PREPARE_HASH_NO_START; 1522 + 1523 + /* Save the result to the context */ 1524 + error = artpec6_crypto_setup_in_descr(common, 1525 + req_ctx->digeststate, 1526 + contextsize, false); 1527 + if (error) 1528 + return error; 1529 + /* fall through */ 1530 + } 1531 + 1532 + req_ctx->hash_flags &= ~(HASH_FLAG_INIT_CTX | HASH_FLAG_UPDATE | 1533 + HASH_FLAG_FINALIZE); 1534 + 1535 + error = artpec6_crypto_terminate_in_descrs(common); 1536 + if (error) 1537 + return error; 1538 + 1539 + error = artpec6_crypto_terminate_out_descrs(common); 1540 + if (error) 1541 + return error; 1542 + 1543 + error = artpec6_crypto_dma_map_descs(common); 1544 + if (error) 1545 + return error; 1546 + 1547 + return ARTPEC6_CRYPTO_PREPARE_HASH_START; 1548 + } 1549 + 1550 + 1551 + static int artpec6_crypto_aes_ecb_init(struct crypto_skcipher *tfm) 1552 + { 1553 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1554 + 1555 + tfm->reqsize = sizeof(struct artpec6_crypto_request_context); 1556 + ctx->crypto_type = ARTPEC6_CRYPTO_CIPHER_AES_ECB; 1557 + 1558 + return 0; 1559 + } 1560 + 1561 + static int artpec6_crypto_aes_ctr_init(struct crypto_skcipher *tfm) 1562 + { 1563 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1564 + 1565 + ctx->fallback = crypto_alloc_skcipher(crypto_tfm_alg_name(&tfm->base), 1566 + 0, 1567 + CRYPTO_ALG_ASYNC | 1568 + CRYPTO_ALG_NEED_FALLBACK); 1569 + if (IS_ERR(ctx->fallback)) 1570 + return PTR_ERR(ctx->fallback); 1571 + 1572 + tfm->reqsize = sizeof(struct artpec6_crypto_request_context); 1573 + ctx->crypto_type = ARTPEC6_CRYPTO_CIPHER_AES_CTR; 1574 + 1575 + return 0; 1576 + } 1577 + 1578 + static int artpec6_crypto_aes_cbc_init(struct crypto_skcipher *tfm) 1579 + { 1580 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1581 + 1582 + tfm->reqsize = sizeof(struct artpec6_crypto_request_context); 1583 + ctx->crypto_type = ARTPEC6_CRYPTO_CIPHER_AES_CBC; 1584 + 1585 + return 0; 1586 + } 1587 + 1588 + static int artpec6_crypto_aes_xts_init(struct crypto_skcipher *tfm) 1589 + { 1590 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1591 + 1592 + tfm->reqsize = sizeof(struct artpec6_crypto_request_context); 1593 + ctx->crypto_type = ARTPEC6_CRYPTO_CIPHER_AES_XTS; 1594 + 1595 + return 0; 1596 + } 1597 + 1598 + static void artpec6_crypto_aes_exit(struct crypto_skcipher *tfm) 1599 + { 1600 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1601 + 1602 + memset(ctx, 0, sizeof(*ctx)); 1603 + } 1604 + 1605 + static void artpec6_crypto_aes_ctr_exit(struct crypto_skcipher *tfm) 1606 + { 1607 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(tfm); 1608 + 1609 + crypto_free_skcipher(ctx->fallback); 1610 + artpec6_crypto_aes_exit(tfm); 1611 + } 1612 + 1613 + static int 1614 + artpec6_crypto_cipher_set_key(struct crypto_skcipher *cipher, const u8 *key, 1615 + unsigned int keylen) 1616 + { 1617 + struct artpec6_cryptotfm_context *ctx = 1618 + crypto_skcipher_ctx(cipher); 1619 + 1620 + switch (keylen) { 1621 + case 16: 1622 + case 24: 1623 + case 32: 1624 + break; 1625 + default: 1626 + crypto_skcipher_set_flags(cipher, 1627 + CRYPTO_TFM_RES_BAD_KEY_LEN); 1628 + return -EINVAL; 1629 + } 1630 + 1631 + memcpy(ctx->aes_key, key, keylen); 1632 + ctx->key_length = keylen; 1633 + return 0; 1634 + } 1635 + 1636 + static int 1637 + artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key, 1638 + unsigned int keylen) 1639 + { 1640 + struct artpec6_cryptotfm_context *ctx = 1641 + crypto_skcipher_ctx(cipher); 1642 + int ret; 1643 + 1644 + ret = xts_check_key(&cipher->base, key, keylen); 1645 + if (ret) 1646 + return ret; 1647 + 1648 + switch (keylen) { 1649 + case 32: 1650 + case 48: 1651 + case 64: 1652 + break; 1653 + default: 1654 + crypto_skcipher_set_flags(cipher, 1655 + CRYPTO_TFM_RES_BAD_KEY_LEN); 1656 + return -EINVAL; 1657 + } 1658 + 1659 + memcpy(ctx->aes_key, key, keylen); 1660 + ctx->key_length = keylen; 1661 + return 0; 1662 + } 1663 + 1664 + /** artpec6_crypto_process_crypto - Prepare an async block cipher crypto request 1665 + * 1666 + * @req: The asynch request to process 1667 + * 1668 + * @return 0 if the dma job was successfully prepared 1669 + * <0 on error 1670 + * 1671 + * This function sets up the PDMA descriptors for a block cipher request. 1672 + * 1673 + * The required padding is added for AES-CTR using a statically defined 1674 + * buffer. 1675 + * 1676 + * The PDMA descriptor list will be as follows: 1677 + * 1678 + * OUT: [KEY_MD][KEY][EOP]<CIPHER_MD>[IV]<data_0>...[data_n][AES-CTR_pad]<eop> 1679 + * IN: <CIPHER_MD><data_0>...[data_n]<intr> 1680 + * 1681 + */ 1682 + static int artpec6_crypto_prepare_crypto(struct skcipher_request *areq) 1683 + { 1684 + int ret; 1685 + struct artpec6_crypto_walk walk; 1686 + struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq); 1687 + struct artpec6_cryptotfm_context *ctx = crypto_skcipher_ctx(cipher); 1688 + struct artpec6_crypto_request_context *req_ctx = NULL; 1689 + size_t iv_len = crypto_skcipher_ivsize(cipher); 1690 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 1691 + enum artpec6_crypto_variant variant = ac->variant; 1692 + struct artpec6_crypto_req_common *common; 1693 + bool cipher_decr = false; 1694 + size_t cipher_klen; 1695 + u32 cipher_len = 0; /* Same as regk_crypto_key_128 for NULL crypto */ 1696 + u32 oper; 1697 + 1698 + req_ctx = skcipher_request_ctx(areq); 1699 + common = &req_ctx->common; 1700 + 1701 + artpec6_crypto_init_dma_operation(common); 1702 + 1703 + if (variant == ARTPEC6_CRYPTO) 1704 + ctx->key_md = FIELD_PREP(A6_CRY_MD_OPER, a6_regk_crypto_dlkey); 1705 + else 1706 + ctx->key_md = FIELD_PREP(A7_CRY_MD_OPER, a7_regk_crypto_dlkey); 1707 + 1708 + ret = artpec6_crypto_setup_out_descr(common, (void *)&ctx->key_md, 1709 + sizeof(ctx->key_md), false, false); 1710 + if (ret) 1711 + return ret; 1712 + 1713 + ret = artpec6_crypto_setup_out_descr(common, ctx->aes_key, 1714 + ctx->key_length, true, false); 1715 + if (ret) 1716 + return ret; 1717 + 1718 + req_ctx->cipher_md = 0; 1719 + 1720 + if (ctx->crypto_type == ARTPEC6_CRYPTO_CIPHER_AES_XTS) 1721 + cipher_klen = ctx->key_length/2; 1722 + else 1723 + cipher_klen = ctx->key_length; 1724 + 1725 + /* Metadata */ 1726 + switch (cipher_klen) { 1727 + case 16: 1728 + cipher_len = regk_crypto_key_128; 1729 + break; 1730 + case 24: 1731 + cipher_len = regk_crypto_key_192; 1732 + break; 1733 + case 32: 1734 + cipher_len = regk_crypto_key_256; 1735 + break; 1736 + default: 1737 + pr_err("%s: Invalid key length %d!\n", 1738 + MODULE_NAME, ctx->key_length); 1739 + return -EINVAL; 1740 + } 1741 + 1742 + switch (ctx->crypto_type) { 1743 + case ARTPEC6_CRYPTO_CIPHER_AES_ECB: 1744 + oper = regk_crypto_aes_ecb; 1745 + cipher_decr = req_ctx->decrypt; 1746 + break; 1747 + 1748 + case ARTPEC6_CRYPTO_CIPHER_AES_CBC: 1749 + oper = regk_crypto_aes_cbc; 1750 + cipher_decr = req_ctx->decrypt; 1751 + break; 1752 + 1753 + case ARTPEC6_CRYPTO_CIPHER_AES_CTR: 1754 + oper = regk_crypto_aes_ctr; 1755 + cipher_decr = false; 1756 + break; 1757 + 1758 + case ARTPEC6_CRYPTO_CIPHER_AES_XTS: 1759 + oper = regk_crypto_aes_xts; 1760 + cipher_decr = req_ctx->decrypt; 1761 + 1762 + if (variant == ARTPEC6_CRYPTO) 1763 + req_ctx->cipher_md |= A6_CRY_MD_CIPHER_DSEQ; 1764 + else 1765 + req_ctx->cipher_md |= A7_CRY_MD_CIPHER_DSEQ; 1766 + break; 1767 + 1768 + default: 1769 + pr_err("%s: Invalid cipher mode %d!\n", 1770 + MODULE_NAME, ctx->crypto_type); 1771 + return -EINVAL; 1772 + } 1773 + 1774 + if (variant == ARTPEC6_CRYPTO) { 1775 + req_ctx->cipher_md |= FIELD_PREP(A6_CRY_MD_OPER, oper); 1776 + req_ctx->cipher_md |= FIELD_PREP(A6_CRY_MD_CIPHER_LEN, 1777 + cipher_len); 1778 + if (cipher_decr) 1779 + req_ctx->cipher_md |= A6_CRY_MD_CIPHER_DECR; 1780 + } else { 1781 + req_ctx->cipher_md |= FIELD_PREP(A7_CRY_MD_OPER, oper); 1782 + req_ctx->cipher_md |= FIELD_PREP(A7_CRY_MD_CIPHER_LEN, 1783 + cipher_len); 1784 + if (cipher_decr) 1785 + req_ctx->cipher_md |= A7_CRY_MD_CIPHER_DECR; 1786 + } 1787 + 1788 + ret = artpec6_crypto_setup_out_descr(common, 1789 + &req_ctx->cipher_md, 1790 + sizeof(req_ctx->cipher_md), 1791 + false, false); 1792 + if (ret) 1793 + return ret; 1794 + 1795 + ret = artpec6_crypto_setup_in_descr(common, ac->pad_buffer, 4, false); 1796 + if (ret) 1797 + return ret; 1798 + 1799 + if (iv_len) { 1800 + ret = artpec6_crypto_setup_out_descr(common, areq->iv, iv_len, 1801 + false, false); 1802 + if (ret) 1803 + return ret; 1804 + } 1805 + /* Data out */ 1806 + artpec6_crypto_walk_init(&walk, areq->src); 1807 + ret = artpec6_crypto_setup_sg_descrs_out(common, &walk, areq->cryptlen); 1808 + if (ret) 1809 + return ret; 1810 + 1811 + /* Data in */ 1812 + artpec6_crypto_walk_init(&walk, areq->dst); 1813 + ret = artpec6_crypto_setup_sg_descrs_in(common, &walk, areq->cryptlen); 1814 + if (ret) 1815 + return ret; 1816 + 1817 + /* CTR-mode padding required by the HW. */ 1818 + if (ctx->crypto_type == ARTPEC6_CRYPTO_CIPHER_AES_CTR || 1819 + ctx->crypto_type == ARTPEC6_CRYPTO_CIPHER_AES_XTS) { 1820 + size_t pad = ALIGN(areq->cryptlen, AES_BLOCK_SIZE) - 1821 + areq->cryptlen; 1822 + 1823 + if (pad) { 1824 + ret = artpec6_crypto_setup_out_descr(common, 1825 + ac->pad_buffer, 1826 + pad, false, false); 1827 + if (ret) 1828 + return ret; 1829 + 1830 + ret = artpec6_crypto_setup_in_descr(common, 1831 + ac->pad_buffer, pad, 1832 + false); 1833 + if (ret) 1834 + return ret; 1835 + } 1836 + } 1837 + 1838 + ret = artpec6_crypto_terminate_out_descrs(common); 1839 + if (ret) 1840 + return ret; 1841 + 1842 + ret = artpec6_crypto_terminate_in_descrs(common); 1843 + if (ret) 1844 + return ret; 1845 + 1846 + return artpec6_crypto_dma_map_descs(common); 1847 + } 1848 + 1849 + static int artpec6_crypto_prepare_aead(struct aead_request *areq) 1850 + { 1851 + size_t count; 1852 + int ret; 1853 + size_t input_length; 1854 + struct artpec6_cryptotfm_context *ctx = crypto_tfm_ctx(areq->base.tfm); 1855 + struct artpec6_crypto_aead_req_ctx *req_ctx = aead_request_ctx(areq); 1856 + struct crypto_aead *cipher = crypto_aead_reqtfm(areq); 1857 + struct artpec6_crypto_req_common *common = &req_ctx->common; 1858 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 1859 + enum artpec6_crypto_variant variant = ac->variant; 1860 + u32 md_cipher_len; 1861 + 1862 + artpec6_crypto_init_dma_operation(common); 1863 + 1864 + /* Key */ 1865 + if (variant == ARTPEC6_CRYPTO) { 1866 + ctx->key_md = FIELD_PREP(A6_CRY_MD_OPER, 1867 + a6_regk_crypto_dlkey); 1868 + } else { 1869 + ctx->key_md = FIELD_PREP(A7_CRY_MD_OPER, 1870 + a7_regk_crypto_dlkey); 1871 + } 1872 + ret = artpec6_crypto_setup_out_descr(common, (void *)&ctx->key_md, 1873 + sizeof(ctx->key_md), false, false); 1874 + if (ret) 1875 + return ret; 1876 + 1877 + ret = artpec6_crypto_setup_out_descr(common, ctx->aes_key, 1878 + ctx->key_length, true, false); 1879 + if (ret) 1880 + return ret; 1881 + 1882 + req_ctx->cipher_md = 0; 1883 + 1884 + switch (ctx->key_length) { 1885 + case 16: 1886 + md_cipher_len = regk_crypto_key_128; 1887 + break; 1888 + case 24: 1889 + md_cipher_len = regk_crypto_key_192; 1890 + break; 1891 + case 32: 1892 + md_cipher_len = regk_crypto_key_256; 1893 + break; 1894 + default: 1895 + return -EINVAL; 1896 + } 1897 + 1898 + if (variant == ARTPEC6_CRYPTO) { 1899 + req_ctx->cipher_md |= FIELD_PREP(A6_CRY_MD_OPER, 1900 + regk_crypto_aes_gcm); 1901 + req_ctx->cipher_md |= FIELD_PREP(A6_CRY_MD_CIPHER_LEN, 1902 + md_cipher_len); 1903 + if (req_ctx->decrypt) 1904 + req_ctx->cipher_md |= A6_CRY_MD_CIPHER_DECR; 1905 + } else { 1906 + req_ctx->cipher_md |= FIELD_PREP(A7_CRY_MD_OPER, 1907 + regk_crypto_aes_gcm); 1908 + req_ctx->cipher_md |= FIELD_PREP(A7_CRY_MD_CIPHER_LEN, 1909 + md_cipher_len); 1910 + if (req_ctx->decrypt) 1911 + req_ctx->cipher_md |= A7_CRY_MD_CIPHER_DECR; 1912 + } 1913 + 1914 + ret = artpec6_crypto_setup_out_descr(common, 1915 + (void *) &req_ctx->cipher_md, 1916 + sizeof(req_ctx->cipher_md), false, 1917 + false); 1918 + if (ret) 1919 + return ret; 1920 + 1921 + ret = artpec6_crypto_setup_in_descr(common, ac->pad_buffer, 4, false); 1922 + if (ret) 1923 + return ret; 1924 + 1925 + /* For the decryption, cryptlen includes the tag. */ 1926 + input_length = areq->cryptlen; 1927 + if (req_ctx->decrypt) 1928 + input_length -= AES_BLOCK_SIZE; 1929 + 1930 + /* Prepare the context buffer */ 1931 + req_ctx->hw_ctx.aad_length_bits = 1932 + __cpu_to_be64(8*areq->assoclen); 1933 + 1934 + req_ctx->hw_ctx.text_length_bits = 1935 + __cpu_to_be64(8*input_length); 1936 + 1937 + memcpy(req_ctx->hw_ctx.J0, areq->iv, crypto_aead_ivsize(cipher)); 1938 + // The HW omits the initial increment of the counter field. 1939 + crypto_inc(req_ctx->hw_ctx.J0+12, 4); 1940 + 1941 + ret = artpec6_crypto_setup_out_descr(common, &req_ctx->hw_ctx, 1942 + sizeof(struct artpec6_crypto_aead_hw_ctx), false, false); 1943 + if (ret) 1944 + return ret; 1945 + 1946 + { 1947 + struct artpec6_crypto_walk walk; 1948 + 1949 + artpec6_crypto_walk_init(&walk, areq->src); 1950 + 1951 + /* Associated data */ 1952 + count = areq->assoclen; 1953 + ret = artpec6_crypto_setup_sg_descrs_out(common, &walk, count); 1954 + if (ret) 1955 + return ret; 1956 + 1957 + if (!IS_ALIGNED(areq->assoclen, 16)) { 1958 + size_t assoc_pad = 16 - (areq->assoclen % 16); 1959 + /* The HW mandates zero padding here */ 1960 + ret = artpec6_crypto_setup_out_descr(common, 1961 + ac->zero_buffer, 1962 + assoc_pad, false, 1963 + false); 1964 + if (ret) 1965 + return ret; 1966 + } 1967 + 1968 + /* Data to crypto */ 1969 + count = input_length; 1970 + ret = artpec6_crypto_setup_sg_descrs_out(common, &walk, count); 1971 + if (ret) 1972 + return ret; 1973 + 1974 + if (!IS_ALIGNED(input_length, 16)) { 1975 + size_t crypto_pad = 16 - (input_length % 16); 1976 + /* The HW mandates zero padding here */ 1977 + ret = artpec6_crypto_setup_out_descr(common, 1978 + ac->zero_buffer, 1979 + crypto_pad, 1980 + false, 1981 + false); 1982 + if (ret) 1983 + return ret; 1984 + } 1985 + } 1986 + 1987 + /* Data from crypto */ 1988 + { 1989 + struct artpec6_crypto_walk walk; 1990 + size_t output_len = areq->cryptlen; 1991 + 1992 + if (req_ctx->decrypt) 1993 + output_len -= AES_BLOCK_SIZE; 1994 + 1995 + artpec6_crypto_walk_init(&walk, areq->dst); 1996 + 1997 + /* skip associated data in the output */ 1998 + count = artpec6_crypto_walk_advance(&walk, areq->assoclen); 1999 + if (count) 2000 + return -EINVAL; 2001 + 2002 + count = output_len; 2003 + ret = artpec6_crypto_setup_sg_descrs_in(common, &walk, count); 2004 + if (ret) 2005 + return ret; 2006 + 2007 + /* Put padding between the cryptotext and the auth tag */ 2008 + if (!IS_ALIGNED(output_len, 16)) { 2009 + size_t crypto_pad = 16 - (output_len % 16); 2010 + 2011 + ret = artpec6_crypto_setup_in_descr(common, 2012 + ac->pad_buffer, 2013 + crypto_pad, false); 2014 + if (ret) 2015 + return ret; 2016 + } 2017 + 2018 + /* The authentication tag shall follow immediately after 2019 + * the output ciphertext. For decryption it is put in a context 2020 + * buffer for later compare against the input tag. 2021 + */ 2022 + count = AES_BLOCK_SIZE; 2023 + 2024 + if (req_ctx->decrypt) { 2025 + ret = artpec6_crypto_setup_in_descr(common, 2026 + req_ctx->decryption_tag, count, false); 2027 + if (ret) 2028 + return ret; 2029 + 2030 + } else { 2031 + ret = artpec6_crypto_setup_sg_descrs_in(common, &walk, 2032 + count); 2033 + if (ret) 2034 + return ret; 2035 + } 2036 + 2037 + } 2038 + 2039 + ret = artpec6_crypto_terminate_in_descrs(common); 2040 + if (ret) 2041 + return ret; 2042 + 2043 + ret = artpec6_crypto_terminate_out_descrs(common); 2044 + if (ret) 2045 + return ret; 2046 + 2047 + return artpec6_crypto_dma_map_descs(common); 2048 + } 2049 + 2050 + static void artpec6_crypto_process_queue(struct artpec6_crypto *ac) 2051 + { 2052 + struct artpec6_crypto_req_common *req; 2053 + 2054 + while (!list_empty(&ac->queue) && !artpec6_crypto_busy()) { 2055 + req = list_first_entry(&ac->queue, 2056 + struct artpec6_crypto_req_common, 2057 + list); 2058 + list_move_tail(&req->list, &ac->pending); 2059 + artpec6_crypto_start_dma(req); 2060 + 2061 + req->req->complete(req->req, -EINPROGRESS); 2062 + } 2063 + 2064 + /* 2065 + * In some cases, the hardware can raise an in_eop_flush interrupt 2066 + * before actually updating the status, so we have an timer which will 2067 + * recheck the status on timeout. Since the cases are expected to be 2068 + * very rare, we use a relatively large timeout value. There should be 2069 + * no noticeable negative effect if we timeout spuriously. 2070 + */ 2071 + if (ac->pending_count) 2072 + mod_timer(&ac->timer, jiffies + msecs_to_jiffies(100)); 2073 + else 2074 + del_timer(&ac->timer); 2075 + } 2076 + 2077 + static void artpec6_crypto_timeout(unsigned long data) 2078 + { 2079 + struct artpec6_crypto *ac = (struct artpec6_crypto *) data; 2080 + 2081 + dev_info_ratelimited(artpec6_crypto_dev, "timeout\n"); 2082 + 2083 + tasklet_schedule(&ac->task); 2084 + } 2085 + 2086 + static void artpec6_crypto_task(unsigned long data) 2087 + { 2088 + struct artpec6_crypto *ac = (struct artpec6_crypto *)data; 2089 + struct artpec6_crypto_req_common *req; 2090 + struct artpec6_crypto_req_common *n; 2091 + 2092 + if (list_empty(&ac->pending)) { 2093 + pr_debug("Spurious IRQ\n"); 2094 + return; 2095 + } 2096 + 2097 + spin_lock_bh(&ac->queue_lock); 2098 + 2099 + list_for_each_entry_safe(req, n, &ac->pending, list) { 2100 + struct artpec6_crypto_dma_descriptors *dma = req->dma; 2101 + u32 stat; 2102 + 2103 + dma_sync_single_for_cpu(artpec6_crypto_dev, dma->stat_dma_addr, 2104 + sizeof(dma->stat[0]), 2105 + DMA_BIDIRECTIONAL); 2106 + 2107 + stat = req->dma->stat[req->dma->in_cnt-1]; 2108 + 2109 + /* A non-zero final status descriptor indicates 2110 + * this job has finished. 2111 + */ 2112 + pr_debug("Request %p status is %X\n", req, stat); 2113 + if (!stat) 2114 + break; 2115 + 2116 + /* Allow testing of timeout handling with fault injection */ 2117 + #ifdef CONFIG_FAULT_INJECTION 2118 + if (should_fail(&artpec6_crypto_fail_status_read, 1)) 2119 + continue; 2120 + #endif 2121 + 2122 + pr_debug("Completing request %p\n", req); 2123 + 2124 + list_del(&req->list); 2125 + 2126 + artpec6_crypto_dma_unmap_all(req); 2127 + artpec6_crypto_copy_bounce_buffers(req); 2128 + 2129 + ac->pending_count--; 2130 + artpec6_crypto_common_destroy(req); 2131 + req->complete(req->req); 2132 + } 2133 + 2134 + artpec6_crypto_process_queue(ac); 2135 + 2136 + spin_unlock_bh(&ac->queue_lock); 2137 + } 2138 + 2139 + static void artpec6_crypto_complete_crypto(struct crypto_async_request *req) 2140 + { 2141 + req->complete(req, 0); 2142 + } 2143 + 2144 + static void 2145 + artpec6_crypto_complete_cbc_decrypt(struct crypto_async_request *req) 2146 + { 2147 + struct skcipher_request *cipher_req = container_of(req, 2148 + struct skcipher_request, base); 2149 + 2150 + scatterwalk_map_and_copy(cipher_req->iv, cipher_req->src, 2151 + cipher_req->cryptlen - AES_BLOCK_SIZE, 2152 + AES_BLOCK_SIZE, 0); 2153 + req->complete(req, 0); 2154 + } 2155 + 2156 + static void 2157 + artpec6_crypto_complete_cbc_encrypt(struct crypto_async_request *req) 2158 + { 2159 + struct skcipher_request *cipher_req = container_of(req, 2160 + struct skcipher_request, base); 2161 + 2162 + scatterwalk_map_and_copy(cipher_req->iv, cipher_req->dst, 2163 + cipher_req->cryptlen - AES_BLOCK_SIZE, 2164 + AES_BLOCK_SIZE, 0); 2165 + req->complete(req, 0); 2166 + } 2167 + 2168 + static void artpec6_crypto_complete_aead(struct crypto_async_request *req) 2169 + { 2170 + int result = 0; 2171 + 2172 + /* Verify GCM hashtag. */ 2173 + struct aead_request *areq = container_of(req, 2174 + struct aead_request, base); 2175 + struct artpec6_crypto_aead_req_ctx *req_ctx = aead_request_ctx(areq); 2176 + 2177 + if (req_ctx->decrypt) { 2178 + u8 input_tag[AES_BLOCK_SIZE]; 2179 + 2180 + sg_pcopy_to_buffer(areq->src, 2181 + sg_nents(areq->src), 2182 + input_tag, 2183 + AES_BLOCK_SIZE, 2184 + areq->assoclen + areq->cryptlen - 2185 + AES_BLOCK_SIZE); 2186 + 2187 + if (memcmp(req_ctx->decryption_tag, 2188 + input_tag, 2189 + AES_BLOCK_SIZE)) { 2190 + pr_debug("***EBADMSG:\n"); 2191 + print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1, 2192 + input_tag, AES_BLOCK_SIZE, true); 2193 + print_hex_dump_debug("out:", DUMP_PREFIX_ADDRESS, 32, 1, 2194 + req_ctx->decryption_tag, 2195 + AES_BLOCK_SIZE, true); 2196 + 2197 + result = -EBADMSG; 2198 + } 2199 + } 2200 + 2201 + req->complete(req, result); 2202 + } 2203 + 2204 + static void artpec6_crypto_complete_hash(struct crypto_async_request *req) 2205 + { 2206 + req->complete(req, 0); 2207 + } 2208 + 2209 + 2210 + /*------------------- Hash functions -----------------------------------------*/ 2211 + static int 2212 + artpec6_crypto_hash_set_key(struct crypto_ahash *tfm, 2213 + const u8 *key, unsigned int keylen) 2214 + { 2215 + struct artpec6_hashalg_context *tfm_ctx = crypto_tfm_ctx(&tfm->base); 2216 + size_t blocksize; 2217 + int ret; 2218 + 2219 + if (!keylen) { 2220 + pr_err("Invalid length (%d) of HMAC key\n", 2221 + keylen); 2222 + return -EINVAL; 2223 + } 2224 + 2225 + memset(tfm_ctx->hmac_key, 0, sizeof(tfm_ctx->hmac_key)); 2226 + 2227 + blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm)); 2228 + 2229 + if (keylen > blocksize) { 2230 + SHASH_DESC_ON_STACK(hdesc, tfm_ctx->child_hash); 2231 + 2232 + hdesc->tfm = tfm_ctx->child_hash; 2233 + hdesc->flags = crypto_ahash_get_flags(tfm) & 2234 + CRYPTO_TFM_REQ_MAY_SLEEP; 2235 + 2236 + tfm_ctx->hmac_key_length = blocksize; 2237 + ret = crypto_shash_digest(hdesc, key, keylen, 2238 + tfm_ctx->hmac_key); 2239 + if (ret) 2240 + return ret; 2241 + 2242 + } else { 2243 + memcpy(tfm_ctx->hmac_key, key, keylen); 2244 + tfm_ctx->hmac_key_length = keylen; 2245 + } 2246 + 2247 + return 0; 2248 + } 2249 + 2250 + static int 2251 + artpec6_crypto_init_hash(struct ahash_request *req, u8 type, int hmac) 2252 + { 2253 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 2254 + enum artpec6_crypto_variant variant = ac->variant; 2255 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2256 + u32 oper; 2257 + 2258 + memset(req_ctx, 0, sizeof(*req_ctx)); 2259 + 2260 + req_ctx->hash_flags = HASH_FLAG_INIT_CTX; 2261 + if (hmac) 2262 + req_ctx->hash_flags |= (HASH_FLAG_HMAC | HASH_FLAG_UPDATE_KEY); 2263 + 2264 + switch (type) { 2265 + case ARTPEC6_CRYPTO_HASH_SHA1: 2266 + oper = hmac ? regk_crypto_hmac_sha1 : regk_crypto_sha1; 2267 + break; 2268 + case ARTPEC6_CRYPTO_HASH_SHA256: 2269 + oper = hmac ? regk_crypto_hmac_sha256 : regk_crypto_sha256; 2270 + break; 2271 + case ARTPEC6_CRYPTO_HASH_SHA384: 2272 + oper = hmac ? regk_crypto_hmac_sha384 : regk_crypto_sha384; 2273 + break; 2274 + case ARTPEC6_CRYPTO_HASH_SHA512: 2275 + oper = hmac ? regk_crypto_hmac_sha512 : regk_crypto_sha512; 2276 + break; 2277 + 2278 + default: 2279 + pr_err("%s: Unsupported hash type 0x%x\n", MODULE_NAME, type); 2280 + return -EINVAL; 2281 + } 2282 + 2283 + if (variant == ARTPEC6_CRYPTO) 2284 + req_ctx->hash_md = FIELD_PREP(A6_CRY_MD_OPER, oper); 2285 + else 2286 + req_ctx->hash_md = FIELD_PREP(A7_CRY_MD_OPER, oper); 2287 + 2288 + return 0; 2289 + } 2290 + 2291 + static int artpec6_crypto_prepare_submit_hash(struct ahash_request *req) 2292 + { 2293 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2294 + int ret; 2295 + 2296 + if (!req_ctx->common.dma) { 2297 + ret = artpec6_crypto_common_init(&req_ctx->common, 2298 + &req->base, 2299 + artpec6_crypto_complete_hash, 2300 + NULL, 0); 2301 + 2302 + if (ret) 2303 + return ret; 2304 + } 2305 + 2306 + ret = artpec6_crypto_prepare_hash(req); 2307 + switch (ret) { 2308 + case ARTPEC6_CRYPTO_PREPARE_HASH_START: 2309 + ret = artpec6_crypto_submit(&req_ctx->common); 2310 + break; 2311 + 2312 + case ARTPEC6_CRYPTO_PREPARE_HASH_NO_START: 2313 + ret = 0; 2314 + /* Fallthrough */ 2315 + 2316 + default: 2317 + artpec6_crypto_common_destroy(&req_ctx->common); 2318 + break; 2319 + } 2320 + 2321 + return ret; 2322 + } 2323 + 2324 + static int artpec6_crypto_hash_final(struct ahash_request *req) 2325 + { 2326 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2327 + 2328 + req_ctx->hash_flags |= HASH_FLAG_FINALIZE; 2329 + 2330 + return artpec6_crypto_prepare_submit_hash(req); 2331 + } 2332 + 2333 + static int artpec6_crypto_hash_update(struct ahash_request *req) 2334 + { 2335 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2336 + 2337 + req_ctx->hash_flags |= HASH_FLAG_UPDATE; 2338 + 2339 + return artpec6_crypto_prepare_submit_hash(req); 2340 + } 2341 + 2342 + static int artpec6_crypto_sha1_init(struct ahash_request *req) 2343 + { 2344 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA1, 0); 2345 + } 2346 + 2347 + static int artpec6_crypto_sha1_digest(struct ahash_request *req) 2348 + { 2349 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2350 + 2351 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA1, 0); 2352 + 2353 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2354 + 2355 + return artpec6_crypto_prepare_submit_hash(req); 2356 + } 2357 + 2358 + static int artpec6_crypto_sha256_init(struct ahash_request *req) 2359 + { 2360 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 0); 2361 + } 2362 + 2363 + static int artpec6_crypto_sha256_digest(struct ahash_request *req) 2364 + { 2365 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2366 + 2367 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 0); 2368 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2369 + 2370 + return artpec6_crypto_prepare_submit_hash(req); 2371 + } 2372 + 2373 + static int __maybe_unused artpec6_crypto_sha384_init(struct ahash_request *req) 2374 + { 2375 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 0); 2376 + } 2377 + 2378 + static int __maybe_unused 2379 + artpec6_crypto_sha384_digest(struct ahash_request *req) 2380 + { 2381 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2382 + 2383 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 0); 2384 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2385 + 2386 + return artpec6_crypto_prepare_submit_hash(req); 2387 + } 2388 + 2389 + static int artpec6_crypto_sha512_init(struct ahash_request *req) 2390 + { 2391 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 0); 2392 + } 2393 + 2394 + static int artpec6_crypto_sha512_digest(struct ahash_request *req) 2395 + { 2396 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2397 + 2398 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 0); 2399 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2400 + 2401 + return artpec6_crypto_prepare_submit_hash(req); 2402 + } 2403 + 2404 + static int artpec6_crypto_hmac_sha256_init(struct ahash_request *req) 2405 + { 2406 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 1); 2407 + } 2408 + 2409 + static int __maybe_unused 2410 + artpec6_crypto_hmac_sha384_init(struct ahash_request *req) 2411 + { 2412 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 1); 2413 + } 2414 + 2415 + static int artpec6_crypto_hmac_sha512_init(struct ahash_request *req) 2416 + { 2417 + return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 1); 2418 + } 2419 + 2420 + static int artpec6_crypto_hmac_sha256_digest(struct ahash_request *req) 2421 + { 2422 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2423 + 2424 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 1); 2425 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2426 + 2427 + return artpec6_crypto_prepare_submit_hash(req); 2428 + } 2429 + 2430 + static int __maybe_unused 2431 + artpec6_crypto_hmac_sha384_digest(struct ahash_request *req) 2432 + { 2433 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2434 + 2435 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 1); 2436 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2437 + 2438 + return artpec6_crypto_prepare_submit_hash(req); 2439 + } 2440 + 2441 + static int artpec6_crypto_hmac_sha512_digest(struct ahash_request *req) 2442 + { 2443 + struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); 2444 + 2445 + artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 1); 2446 + req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; 2447 + 2448 + return artpec6_crypto_prepare_submit_hash(req); 2449 + } 2450 + 2451 + static int artpec6_crypto_ahash_init_common(struct crypto_tfm *tfm, 2452 + const char *base_hash_name) 2453 + { 2454 + struct artpec6_hashalg_context *tfm_ctx = crypto_tfm_ctx(tfm); 2455 + 2456 + crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), 2457 + sizeof(struct artpec6_hash_request_context)); 2458 + memset(tfm_ctx, 0, sizeof(*tfm_ctx)); 2459 + 2460 + if (base_hash_name) { 2461 + struct crypto_shash *child; 2462 + 2463 + child = crypto_alloc_shash(base_hash_name, 0, 2464 + CRYPTO_ALG_NEED_FALLBACK); 2465 + 2466 + if (IS_ERR(child)) 2467 + return PTR_ERR(child); 2468 + 2469 + tfm_ctx->child_hash = child; 2470 + } 2471 + 2472 + return 0; 2473 + } 2474 + 2475 + static int artpec6_crypto_ahash_init(struct crypto_tfm *tfm) 2476 + { 2477 + return artpec6_crypto_ahash_init_common(tfm, NULL); 2478 + } 2479 + 2480 + static int artpec6_crypto_ahash_init_hmac_sha256(struct crypto_tfm *tfm) 2481 + { 2482 + return artpec6_crypto_ahash_init_common(tfm, "sha256"); 2483 + } 2484 + 2485 + static int __maybe_unused 2486 + artpec6_crypto_ahash_init_hmac_sha384(struct crypto_tfm *tfm) 2487 + { 2488 + return artpec6_crypto_ahash_init_common(tfm, "sha384"); 2489 + } 2490 + 2491 + static int artpec6_crypto_ahash_init_hmac_sha512(struct crypto_tfm *tfm) 2492 + { 2493 + return artpec6_crypto_ahash_init_common(tfm, "sha512"); 2494 + } 2495 + 2496 + static void artpec6_crypto_ahash_exit(struct crypto_tfm *tfm) 2497 + { 2498 + struct artpec6_hashalg_context *tfm_ctx = crypto_tfm_ctx(tfm); 2499 + 2500 + if (tfm_ctx->child_hash) 2501 + crypto_free_shash(tfm_ctx->child_hash); 2502 + 2503 + memset(tfm_ctx->hmac_key, 0, sizeof(tfm_ctx->hmac_key)); 2504 + tfm_ctx->hmac_key_length = 0; 2505 + } 2506 + 2507 + static int artpec6_crypto_hash_export(struct ahash_request *req, void *out) 2508 + { 2509 + const struct artpec6_hash_request_context *ctx = ahash_request_ctx(req); 2510 + struct artpec6_hash_export_state *state = out; 2511 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 2512 + enum artpec6_crypto_variant variant = ac->variant; 2513 + 2514 + BUILD_BUG_ON(sizeof(state->partial_buffer) != 2515 + sizeof(ctx->partial_buffer)); 2516 + BUILD_BUG_ON(sizeof(state->digeststate) != sizeof(ctx->digeststate)); 2517 + 2518 + state->digcnt = ctx->digcnt; 2519 + state->partial_bytes = ctx->partial_bytes; 2520 + state->hash_flags = ctx->hash_flags; 2521 + 2522 + if (variant == ARTPEC6_CRYPTO) 2523 + state->oper = FIELD_GET(A6_CRY_MD_OPER, ctx->hash_md); 2524 + else 2525 + state->oper = FIELD_GET(A7_CRY_MD_OPER, ctx->hash_md); 2526 + 2527 + memcpy(state->partial_buffer, ctx->partial_buffer, 2528 + sizeof(state->partial_buffer)); 2529 + memcpy(state->digeststate, ctx->digeststate, 2530 + sizeof(state->digeststate)); 2531 + 2532 + return 0; 2533 + } 2534 + 2535 + static int artpec6_crypto_hash_import(struct ahash_request *req, const void *in) 2536 + { 2537 + struct artpec6_hash_request_context *ctx = ahash_request_ctx(req); 2538 + const struct artpec6_hash_export_state *state = in; 2539 + struct artpec6_crypto *ac = dev_get_drvdata(artpec6_crypto_dev); 2540 + enum artpec6_crypto_variant variant = ac->variant; 2541 + 2542 + memset(ctx, 0, sizeof(*ctx)); 2543 + 2544 + ctx->digcnt = state->digcnt; 2545 + ctx->partial_bytes = state->partial_bytes; 2546 + ctx->hash_flags = state->hash_flags; 2547 + 2548 + if (variant == ARTPEC6_CRYPTO) 2549 + ctx->hash_md = FIELD_PREP(A6_CRY_MD_OPER, state->oper); 2550 + else 2551 + ctx->hash_md = FIELD_PREP(A7_CRY_MD_OPER, state->oper); 2552 + 2553 + memcpy(ctx->partial_buffer, state->partial_buffer, 2554 + sizeof(state->partial_buffer)); 2555 + memcpy(ctx->digeststate, state->digeststate, 2556 + sizeof(state->digeststate)); 2557 + 2558 + return 0; 2559 + } 2560 + 2561 + static int init_crypto_hw(struct artpec6_crypto *ac) 2562 + { 2563 + enum artpec6_crypto_variant variant = ac->variant; 2564 + void __iomem *base = ac->base; 2565 + u32 out_descr_buf_size; 2566 + u32 out_data_buf_size; 2567 + u32 in_data_buf_size; 2568 + u32 in_descr_buf_size; 2569 + u32 in_stat_buf_size; 2570 + u32 in, out; 2571 + 2572 + /* 2573 + * The PDMA unit contains 1984 bytes of internal memory for the OUT 2574 + * channels and 1024 bytes for the IN channel. This is an elastic 2575 + * memory used to internally store the descriptors and data. The values 2576 + * ares specified in 64 byte incremements. Trustzone buffers are not 2577 + * used at this stage. 2578 + */ 2579 + out_data_buf_size = 16; /* 1024 bytes for data */ 2580 + out_descr_buf_size = 15; /* 960 bytes for descriptors */ 2581 + in_data_buf_size = 8; /* 512 bytes for data */ 2582 + in_descr_buf_size = 4; /* 256 bytes for descriptors */ 2583 + in_stat_buf_size = 4; /* 256 bytes for stat descrs */ 2584 + 2585 + BUILD_BUG_ON_MSG((out_data_buf_size 2586 + + out_descr_buf_size) * 64 > 1984, 2587 + "Invalid OUT configuration"); 2588 + 2589 + BUILD_BUG_ON_MSG((in_data_buf_size 2590 + + in_descr_buf_size 2591 + + in_stat_buf_size) * 64 > 1024, 2592 + "Invalid IN configuration"); 2593 + 2594 + in = FIELD_PREP(PDMA_IN_BUF_CFG_DATA_BUF_SIZE, in_data_buf_size) | 2595 + FIELD_PREP(PDMA_IN_BUF_CFG_DESCR_BUF_SIZE, in_descr_buf_size) | 2596 + FIELD_PREP(PDMA_IN_BUF_CFG_STAT_BUF_SIZE, in_stat_buf_size); 2597 + 2598 + out = FIELD_PREP(PDMA_OUT_BUF_CFG_DATA_BUF_SIZE, out_data_buf_size) | 2599 + FIELD_PREP(PDMA_OUT_BUF_CFG_DESCR_BUF_SIZE, out_descr_buf_size); 2600 + 2601 + writel_relaxed(out, base + PDMA_OUT_BUF_CFG); 2602 + writel_relaxed(PDMA_OUT_CFG_EN, base + PDMA_OUT_CFG); 2603 + 2604 + if (variant == ARTPEC6_CRYPTO) { 2605 + writel_relaxed(in, base + A6_PDMA_IN_BUF_CFG); 2606 + writel_relaxed(PDMA_IN_CFG_EN, base + A6_PDMA_IN_CFG); 2607 + writel_relaxed(A6_PDMA_INTR_MASK_IN_DATA | 2608 + A6_PDMA_INTR_MASK_IN_EOP_FLUSH, 2609 + base + A6_PDMA_INTR_MASK); 2610 + } else { 2611 + writel_relaxed(in, base + A7_PDMA_IN_BUF_CFG); 2612 + writel_relaxed(PDMA_IN_CFG_EN, base + A7_PDMA_IN_CFG); 2613 + writel_relaxed(A7_PDMA_INTR_MASK_IN_DATA | 2614 + A7_PDMA_INTR_MASK_IN_EOP_FLUSH, 2615 + base + A7_PDMA_INTR_MASK); 2616 + } 2617 + 2618 + return 0; 2619 + } 2620 + 2621 + static void artpec6_crypto_disable_hw(struct artpec6_crypto *ac) 2622 + { 2623 + enum artpec6_crypto_variant variant = ac->variant; 2624 + void __iomem *base = ac->base; 2625 + 2626 + if (variant == ARTPEC6_CRYPTO) { 2627 + writel_relaxed(A6_PDMA_IN_CMD_STOP, base + A6_PDMA_IN_CMD); 2628 + writel_relaxed(0, base + A6_PDMA_IN_CFG); 2629 + writel_relaxed(A6_PDMA_OUT_CMD_STOP, base + PDMA_OUT_CMD); 2630 + } else { 2631 + writel_relaxed(A7_PDMA_IN_CMD_STOP, base + A7_PDMA_IN_CMD); 2632 + writel_relaxed(0, base + A7_PDMA_IN_CFG); 2633 + writel_relaxed(A7_PDMA_OUT_CMD_STOP, base + PDMA_OUT_CMD); 2634 + } 2635 + 2636 + writel_relaxed(0, base + PDMA_OUT_CFG); 2637 + 2638 + } 2639 + 2640 + static irqreturn_t artpec6_crypto_irq(int irq, void *dev_id) 2641 + { 2642 + struct artpec6_crypto *ac = dev_id; 2643 + enum artpec6_crypto_variant variant = ac->variant; 2644 + void __iomem *base = ac->base; 2645 + u32 mask_in_data, mask_in_eop_flush; 2646 + u32 in_cmd_flush_stat, in_cmd_reg; 2647 + u32 ack_intr_reg; 2648 + u32 ack = 0; 2649 + u32 intr; 2650 + 2651 + if (variant == ARTPEC6_CRYPTO) { 2652 + intr = readl_relaxed(base + A6_PDMA_MASKED_INTR); 2653 + mask_in_data = A6_PDMA_INTR_MASK_IN_DATA; 2654 + mask_in_eop_flush = A6_PDMA_INTR_MASK_IN_EOP_FLUSH; 2655 + in_cmd_flush_stat = A6_PDMA_IN_CMD_FLUSH_STAT; 2656 + in_cmd_reg = A6_PDMA_IN_CMD; 2657 + ack_intr_reg = A6_PDMA_ACK_INTR; 2658 + } else { 2659 + intr = readl_relaxed(base + A7_PDMA_MASKED_INTR); 2660 + mask_in_data = A7_PDMA_INTR_MASK_IN_DATA; 2661 + mask_in_eop_flush = A7_PDMA_INTR_MASK_IN_EOP_FLUSH; 2662 + in_cmd_flush_stat = A7_PDMA_IN_CMD_FLUSH_STAT; 2663 + in_cmd_reg = A7_PDMA_IN_CMD; 2664 + ack_intr_reg = A7_PDMA_ACK_INTR; 2665 + } 2666 + 2667 + /* We get two interrupt notifications from each job. 2668 + * The in_data means all data was sent to memory and then 2669 + * we request a status flush command to write the per-job 2670 + * status to its status vector. This ensures that the 2671 + * tasklet can detect exactly how many submitted jobs 2672 + * that have finished. 2673 + */ 2674 + if (intr & mask_in_data) 2675 + ack |= mask_in_data; 2676 + 2677 + if (intr & mask_in_eop_flush) 2678 + ack |= mask_in_eop_flush; 2679 + else 2680 + writel_relaxed(in_cmd_flush_stat, base + in_cmd_reg); 2681 + 2682 + writel_relaxed(ack, base + ack_intr_reg); 2683 + 2684 + if (intr & mask_in_eop_flush) 2685 + tasklet_schedule(&ac->task); 2686 + 2687 + return IRQ_HANDLED; 2688 + } 2689 + 2690 + /*------------------- Algorithm definitions ----------------------------------*/ 2691 + 2692 + /* Hashes */ 2693 + static struct ahash_alg hash_algos[] = { 2694 + /* SHA-1 */ 2695 + { 2696 + .init = artpec6_crypto_sha1_init, 2697 + .update = artpec6_crypto_hash_update, 2698 + .final = artpec6_crypto_hash_final, 2699 + .digest = artpec6_crypto_sha1_digest, 2700 + .import = artpec6_crypto_hash_import, 2701 + .export = artpec6_crypto_hash_export, 2702 + .halg.digestsize = SHA1_DIGEST_SIZE, 2703 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2704 + .halg.base = { 2705 + .cra_name = "sha1", 2706 + .cra_driver_name = "artpec-sha1", 2707 + .cra_priority = 300, 2708 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2709 + .cra_blocksize = SHA1_BLOCK_SIZE, 2710 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2711 + .cra_alignmask = 3, 2712 + .cra_module = THIS_MODULE, 2713 + .cra_init = artpec6_crypto_ahash_init, 2714 + .cra_exit = artpec6_crypto_ahash_exit, 2715 + } 2716 + }, 2717 + /* SHA-256 */ 2718 + { 2719 + .init = artpec6_crypto_sha256_init, 2720 + .update = artpec6_crypto_hash_update, 2721 + .final = artpec6_crypto_hash_final, 2722 + .digest = artpec6_crypto_sha256_digest, 2723 + .import = artpec6_crypto_hash_import, 2724 + .export = artpec6_crypto_hash_export, 2725 + .halg.digestsize = SHA256_DIGEST_SIZE, 2726 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2727 + .halg.base = { 2728 + .cra_name = "sha256", 2729 + .cra_driver_name = "artpec-sha256", 2730 + .cra_priority = 300, 2731 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2732 + .cra_blocksize = SHA256_BLOCK_SIZE, 2733 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2734 + .cra_alignmask = 3, 2735 + .cra_module = THIS_MODULE, 2736 + .cra_init = artpec6_crypto_ahash_init, 2737 + .cra_exit = artpec6_crypto_ahash_exit, 2738 + } 2739 + }, 2740 + /* HMAC SHA-256 */ 2741 + { 2742 + .init = artpec6_crypto_hmac_sha256_init, 2743 + .update = artpec6_crypto_hash_update, 2744 + .final = artpec6_crypto_hash_final, 2745 + .digest = artpec6_crypto_hmac_sha256_digest, 2746 + .import = artpec6_crypto_hash_import, 2747 + .export = artpec6_crypto_hash_export, 2748 + .setkey = artpec6_crypto_hash_set_key, 2749 + .halg.digestsize = SHA256_DIGEST_SIZE, 2750 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2751 + .halg.base = { 2752 + .cra_name = "hmac(sha256)", 2753 + .cra_driver_name = "artpec-hmac-sha256", 2754 + .cra_priority = 300, 2755 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2756 + .cra_blocksize = SHA256_BLOCK_SIZE, 2757 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2758 + .cra_alignmask = 3, 2759 + .cra_module = THIS_MODULE, 2760 + .cra_init = artpec6_crypto_ahash_init_hmac_sha256, 2761 + .cra_exit = artpec6_crypto_ahash_exit, 2762 + } 2763 + }, 2764 + }; 2765 + 2766 + static struct ahash_alg artpec7_hash_algos[] = { 2767 + /* SHA-384 */ 2768 + { 2769 + .init = artpec6_crypto_sha384_init, 2770 + .update = artpec6_crypto_hash_update, 2771 + .final = artpec6_crypto_hash_final, 2772 + .digest = artpec6_crypto_sha384_digest, 2773 + .import = artpec6_crypto_hash_import, 2774 + .export = artpec6_crypto_hash_export, 2775 + .halg.digestsize = SHA384_DIGEST_SIZE, 2776 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2777 + .halg.base = { 2778 + .cra_name = "sha384", 2779 + .cra_driver_name = "artpec-sha384", 2780 + .cra_priority = 300, 2781 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2782 + .cra_blocksize = SHA384_BLOCK_SIZE, 2783 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2784 + .cra_alignmask = 3, 2785 + .cra_module = THIS_MODULE, 2786 + .cra_init = artpec6_crypto_ahash_init, 2787 + .cra_exit = artpec6_crypto_ahash_exit, 2788 + } 2789 + }, 2790 + /* HMAC SHA-384 */ 2791 + { 2792 + .init = artpec6_crypto_hmac_sha384_init, 2793 + .update = artpec6_crypto_hash_update, 2794 + .final = artpec6_crypto_hash_final, 2795 + .digest = artpec6_crypto_hmac_sha384_digest, 2796 + .import = artpec6_crypto_hash_import, 2797 + .export = artpec6_crypto_hash_export, 2798 + .setkey = artpec6_crypto_hash_set_key, 2799 + .halg.digestsize = SHA384_DIGEST_SIZE, 2800 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2801 + .halg.base = { 2802 + .cra_name = "hmac(sha384)", 2803 + .cra_driver_name = "artpec-hmac-sha384", 2804 + .cra_priority = 300, 2805 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2806 + .cra_blocksize = SHA384_BLOCK_SIZE, 2807 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2808 + .cra_alignmask = 3, 2809 + .cra_module = THIS_MODULE, 2810 + .cra_init = artpec6_crypto_ahash_init_hmac_sha384, 2811 + .cra_exit = artpec6_crypto_ahash_exit, 2812 + } 2813 + }, 2814 + /* SHA-512 */ 2815 + { 2816 + .init = artpec6_crypto_sha512_init, 2817 + .update = artpec6_crypto_hash_update, 2818 + .final = artpec6_crypto_hash_final, 2819 + .digest = artpec6_crypto_sha512_digest, 2820 + .import = artpec6_crypto_hash_import, 2821 + .export = artpec6_crypto_hash_export, 2822 + .halg.digestsize = SHA512_DIGEST_SIZE, 2823 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2824 + .halg.base = { 2825 + .cra_name = "sha512", 2826 + .cra_driver_name = "artpec-sha512", 2827 + .cra_priority = 300, 2828 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2829 + .cra_blocksize = SHA512_BLOCK_SIZE, 2830 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2831 + .cra_alignmask = 3, 2832 + .cra_module = THIS_MODULE, 2833 + .cra_init = artpec6_crypto_ahash_init, 2834 + .cra_exit = artpec6_crypto_ahash_exit, 2835 + } 2836 + }, 2837 + /* HMAC SHA-512 */ 2838 + { 2839 + .init = artpec6_crypto_hmac_sha512_init, 2840 + .update = artpec6_crypto_hash_update, 2841 + .final = artpec6_crypto_hash_final, 2842 + .digest = artpec6_crypto_hmac_sha512_digest, 2843 + .import = artpec6_crypto_hash_import, 2844 + .export = artpec6_crypto_hash_export, 2845 + .setkey = artpec6_crypto_hash_set_key, 2846 + .halg.digestsize = SHA512_DIGEST_SIZE, 2847 + .halg.statesize = sizeof(struct artpec6_hash_export_state), 2848 + .halg.base = { 2849 + .cra_name = "hmac(sha512)", 2850 + .cra_driver_name = "artpec-hmac-sha512", 2851 + .cra_priority = 300, 2852 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, 2853 + .cra_blocksize = SHA512_BLOCK_SIZE, 2854 + .cra_ctxsize = sizeof(struct artpec6_hashalg_context), 2855 + .cra_alignmask = 3, 2856 + .cra_module = THIS_MODULE, 2857 + .cra_init = artpec6_crypto_ahash_init_hmac_sha512, 2858 + .cra_exit = artpec6_crypto_ahash_exit, 2859 + } 2860 + }, 2861 + }; 2862 + 2863 + /* Crypto */ 2864 + static struct skcipher_alg crypto_algos[] = { 2865 + /* AES - ECB */ 2866 + { 2867 + .base = { 2868 + .cra_name = "ecb(aes)", 2869 + .cra_driver_name = "artpec6-ecb-aes", 2870 + .cra_priority = 300, 2871 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | 2872 + CRYPTO_ALG_ASYNC, 2873 + .cra_blocksize = AES_BLOCK_SIZE, 2874 + .cra_ctxsize = sizeof(struct artpec6_cryptotfm_context), 2875 + .cra_alignmask = 3, 2876 + .cra_module = THIS_MODULE, 2877 + }, 2878 + .min_keysize = AES_MIN_KEY_SIZE, 2879 + .max_keysize = AES_MAX_KEY_SIZE, 2880 + .setkey = artpec6_crypto_cipher_set_key, 2881 + .encrypt = artpec6_crypto_encrypt, 2882 + .decrypt = artpec6_crypto_decrypt, 2883 + .init = artpec6_crypto_aes_ecb_init, 2884 + .exit = artpec6_crypto_aes_exit, 2885 + }, 2886 + /* AES - CTR */ 2887 + { 2888 + .base = { 2889 + .cra_name = "ctr(aes)", 2890 + .cra_driver_name = "artpec6-ctr-aes", 2891 + .cra_priority = 300, 2892 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | 2893 + CRYPTO_ALG_ASYNC | 2894 + CRYPTO_ALG_NEED_FALLBACK, 2895 + .cra_blocksize = 1, 2896 + .cra_ctxsize = sizeof(struct artpec6_cryptotfm_context), 2897 + .cra_alignmask = 3, 2898 + .cra_module = THIS_MODULE, 2899 + }, 2900 + .min_keysize = AES_MIN_KEY_SIZE, 2901 + .max_keysize = AES_MAX_KEY_SIZE, 2902 + .ivsize = AES_BLOCK_SIZE, 2903 + .setkey = artpec6_crypto_cipher_set_key, 2904 + .encrypt = artpec6_crypto_ctr_encrypt, 2905 + .decrypt = artpec6_crypto_ctr_decrypt, 2906 + .init = artpec6_crypto_aes_ctr_init, 2907 + .exit = artpec6_crypto_aes_ctr_exit, 2908 + }, 2909 + /* AES - CBC */ 2910 + { 2911 + .base = { 2912 + .cra_name = "cbc(aes)", 2913 + .cra_driver_name = "artpec6-cbc-aes", 2914 + .cra_priority = 300, 2915 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | 2916 + CRYPTO_ALG_ASYNC, 2917 + .cra_blocksize = AES_BLOCK_SIZE, 2918 + .cra_ctxsize = sizeof(struct artpec6_cryptotfm_context), 2919 + .cra_alignmask = 3, 2920 + .cra_module = THIS_MODULE, 2921 + }, 2922 + .min_keysize = AES_MIN_KEY_SIZE, 2923 + .max_keysize = AES_MAX_KEY_SIZE, 2924 + .ivsize = AES_BLOCK_SIZE, 2925 + .setkey = artpec6_crypto_cipher_set_key, 2926 + .encrypt = artpec6_crypto_encrypt, 2927 + .decrypt = artpec6_crypto_decrypt, 2928 + .init = artpec6_crypto_aes_cbc_init, 2929 + .exit = artpec6_crypto_aes_exit 2930 + }, 2931 + /* AES - XTS */ 2932 + { 2933 + .base = { 2934 + .cra_name = "xts(aes)", 2935 + .cra_driver_name = "artpec6-xts-aes", 2936 + .cra_priority = 300, 2937 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | 2938 + CRYPTO_ALG_ASYNC, 2939 + .cra_blocksize = 1, 2940 + .cra_ctxsize = sizeof(struct artpec6_cryptotfm_context), 2941 + .cra_alignmask = 3, 2942 + .cra_module = THIS_MODULE, 2943 + }, 2944 + .min_keysize = 2*AES_MIN_KEY_SIZE, 2945 + .max_keysize = 2*AES_MAX_KEY_SIZE, 2946 + .ivsize = 16, 2947 + .setkey = artpec6_crypto_xts_set_key, 2948 + .encrypt = artpec6_crypto_encrypt, 2949 + .decrypt = artpec6_crypto_decrypt, 2950 + .init = artpec6_crypto_aes_xts_init, 2951 + .exit = artpec6_crypto_aes_exit, 2952 + }, 2953 + }; 2954 + 2955 + static struct aead_alg aead_algos[] = { 2956 + { 2957 + .init = artpec6_crypto_aead_init, 2958 + .setkey = artpec6_crypto_aead_set_key, 2959 + .encrypt = artpec6_crypto_aead_encrypt, 2960 + .decrypt = artpec6_crypto_aead_decrypt, 2961 + .ivsize = AES_BLOCK_SIZE, 2962 + .maxauthsize = AES_BLOCK_SIZE, 2963 + 2964 + .base = { 2965 + .cra_name = "gcm(aes)", 2966 + .cra_driver_name = "artpec-gcm-aes", 2967 + .cra_priority = 300, 2968 + .cra_flags = CRYPTO_ALG_TYPE_AEAD | CRYPTO_ALG_ASYNC | 2969 + CRYPTO_ALG_KERN_DRIVER_ONLY, 2970 + .cra_blocksize = 1, 2971 + .cra_ctxsize = sizeof(struct artpec6_cryptotfm_context), 2972 + .cra_alignmask = 3, 2973 + .cra_module = THIS_MODULE, 2974 + }, 2975 + } 2976 + }; 2977 + 2978 + #ifdef CONFIG_DEBUG_FS 2979 + 2980 + struct dbgfs_u32 { 2981 + char *name; 2982 + mode_t mode; 2983 + u32 *flag; 2984 + char *desc; 2985 + }; 2986 + 2987 + static void artpec6_crypto_init_debugfs(void) 2988 + { 2989 + dbgfs_root = debugfs_create_dir("artpec6_crypto", NULL); 2990 + 2991 + if (!dbgfs_root || IS_ERR(dbgfs_root)) { 2992 + dbgfs_root = NULL; 2993 + pr_err("%s: Could not initialise debugfs!\n", MODULE_NAME); 2994 + return; 2995 + } 2996 + 2997 + #ifdef CONFIG_FAULT_INJECTION 2998 + fault_create_debugfs_attr("fail_status_read", dbgfs_root, 2999 + &artpec6_crypto_fail_status_read); 3000 + 3001 + fault_create_debugfs_attr("fail_dma_array_full", dbgfs_root, 3002 + &artpec6_crypto_fail_dma_array_full); 3003 + #endif 3004 + } 3005 + 3006 + static void artpec6_crypto_free_debugfs(void) 3007 + { 3008 + if (!dbgfs_root) 3009 + return; 3010 + 3011 + debugfs_remove_recursive(dbgfs_root); 3012 + dbgfs_root = NULL; 3013 + } 3014 + #endif 3015 + 3016 + static const struct of_device_id artpec6_crypto_of_match[] = { 3017 + { .compatible = "axis,artpec6-crypto", .data = (void *)ARTPEC6_CRYPTO }, 3018 + { .compatible = "axis,artpec7-crypto", .data = (void *)ARTPEC7_CRYPTO }, 3019 + {} 3020 + }; 3021 + MODULE_DEVICE_TABLE(of, artpec6_crypto_of_match); 3022 + 3023 + static int artpec6_crypto_probe(struct platform_device *pdev) 3024 + { 3025 + const struct of_device_id *match; 3026 + enum artpec6_crypto_variant variant; 3027 + struct artpec6_crypto *ac; 3028 + struct device *dev = &pdev->dev; 3029 + void __iomem *base; 3030 + struct resource *res; 3031 + int irq; 3032 + int err; 3033 + 3034 + if (artpec6_crypto_dev) 3035 + return -ENODEV; 3036 + 3037 + match = of_match_node(artpec6_crypto_of_match, dev->of_node); 3038 + if (!match) 3039 + return -EINVAL; 3040 + 3041 + variant = (enum artpec6_crypto_variant)match->data; 3042 + 3043 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 3044 + if (!res) 3045 + return -ENODEV; 3046 + 3047 + base = devm_ioremap_resource(&pdev->dev, res); 3048 + if (IS_ERR(base)) 3049 + return PTR_ERR(base); 3050 + 3051 + irq = platform_get_irq(pdev, 0); 3052 + if (irq < 0) 3053 + return -ENODEV; 3054 + 3055 + ac = devm_kzalloc(&pdev->dev, sizeof(struct artpec6_crypto), 3056 + GFP_KERNEL); 3057 + if (!ac) 3058 + return -ENOMEM; 3059 + 3060 + platform_set_drvdata(pdev, ac); 3061 + ac->variant = variant; 3062 + 3063 + spin_lock_init(&ac->queue_lock); 3064 + INIT_LIST_HEAD(&ac->queue); 3065 + INIT_LIST_HEAD(&ac->pending); 3066 + setup_timer(&ac->timer, artpec6_crypto_timeout, (unsigned long) ac); 3067 + 3068 + ac->base = base; 3069 + 3070 + ac->dma_cache = kmem_cache_create("artpec6_crypto_dma", 3071 + sizeof(struct artpec6_crypto_dma_descriptors), 3072 + 64, 3073 + 0, 3074 + NULL); 3075 + if (!ac->dma_cache) 3076 + return -ENOMEM; 3077 + 3078 + #ifdef CONFIG_DEBUG_FS 3079 + artpec6_crypto_init_debugfs(); 3080 + #endif 3081 + 3082 + tasklet_init(&ac->task, artpec6_crypto_task, 3083 + (unsigned long)ac); 3084 + 3085 + ac->pad_buffer = devm_kzalloc(&pdev->dev, 2 * ARTPEC_CACHE_LINE_MAX, 3086 + GFP_KERNEL); 3087 + if (!ac->pad_buffer) 3088 + return -ENOMEM; 3089 + ac->pad_buffer = PTR_ALIGN(ac->pad_buffer, ARTPEC_CACHE_LINE_MAX); 3090 + 3091 + ac->zero_buffer = devm_kzalloc(&pdev->dev, 2 * ARTPEC_CACHE_LINE_MAX, 3092 + GFP_KERNEL); 3093 + if (!ac->zero_buffer) 3094 + return -ENOMEM; 3095 + ac->zero_buffer = PTR_ALIGN(ac->zero_buffer, ARTPEC_CACHE_LINE_MAX); 3096 + 3097 + err = init_crypto_hw(ac); 3098 + if (err) 3099 + goto free_cache; 3100 + 3101 + err = devm_request_irq(&pdev->dev, irq, artpec6_crypto_irq, 0, 3102 + "artpec6-crypto", ac); 3103 + if (err) 3104 + goto disable_hw; 3105 + 3106 + artpec6_crypto_dev = &pdev->dev; 3107 + 3108 + err = crypto_register_ahashes(hash_algos, ARRAY_SIZE(hash_algos)); 3109 + if (err) { 3110 + dev_err(dev, "Failed to register ahashes\n"); 3111 + goto disable_hw; 3112 + } 3113 + 3114 + if (variant != ARTPEC6_CRYPTO) { 3115 + err = crypto_register_ahashes(artpec7_hash_algos, 3116 + ARRAY_SIZE(artpec7_hash_algos)); 3117 + if (err) { 3118 + dev_err(dev, "Failed to register ahashes\n"); 3119 + goto unregister_ahashes; 3120 + } 3121 + } 3122 + 3123 + err = crypto_register_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); 3124 + if (err) { 3125 + dev_err(dev, "Failed to register ciphers\n"); 3126 + goto unregister_a7_ahashes; 3127 + } 3128 + 3129 + err = crypto_register_aeads(aead_algos, ARRAY_SIZE(aead_algos)); 3130 + if (err) { 3131 + dev_err(dev, "Failed to register aeads\n"); 3132 + goto unregister_algs; 3133 + } 3134 + 3135 + return 0; 3136 + 3137 + unregister_algs: 3138 + crypto_unregister_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); 3139 + unregister_a7_ahashes: 3140 + if (variant != ARTPEC6_CRYPTO) 3141 + crypto_unregister_ahashes(artpec7_hash_algos, 3142 + ARRAY_SIZE(artpec7_hash_algos)); 3143 + unregister_ahashes: 3144 + crypto_unregister_ahashes(hash_algos, ARRAY_SIZE(hash_algos)); 3145 + disable_hw: 3146 + artpec6_crypto_disable_hw(ac); 3147 + free_cache: 3148 + kmem_cache_destroy(ac->dma_cache); 3149 + return err; 3150 + } 3151 + 3152 + static int artpec6_crypto_remove(struct platform_device *pdev) 3153 + { 3154 + struct artpec6_crypto *ac = platform_get_drvdata(pdev); 3155 + int irq = platform_get_irq(pdev, 0); 3156 + 3157 + crypto_unregister_ahashes(hash_algos, ARRAY_SIZE(hash_algos)); 3158 + if (ac->variant != ARTPEC6_CRYPTO) 3159 + crypto_unregister_ahashes(artpec7_hash_algos, 3160 + ARRAY_SIZE(artpec7_hash_algos)); 3161 + crypto_unregister_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); 3162 + crypto_unregister_aeads(aead_algos, ARRAY_SIZE(aead_algos)); 3163 + 3164 + tasklet_disable(&ac->task); 3165 + devm_free_irq(&pdev->dev, irq, ac); 3166 + tasklet_kill(&ac->task); 3167 + del_timer_sync(&ac->timer); 3168 + 3169 + artpec6_crypto_disable_hw(ac); 3170 + 3171 + kmem_cache_destroy(ac->dma_cache); 3172 + #ifdef CONFIG_DEBUG_FS 3173 + artpec6_crypto_free_debugfs(); 3174 + #endif 3175 + return 0; 3176 + } 3177 + 3178 + static struct platform_driver artpec6_crypto_driver = { 3179 + .probe = artpec6_crypto_probe, 3180 + .remove = artpec6_crypto_remove, 3181 + .driver = { 3182 + .name = "artpec6-crypto", 3183 + .owner = THIS_MODULE, 3184 + .of_match_table = artpec6_crypto_of_match, 3185 + }, 3186 + }; 3187 + 3188 + module_platform_driver(artpec6_crypto_driver); 3189 + 3190 + MODULE_AUTHOR("Axis Communications AB"); 3191 + MODULE_DESCRIPTION("ARTPEC-6 Crypto driver"); 3192 + MODULE_LICENSE("GPL");

+54 -60

drivers/crypto/bcm/cipher.c

··· 90 90 module_param(aead_pri, int, 0644); 91 91 MODULE_PARM_DESC(aead_pri, "Priority for AEAD algos"); 92 92 93 - #define MAX_SPUS 16 94 - 95 93 /* A type 3 BCM header, expected to precede the SPU header for SPU-M. 96 94 * Bits 3 and 4 in the first byte encode the channel number (the dma ringset). 97 95 * 0x60 - ring 0 ··· 118 120 { 119 121 u8 chan_idx = atomic_inc_return(&iproc_priv.next_chan); 120 122 121 - return chan_idx % iproc_priv.spu.num_spu; 123 + return chan_idx % iproc_priv.spu.num_chan; 122 124 } 123 125 124 126 /** ··· 4526 4528 */ 4527 4529 static int spu_mb_init(struct device *dev) 4528 4530 { 4529 - struct mbox_client *mcl = &iproc_priv.mcl[iproc_priv.spu.num_spu]; 4530 - int err; 4531 + struct mbox_client *mcl = &iproc_priv.mcl; 4532 + int err, i; 4533 + 4534 + iproc_priv.mbox = devm_kcalloc(dev, iproc_priv.spu.num_chan, 4535 + sizeof(struct mbox_chan *), GFP_KERNEL); 4536 + if (!iproc_priv.mbox) 4537 + return -ENOMEM; 4531 4538 4532 4539 mcl->dev = dev; 4533 4540 mcl->tx_block = false; ··· 4541 4538 mcl->rx_callback = spu_rx_callback; 4542 4539 mcl->tx_done = NULL; 4543 4540 4544 - iproc_priv.mbox[iproc_priv.spu.num_spu] = 4545 - mbox_request_channel(mcl, 0); 4546 - if (IS_ERR(iproc_priv.mbox[iproc_priv.spu.num_spu])) { 4547 - err = (int)PTR_ERR(iproc_priv.mbox[iproc_priv.spu.num_spu]); 4548 - dev_err(dev, 4549 - "Mbox channel %d request failed with err %d", 4550 - iproc_priv.spu.num_spu, err); 4551 - iproc_priv.mbox[iproc_priv.spu.num_spu] = NULL; 4552 - return err; 4541 + for (i = 0; i < iproc_priv.spu.num_chan; i++) { 4542 + iproc_priv.mbox[i] = mbox_request_channel(mcl, i); 4543 + if (IS_ERR(iproc_priv.mbox[i])) { 4544 + err = (int)PTR_ERR(iproc_priv.mbox[i]); 4545 + dev_err(dev, 4546 + "Mbox channel %d request failed with err %d", 4547 + i, err); 4548 + iproc_priv.mbox[i] = NULL; 4549 + goto free_channels; 4550 + } 4553 4551 } 4554 4552 4555 4553 return 0; 4554 + free_channels: 4555 + for (i = 0; i < iproc_priv.spu.num_chan; i++) { 4556 + if (iproc_priv.mbox[i]) 4557 + mbox_free_channel(iproc_priv.mbox[i]); 4558 + } 4559 + 4560 + return err; 4556 4561 } 4557 4562 4558 4563 static void spu_mb_release(struct platform_device *pdev) 4559 4564 { 4560 4565 int i; 4561 4566 4562 - for (i = 0; i < iproc_priv.spu.num_spu; i++) 4567 + for (i = 0; i < iproc_priv.spu.num_chan; i++) 4563 4568 mbox_free_channel(iproc_priv.mbox[i]); 4564 4569 } 4565 4570 ··· 4578 4567 4579 4568 atomic_set(&iproc_priv.session_count, 0); 4580 4569 atomic_set(&iproc_priv.stream_count, 0); 4581 - atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_spu); 4570 + atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_chan); 4582 4571 atomic64_set(&iproc_priv.bytes_in, 0); 4583 4572 atomic64_set(&iproc_priv.bytes_out, 0); 4584 4573 for (i = 0; i < SPU_OP_NUM; i++) { ··· 4820 4809 struct resource *spu_ctrl_regs; 4821 4810 const struct of_device_id *match; 4822 4811 const struct spu_type_subtype *matched_spu_type; 4823 - void __iomem *spu_reg_vbase[MAX_SPUS]; 4824 - int err; 4812 + struct device_node *dn = pdev->dev.of_node; 4813 + int err, i; 4814 + 4815 + /* Count number of mailbox channels */ 4816 + spu->num_chan = of_count_phandle_with_args(dn, "mboxes", "#mbox-cells"); 4825 4817 4826 4818 match = of_match_device(of_match_ptr(bcm_spu_dt_ids), dev); 4819 + if (!match) { 4820 + dev_err(&pdev->dev, "Failed to match device\n"); 4821 + return -ENODEV; 4822 + } 4823 + 4827 4824 matched_spu_type = match->data; 4828 4825 4829 - if (iproc_priv.spu.num_spu > 1) { 4830 - /* If this is 2nd or later SPU, make sure it's same type */ 4831 - if ((spu->spu_type != matched_spu_type->type) || 4832 - (spu->spu_subtype != matched_spu_type->subtype)) { 4833 - err = -EINVAL; 4834 - dev_err(&pdev->dev, "Multiple SPU types not allowed"); 4826 + spu->spu_type = matched_spu_type->type; 4827 + spu->spu_subtype = matched_spu_type->subtype; 4828 + 4829 + i = 0; 4830 + for (i = 0; (i < MAX_SPUS) && ((spu_ctrl_regs = 4831 + platform_get_resource(pdev, IORESOURCE_MEM, i)) != NULL); i++) { 4832 + 4833 + spu->reg_vbase[i] = devm_ioremap_resource(dev, spu_ctrl_regs); 4834 + if (IS_ERR(spu->reg_vbase[i])) { 4835 + err = PTR_ERR(spu->reg_vbase[i]); 4836 + dev_err(&pdev->dev, "Failed to map registers: %d\n", 4837 + err); 4838 + spu->reg_vbase[i] = NULL; 4835 4839 return err; 4836 4840 } 4837 - } else { 4838 - /* Record type of first SPU */ 4839 - spu->spu_type = matched_spu_type->type; 4840 - spu->spu_subtype = matched_spu_type->subtype; 4841 4841 } 4842 - 4843 - /* Get and map SPU registers */ 4844 - spu_ctrl_regs = platform_get_resource(pdev, IORESOURCE_MEM, 0); 4845 - if (!spu_ctrl_regs) { 4846 - err = -EINVAL; 4847 - dev_err(&pdev->dev, "Invalid/missing registers for SPU\n"); 4848 - return err; 4849 - } 4850 - 4851 - spu_reg_vbase[iproc_priv.spu.num_spu] = 4852 - devm_ioremap_resource(dev, spu_ctrl_regs); 4853 - if (IS_ERR(spu_reg_vbase[iproc_priv.spu.num_spu])) { 4854 - err = PTR_ERR(spu_reg_vbase[iproc_priv.spu.num_spu]); 4855 - dev_err(&pdev->dev, "Failed to map registers: %d\n", 4856 - err); 4857 - spu_reg_vbase[iproc_priv.spu.num_spu] = NULL; 4858 - return err; 4859 - } 4860 - 4861 - dev_dbg(dev, "SPU %d detected.", iproc_priv.spu.num_spu); 4862 - 4863 - spu->reg_vbase[iproc_priv.spu.num_spu] = spu_reg_vbase; 4842 + spu->num_spu = i; 4843 + dev_dbg(dev, "Device has %d SPUs", spu->num_spu); 4864 4844 4865 4845 return 0; 4866 4846 } ··· 4862 4860 struct spu_hw *spu = &iproc_priv.spu; 4863 4861 int err = 0; 4864 4862 4865 - iproc_priv.pdev[iproc_priv.spu.num_spu] = pdev; 4866 - platform_set_drvdata(iproc_priv.pdev[iproc_priv.spu.num_spu], 4863 + iproc_priv.pdev = pdev; 4864 + platform_set_drvdata(iproc_priv.pdev, 4867 4865 &iproc_priv); 4868 4866 4869 4867 err = spu_dt_read(pdev); ··· 4873 4871 err = spu_mb_init(&pdev->dev); 4874 4872 if (err < 0) 4875 4873 goto failure; 4876 - 4877 - iproc_priv.spu.num_spu++; 4878 - 4879 - /* If already initialized, we've just added another SPU and are done */ 4880 - if (iproc_priv.inited) 4881 - return 0; 4882 4874 4883 4875 if (spu->spu_type == SPU_TYPE_SPUM) 4884 4876 iproc_priv.bcm_hdr_len = 8; ··· 4888 4892 err = spu_algs_register(dev); 4889 4893 if (err < 0) 4890 4894 goto fail_reg; 4891 - 4892 - iproc_priv.inited = true; 4893 4895 4894 4896 return 0; 4895 4897

+7 -6

drivers/crypto/bcm/cipher.h

··· 427 427 428 428 /* The number of SPUs on this platform */ 429 429 u32 num_spu; 430 + 431 + /* The number of SPU channels on this platform */ 432 + u32 num_chan; 430 433 }; 431 434 432 435 struct device_private { 433 - struct platform_device *pdev[MAX_SPUS]; 436 + struct platform_device *pdev; 434 437 435 438 struct spu_hw spu; 436 439 ··· 473 470 /* Number of ICV check failures for AEAD messages */ 474 471 atomic_t bad_icv; 475 472 476 - struct mbox_client mcl[MAX_SPUS]; 477 - /* Array of mailbox channel pointers, one for each channel */ 478 - struct mbox_chan *mbox[MAX_SPUS]; 473 + struct mbox_client mcl; 479 474 480 - /* Driver initialized */ 481 - bool inited; 475 + /* Array of mailbox channel pointers, one for each channel */ 476 + struct mbox_chan **mbox; 482 477 }; 483 478 484 479 extern struct device_private iproc_priv;

+15 -51

drivers/crypto/caam/caamalg.c

··· 81 81 #define debug(format, arg...) 82 82 #endif 83 83 84 - #ifdef DEBUG 85 - #include <linux/highmem.h> 86 - 87 - static void dbg_dump_sg(const char *level, const char *prefix_str, 88 - int prefix_type, int rowsize, int groupsize, 89 - struct scatterlist *sg, size_t tlen, bool ascii) 90 - { 91 - struct scatterlist *it; 92 - void *it_page; 93 - size_t len; 94 - void *buf; 95 - 96 - for (it = sg; it != NULL && tlen > 0 ; it = sg_next(sg)) { 97 - /* 98 - * make sure the scatterlist's page 99 - * has a valid virtual memory mapping 100 - */ 101 - it_page = kmap_atomic(sg_page(it)); 102 - if (unlikely(!it_page)) { 103 - printk(KERN_ERR "dbg_dump_sg: kmap failed\n"); 104 - return; 105 - } 106 - 107 - buf = it_page + it->offset; 108 - len = min_t(size_t, tlen, it->length); 109 - print_hex_dump(level, prefix_str, prefix_type, rowsize, 110 - groupsize, buf, len, ascii); 111 - tlen -= len; 112 - 113 - kunmap_atomic(it_page); 114 - } 115 - } 116 - #endif 117 - 118 84 static struct list_head alg_list; 119 85 120 86 struct caam_alg_entry { ··· 864 898 print_hex_dump(KERN_ERR, "dstiv @"__stringify(__LINE__)": ", 865 899 DUMP_PREFIX_ADDRESS, 16, 4, req->info, 866 900 edesc->src_nents > 1 ? 100 : ivsize, 1); 867 - dbg_dump_sg(KERN_ERR, "dst @"__stringify(__LINE__)": ", 868 - DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 869 - edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 870 901 #endif 902 + caam_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ", 903 + DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 904 + edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 871 905 872 906 ablkcipher_unmap(jrdev, edesc, req); 873 907 ··· 903 937 print_hex_dump(KERN_ERR, "dstiv @"__stringify(__LINE__)": ", 904 938 DUMP_PREFIX_ADDRESS, 16, 4, req->info, 905 939 ivsize, 1); 906 - dbg_dump_sg(KERN_ERR, "dst @"__stringify(__LINE__)": ", 907 - DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 908 - edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 909 940 #endif 941 + caam_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ", 942 + DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 943 + edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 910 944 911 945 ablkcipher_unmap(jrdev, edesc, req); 912 946 ··· 1073 1107 ivsize, 1); 1074 1108 pr_err("asked=%d, nbytes%d\n", 1075 1109 (int)edesc->src_nents > 1 ? 100 : req->nbytes, req->nbytes); 1076 - dbg_dump_sg(KERN_ERR, "src @"__stringify(__LINE__)": ", 1077 - DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1078 - edesc->src_nents > 1 ? 100 : req->nbytes, 1); 1079 1110 #endif 1111 + caam_dump_sg(KERN_ERR, "src @" __stringify(__LINE__)": ", 1112 + DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1113 + edesc->src_nents > 1 ? 100 : req->nbytes, 1); 1080 1114 1081 1115 len = desc_len(sh_desc); 1082 1116 init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); ··· 1130 1164 print_hex_dump(KERN_ERR, "presciv@" __stringify(__LINE__) ": ", 1131 1165 DUMP_PREFIX_ADDRESS, 16, 4, req->info, 1132 1166 ivsize, 1); 1133 - dbg_dump_sg(KERN_ERR, "src @" __stringify(__LINE__) ": ", 1134 - DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1135 - edesc->src_nents > 1 ? 100 : req->nbytes, 1); 1136 1167 #endif 1168 + caam_dump_sg(KERN_ERR, "src @" __stringify(__LINE__) ": ", 1169 + DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1170 + edesc->src_nents > 1 ? 100 : req->nbytes, 1); 1137 1171 1138 1172 len = desc_len(sh_desc); 1139 1173 init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); ··· 1415 1449 u32 *desc; 1416 1450 int ret = 0; 1417 1451 1418 - #ifdef DEBUG 1419 - dbg_dump_sg(KERN_ERR, "dec src@"__stringify(__LINE__)": ", 1420 - DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1421 - req->assoclen + req->cryptlen, 1); 1422 - #endif 1452 + caam_dump_sg(KERN_ERR, "dec src@" __stringify(__LINE__)": ", 1453 + DUMP_PREFIX_ADDRESS, 16, 4, req->src, 1454 + req->assoclen + req->cryptlen, 1); 1423 1455 1424 1456 /* allocate extended descriptor */ 1425 1457 edesc = aead_edesc_alloc(req, AUTHENC_DESC_JOB_IO_LEN,

+2 -3

drivers/crypto/caam/caamalg_desc.c

··· 599 599 600 600 /* skip key loading if they are loaded due to sharing */ 601 601 key_jump_cmd = append_jump(desc, JUMP_JSL | JUMP_TEST_ALL | 602 - JUMP_COND_SHRD | JUMP_COND_SELF); 602 + JUMP_COND_SHRD); 603 603 if (cdata->key_inline) 604 604 append_key_as_imm(desc, cdata->key_virt, cdata->keylen, 605 605 cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); ··· 688 688 689 689 /* skip key loading if they are loaded due to sharing */ 690 690 key_jump_cmd = append_jump(desc, JUMP_JSL | 691 - JUMP_TEST_ALL | JUMP_COND_SHRD | 692 - JUMP_COND_SELF); 691 + JUMP_TEST_ALL | JUMP_COND_SHRD); 693 692 if (cdata->key_inline) 694 693 append_key_as_imm(desc, cdata->key_virt, cdata->keylen, 695 694 cdata->keylen, CLASS_1 | KEY_DEST_CLASS_REG);

+47 -8

drivers/crypto/caam/caamalg_qi.c

··· 12 12 #include "intern.h" 13 13 #include "desc_constr.h" 14 14 #include "error.h" 15 - #include "sg_sw_sec4.h" 16 15 #include "sg_sw_qm.h" 17 16 #include "key_gen.h" 18 17 #include "qi.h" ··· 398 399 * @iv_dma: dma address of iv for checking continuity and link table 399 400 * @qm_sg_bytes: length of dma mapped h/w link table 400 401 * @qm_sg_dma: bus physical mapped address of h/w link table 402 + * @assoclen: associated data length, in CAAM endianness 401 403 * @assoclen_dma: bus physical mapped address of req->assoclen 402 404 * @drv_req: driver-specific request structure 403 405 * @sgt: the h/w link table ··· 409 409 dma_addr_t iv_dma; 410 410 int qm_sg_bytes; 411 411 dma_addr_t qm_sg_dma; 412 + unsigned int assoclen; 412 413 dma_addr_t assoclen_dma; 413 414 struct caam_drv_req drv_req; 415 + #define CAAM_QI_MAX_AEAD_SG \ 416 + ((CAAM_QI_MEMCACHE_SIZE - offsetof(struct aead_edesc, sgt)) / \ 417 + sizeof(struct qm_sg_entry)) 414 418 struct qm_sg_entry sgt[0]; 415 419 }; 416 420 ··· 435 431 int qm_sg_bytes; 436 432 dma_addr_t qm_sg_dma; 437 433 struct caam_drv_req drv_req; 434 + #define CAAM_QI_MAX_ABLKCIPHER_SG \ 435 + ((CAAM_QI_MEMCACHE_SIZE - offsetof(struct ablkcipher_edesc, sgt)) / \ 436 + sizeof(struct qm_sg_entry)) 438 437 struct qm_sg_entry sgt[0]; 439 438 }; 440 439 ··· 667 660 */ 668 661 qm_sg_ents = 1 + !!ivsize + mapped_src_nents + 669 662 (mapped_dst_nents > 1 ? mapped_dst_nents : 0); 663 + if (unlikely(qm_sg_ents > CAAM_QI_MAX_AEAD_SG)) { 664 + dev_err(qidev, "Insufficient S/G entries: %d > %lu\n", 665 + qm_sg_ents, CAAM_QI_MAX_AEAD_SG); 666 + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 667 + iv_dma, ivsize, op_type, 0, 0); 668 + qi_cache_free(edesc); 669 + return ERR_PTR(-ENOMEM); 670 + } 670 671 sg_table = &edesc->sgt[0]; 671 672 qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); 672 673 ··· 685 670 edesc->drv_req.cbk = aead_done; 686 671 edesc->drv_req.drv_ctx = drv_ctx; 687 672 688 - edesc->assoclen_dma = dma_map_single(qidev, &req->assoclen, 4, 673 + edesc->assoclen = cpu_to_caam32(req->assoclen); 674 + edesc->assoclen_dma = dma_map_single(qidev, &edesc->assoclen, 4, 689 675 DMA_TO_DEVICE); 690 676 if (dma_mapping_error(qidev, edesc->assoclen_dma)) { 691 677 dev_err(qidev, "unable to map assoclen\n"); ··· 792 776 struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req); 793 777 struct caam_ctx *caam_ctx = crypto_ablkcipher_ctx(ablkcipher); 794 778 struct device *qidev = caam_ctx->qidev; 795 - #ifdef DEBUG 796 779 int ivsize = crypto_ablkcipher_ivsize(ablkcipher); 797 780 781 + #ifdef DEBUG 798 782 dev_err(qidev, "%s %d: status 0x%x\n", __func__, __LINE__, status); 799 783 #endif 800 784 ··· 807 791 print_hex_dump(KERN_ERR, "dstiv @" __stringify(__LINE__)": ", 808 792 DUMP_PREFIX_ADDRESS, 16, 4, req->info, 809 793 edesc->src_nents > 1 ? 100 : ivsize, 1); 810 - dbg_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ", 811 - DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 812 - edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 794 + caam_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ", 795 + DUMP_PREFIX_ADDRESS, 16, 4, req->dst, 796 + edesc->dst_nents > 1 ? 100 : req->nbytes, 1); 813 797 #endif 814 798 815 799 ablkcipher_unmap(qidev, edesc, req); 816 800 qi_cache_free(edesc); 801 + 802 + /* 803 + * The crypto API expects us to set the IV (req->info) to the last 804 + * ciphertext block. This is used e.g. by the CTS mode. 805 + */ 806 + scatterwalk_map_and_copy(req->info, req->dst, req->nbytes - ivsize, 807 + ivsize, 0); 817 808 818 809 ablkcipher_request_complete(req, status); 819 810 } ··· 903 880 } 904 881 dst_sg_idx = qm_sg_ents; 905 882 883 + qm_sg_ents += mapped_dst_nents > 1 ? mapped_dst_nents : 0; 884 + if (unlikely(qm_sg_ents > CAAM_QI_MAX_ABLKCIPHER_SG)) { 885 + dev_err(qidev, "Insufficient S/G entries: %d > %lu\n", 886 + qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); 887 + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 888 + iv_dma, ivsize, op_type, 0, 0); 889 + return ERR_PTR(-ENOMEM); 890 + } 891 + 906 892 /* allocate space for base edesc and link tables */ 907 893 edesc = qi_cache_alloc(GFP_DMA | flags); 908 894 if (unlikely(!edesc)) { ··· 924 892 edesc->src_nents = src_nents; 925 893 edesc->dst_nents = dst_nents; 926 894 edesc->iv_dma = iv_dma; 927 - qm_sg_ents += mapped_dst_nents > 1 ? mapped_dst_nents : 0; 928 895 sg_table = &edesc->sgt[0]; 929 896 edesc->qm_sg_bytes = qm_sg_ents * sizeof(*sg_table); 930 897 edesc->drv_req.app_ctx = req; ··· 1055 1024 } else { 1056 1025 out_contig = false; 1057 1026 qm_sg_ents += 1 + mapped_dst_nents; 1027 + } 1028 + 1029 + if (unlikely(qm_sg_ents > CAAM_QI_MAX_ABLKCIPHER_SG)) { 1030 + dev_err(qidev, "Insufficient S/G entries: %d > %lu\n", 1031 + qm_sg_ents, CAAM_QI_MAX_ABLKCIPHER_SG); 1032 + caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 1033 + iv_dma, ivsize, GIVENCRYPT, 0, 0); 1034 + return ERR_PTR(-ENOMEM); 1058 1035 } 1059 1036 1060 1037 /* allocate space for base edesc and link tables */ ··· 2007 1968 .cra_name = "echainiv(authenc(hmac(sha256)," 2008 1969 "cbc(des)))", 2009 1970 .cra_driver_name = "echainiv-authenc-" 2010 - "hmac-sha256-cbc-desi-" 1971 + "hmac-sha256-cbc-des-" 2011 1972 "caam-qi", 2012 1973 .cra_blocksize = DES_BLOCK_SIZE, 2013 1974 },

+3 -4

drivers/crypto/caam/caamhash.c

··· 791 791 to_hash - *buflen, 792 792 *next_buflen, 0); 793 793 } else { 794 - (edesc->sec4_sg + sec4_sg_src_index - 1)->len |= 795 - cpu_to_caam32(SEC4_SG_LEN_FIN); 794 + sg_to_sec4_set_last(edesc->sec4_sg + sec4_sg_src_index - 795 + 1); 796 796 } 797 797 798 798 desc = edesc->hw_desc; ··· 882 882 if (ret) 883 883 goto unmap_ctx; 884 884 885 - (edesc->sec4_sg + sec4_sg_src_index - 1)->len |= 886 - cpu_to_caam32(SEC4_SG_LEN_FIN); 885 + sg_to_sec4_set_last(edesc->sec4_sg + sec4_sg_src_index - 1); 887 886 888 887 edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, 889 888 sec4_sg_bytes, DMA_TO_DEVICE);

+1 -5

drivers/crypto/caam/caamrng.c

··· 285 285 if (err) 286 286 return err; 287 287 288 - err = caam_init_buf(ctx, 1); 289 - if (err) 290 - return err; 291 - 292 - return 0; 288 + return caam_init_buf(ctx, 1); 293 289 } 294 290 295 291 static struct hwrng caam_rng = {

+59 -68

drivers/crypto/caam/ctrl.c

··· 17 17 18 18 bool caam_little_end; 19 19 EXPORT_SYMBOL(caam_little_end); 20 + bool caam_dpaa2; 21 + EXPORT_SYMBOL(caam_dpaa2); 20 22 21 23 #ifdef CONFIG_CAAM_QI 22 24 #include "qi.h" ··· 321 319 caam_qi_shutdown(ctrlpriv->qidev); 322 320 #endif 323 321 324 - /* De-initialize RNG state handles initialized by this driver. */ 325 - if (ctrlpriv->rng4_sh_init) 322 + /* 323 + * De-initialize RNG state handles initialized by this driver. 324 + * In case of DPAA 2.x, RNG is managed by MC firmware. 325 + */ 326 + if (!caam_dpaa2 && ctrlpriv->rng4_sh_init) 326 327 deinstantiate_rng(ctrldev, ctrlpriv->rng4_sh_init); 327 328 328 329 /* Shut down debug views */ ··· 449 444 450 445 dev = &pdev->dev; 451 446 dev_set_drvdata(dev, ctrlpriv); 452 - ctrlpriv->pdev = pdev; 453 447 nprop = pdev->dev.of_node; 454 448 455 449 /* Enable clocking */ ··· 557 553 558 554 /* 559 555 * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel, 560 - * long pointers in master configuration register 556 + * long pointers in master configuration register. 557 + * In case of DPAA 2.x, Management Complex firmware performs 558 + * the configuration. 561 559 */ 562 - clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK | MCFGR_LONG_PTR, 563 - MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF | 564 - MCFGR_WDENABLE | MCFGR_LARGE_BURST | 565 - (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0)); 560 + caam_dpaa2 = !!(comp_params & CTPR_MS_DPAA2); 561 + if (!caam_dpaa2) 562 + clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK | MCFGR_LONG_PTR, 563 + MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF | 564 + MCFGR_WDENABLE | MCFGR_LARGE_BURST | 565 + (sizeof(dma_addr_t) == sizeof(u64) ? 566 + MCFGR_LONG_PTR : 0)); 566 567 567 568 /* 568 569 * Read the Compile Time paramters and SCFGR to determine ··· 596 587 JRSTART_JR3_START); 597 588 598 589 if (sizeof(dma_addr_t) == sizeof(u64)) { 599 - if (of_device_is_compatible(nprop, "fsl,sec-v5.0")) 590 + if (caam_dpaa2) 591 + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(49)); 592 + else if (of_device_is_compatible(nprop, "fsl,sec-v5.0")) 600 593 ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(40)); 601 594 else 602 595 ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(36)); ··· 641 630 ring++; 642 631 } 643 632 644 - /* Check to see if QI present. If so, enable */ 645 - ctrlpriv->qi_present = 646 - !!(rd_reg32(&ctrl->perfmon.comp_parms_ms) & 647 - CTPR_MS_QI_MASK); 648 - if (ctrlpriv->qi_present) { 633 + /* Check to see if (DPAA 1.x) QI present. If so, enable */ 634 + ctrlpriv->qi_present = !!(comp_params & CTPR_MS_QI_MASK); 635 + if (ctrlpriv->qi_present && !caam_dpaa2) { 649 636 ctrlpriv->qi = (struct caam_queue_if __iomem __force *) 650 637 ((__force uint8_t *)ctrl + 651 638 BLOCK_OFFSET * QI_BLOCK_NUMBER ··· 671 662 /* 672 663 * If SEC has RNG version >= 4 and RNG state handle has not been 673 664 * already instantiated, do RNG instantiation 665 + * In case of DPAA 2.x, RNG is managed by MC firmware. 674 666 */ 675 - if ((cha_vid_ls & CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT >= 4) { 667 + if (!caam_dpaa2 && 668 + (cha_vid_ls & CHA_ID_LS_RNG_MASK) >> CHA_ID_LS_RNG_SHIFT >= 4) { 676 669 ctrlpriv->rng4_sh_init = 677 670 rd_reg32(&ctrl->r4tst[0].rdsta); 678 671 /* ··· 742 731 /* Report "alive" for developer to see */ 743 732 dev_info(dev, "device ID = 0x%016llx (Era %d)\n", caam_id, 744 733 caam_get_era()); 745 - dev_info(dev, "job rings = %d, qi = %d\n", 746 - ctrlpriv->total_jobrs, ctrlpriv->qi_present); 734 + dev_info(dev, "job rings = %d, qi = %d, dpaa2 = %s\n", 735 + ctrlpriv->total_jobrs, ctrlpriv->qi_present, 736 + caam_dpaa2 ? "yes" : "no"); 747 737 748 738 #ifdef CONFIG_DEBUG_FS 749 - 750 - ctrlpriv->ctl_rq_dequeued = 751 - debugfs_create_file("rq_dequeued", 752 - S_IRUSR | S_IRGRP | S_IROTH, 753 - ctrlpriv->ctl, &perfmon->req_dequeued, 754 - &caam_fops_u64_ro); 755 - ctrlpriv->ctl_ob_enc_req = 756 - debugfs_create_file("ob_rq_encrypted", 757 - S_IRUSR | S_IRGRP | S_IROTH, 758 - ctrlpriv->ctl, &perfmon->ob_enc_req, 759 - &caam_fops_u64_ro); 760 - ctrlpriv->ctl_ib_dec_req = 761 - debugfs_create_file("ib_rq_decrypted", 762 - S_IRUSR | S_IRGRP | S_IROTH, 763 - ctrlpriv->ctl, &perfmon->ib_dec_req, 764 - &caam_fops_u64_ro); 765 - ctrlpriv->ctl_ob_enc_bytes = 766 - debugfs_create_file("ob_bytes_encrypted", 767 - S_IRUSR | S_IRGRP | S_IROTH, 768 - ctrlpriv->ctl, &perfmon->ob_enc_bytes, 769 - &caam_fops_u64_ro); 770 - ctrlpriv->ctl_ob_prot_bytes = 771 - debugfs_create_file("ob_bytes_protected", 772 - S_IRUSR | S_IRGRP | S_IROTH, 773 - ctrlpriv->ctl, &perfmon->ob_prot_bytes, 774 - &caam_fops_u64_ro); 775 - ctrlpriv->ctl_ib_dec_bytes = 776 - debugfs_create_file("ib_bytes_decrypted", 777 - S_IRUSR | S_IRGRP | S_IROTH, 778 - ctrlpriv->ctl, &perfmon->ib_dec_bytes, 779 - &caam_fops_u64_ro); 780 - ctrlpriv->ctl_ib_valid_bytes = 781 - debugfs_create_file("ib_bytes_validated", 782 - S_IRUSR | S_IRGRP | S_IROTH, 783 - ctrlpriv->ctl, &perfmon->ib_valid_bytes, 784 - &caam_fops_u64_ro); 739 + debugfs_create_file("rq_dequeued", S_IRUSR | S_IRGRP | S_IROTH, 740 + ctrlpriv->ctl, &perfmon->req_dequeued, 741 + &caam_fops_u64_ro); 742 + debugfs_create_file("ob_rq_encrypted", S_IRUSR | S_IRGRP | S_IROTH, 743 + ctrlpriv->ctl, &perfmon->ob_enc_req, 744 + &caam_fops_u64_ro); 745 + debugfs_create_file("ib_rq_decrypted", S_IRUSR | S_IRGRP | S_IROTH, 746 + ctrlpriv->ctl, &perfmon->ib_dec_req, 747 + &caam_fops_u64_ro); 748 + debugfs_create_file("ob_bytes_encrypted", S_IRUSR | S_IRGRP | S_IROTH, 749 + ctrlpriv->ctl, &perfmon->ob_enc_bytes, 750 + &caam_fops_u64_ro); 751 + debugfs_create_file("ob_bytes_protected", S_IRUSR | S_IRGRP | S_IROTH, 752 + ctrlpriv->ctl, &perfmon->ob_prot_bytes, 753 + &caam_fops_u64_ro); 754 + debugfs_create_file("ib_bytes_decrypted", S_IRUSR | S_IRGRP | S_IROTH, 755 + ctrlpriv->ctl, &perfmon->ib_dec_bytes, 756 + &caam_fops_u64_ro); 757 + debugfs_create_file("ib_bytes_validated", S_IRUSR | S_IRGRP | S_IROTH, 758 + ctrlpriv->ctl, &perfmon->ib_valid_bytes, 759 + &caam_fops_u64_ro); 785 760 786 761 /* Controller level - global status values */ 787 - ctrlpriv->ctl_faultaddr = 788 - debugfs_create_file("fault_addr", 789 - S_IRUSR | S_IRGRP | S_IROTH, 790 - ctrlpriv->ctl, &perfmon->faultaddr, 791 - &caam_fops_u32_ro); 792 - ctrlpriv->ctl_faultdetail = 793 - debugfs_create_file("fault_detail", 794 - S_IRUSR | S_IRGRP | S_IROTH, 795 - ctrlpriv->ctl, &perfmon->faultdetail, 796 - &caam_fops_u32_ro); 797 - ctrlpriv->ctl_faultstatus = 798 - debugfs_create_file("fault_status", 799 - S_IRUSR | S_IRGRP | S_IROTH, 800 - ctrlpriv->ctl, &perfmon->status, 801 - &caam_fops_u32_ro); 762 + debugfs_create_file("fault_addr", S_IRUSR | S_IRGRP | S_IROTH, 763 + ctrlpriv->ctl, &perfmon->faultaddr, 764 + &caam_fops_u32_ro); 765 + debugfs_create_file("fault_detail", S_IRUSR | S_IRGRP | S_IROTH, 766 + ctrlpriv->ctl, &perfmon->faultdetail, 767 + &caam_fops_u32_ro); 768 + debugfs_create_file("fault_status", S_IRUSR | S_IRGRP | S_IROTH, 769 + ctrlpriv->ctl, &perfmon->status, 770 + &caam_fops_u32_ro); 802 771 803 772 /* Internal covering keys (useful in non-secure mode only) */ 804 773 ctrlpriv->ctl_kek_wrap.data = (__force void *)&ctrlpriv->ctrl->kek[0];

+2

drivers/crypto/caam/ctrl.h

··· 10 10 /* Prototypes for backend-level services exposed to APIs */ 11 11 int caam_get_era(void); 12 12 13 + extern bool caam_dpaa2; 14 + 13 15 #endif /* CTRL_H */

+40

drivers/crypto/caam/error.c

··· 9 9 #include "desc.h" 10 10 #include "error.h" 11 11 12 + #ifdef DEBUG 13 + #include <linux/highmem.h> 14 + 15 + void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, 16 + int rowsize, int groupsize, struct scatterlist *sg, 17 + size_t tlen, bool ascii) 18 + { 19 + struct scatterlist *it; 20 + void *it_page; 21 + size_t len; 22 + void *buf; 23 + 24 + for (it = sg; it && tlen > 0 ; it = sg_next(sg)) { 25 + /* 26 + * make sure the scatterlist's page 27 + * has a valid virtual memory mapping 28 + */ 29 + it_page = kmap_atomic(sg_page(it)); 30 + if (unlikely(!it_page)) { 31 + pr_err("caam_dump_sg: kmap failed\n"); 32 + return; 33 + } 34 + 35 + buf = it_page + it->offset; 36 + len = min_t(size_t, tlen, it->length); 37 + print_hex_dump(level, prefix_str, prefix_type, rowsize, 38 + groupsize, buf, len, ascii); 39 + tlen -= len; 40 + 41 + kunmap_atomic(it_page); 42 + } 43 + } 44 + #else 45 + void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, 46 + int rowsize, int groupsize, struct scatterlist *sg, 47 + size_t tlen, bool ascii) 48 + {} 49 + #endif /* DEBUG */ 50 + EXPORT_SYMBOL(caam_dump_sg); 51 + 12 52 static const struct { 13 53 u8 value; 14 54 const char *error_text;

+4

drivers/crypto/caam/error.h

··· 8 8 #define CAAM_ERROR_H 9 9 #define CAAM_ERROR_STR_MAX 302 10 10 void caam_jr_strstatus(struct device *jrdev, u32 status); 11 + 12 + void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, 13 + int rowsize, int groupsize, struct scatterlist *sg, 14 + size_t tlen, bool ascii); 11 15 #endif /* CAAM_ERROR_H */

-11

drivers/crypto/caam/intern.h

··· 64 64 * Driver-private storage for a single CAAM block instance 65 65 */ 66 66 struct caam_drv_private { 67 - 68 - struct device *dev; 69 67 #ifdef CONFIG_CAAM_QI 70 68 struct device *qidev; 71 69 #endif 72 - struct platform_device *pdev; 73 70 74 71 /* Physical-presence section */ 75 72 struct caam_ctrl __iomem *ctrl; /* controller region */ ··· 102 105 #ifdef CONFIG_DEBUG_FS 103 106 struct dentry *dfs_root; 104 107 struct dentry *ctl; /* controller dir */ 105 - struct dentry *ctl_rq_dequeued, *ctl_ob_enc_req, *ctl_ib_dec_req; 106 - struct dentry *ctl_ob_enc_bytes, *ctl_ob_prot_bytes; 107 - struct dentry *ctl_ib_dec_bytes, *ctl_ib_valid_bytes; 108 - struct dentry *ctl_faultaddr, *ctl_faultdetail, *ctl_faultstatus; 109 - 110 108 struct debugfs_blob_wrapper ctl_kek_wrap, ctl_tkek_wrap, ctl_tdsk_wrap; 111 109 struct dentry *ctl_kek, *ctl_tkek, *ctl_tdsk; 112 - #ifdef CONFIG_CAAM_QI 113 - struct dentry *qi_congested; 114 - #endif 115 110 #endif 116 111 }; 117 112

+6 -1

drivers/crypto/caam/jr.c

··· 9 9 #include <linux/of_address.h> 10 10 11 11 #include "compat.h" 12 + #include "ctrl.h" 12 13 #include "regs.h" 13 14 #include "jr.h" 14 15 #include "desc.h" ··· 500 499 jrpriv->rregs = (struct caam_job_ring __iomem __force *)ctrl; 501 500 502 501 if (sizeof(dma_addr_t) == sizeof(u64)) { 503 - if (of_device_is_compatible(nprop, "fsl,sec-v5.0-job-ring")) 502 + if (caam_dpaa2) 503 + error = dma_set_mask_and_coherent(jrdev, 504 + DMA_BIT_MASK(49)); 505 + else if (of_device_is_compatible(nprop, 506 + "fsl,sec-v5.0-job-ring")) 504 507 error = dma_set_mask_and_coherent(jrdev, 505 508 DMA_BIT_MASK(40)); 506 509 else

+12 -18

drivers/crypto/caam/qi.c

··· 24 24 */ 25 25 #define MAX_RSP_FQ_BACKLOG_PER_CPU 256 26 26 27 - /* Length of a single buffer in the QI driver memory cache */ 28 - #define CAAM_QI_MEMCACHE_SIZE 512 29 - 30 27 #define CAAM_QI_ENQUEUE_RETRIES 10000 31 28 32 29 #define CAAM_NAPI_WEIGHT 63 ··· 52 55 } ____cacheline_aligned; 53 56 54 57 static DEFINE_PER_CPU(struct caam_qi_pcpu_priv, pcpu_qipriv); 58 + static DEFINE_PER_CPU(int, last_cpu); 55 59 56 60 /* 57 61 * caam_qi_priv - CAAM QI backend private params ··· 201 203 goto init_req_fq_fail; 202 204 } 203 205 204 - dev_info(qidev, "Allocated request FQ %u for CPU %u\n", req_fq->fqid, 205 - smp_processor_id()); 206 + dev_dbg(qidev, "Allocated request FQ %u for CPU %u\n", req_fq->fqid, 207 + smp_processor_id()); 206 208 return req_fq; 207 209 208 210 init_req_fq_fail: ··· 275 277 dev_err(qidev, "OOS of FQID: %u failed\n", fq->fqid); 276 278 277 279 qman_destroy_fq(fq); 280 + kfree(fq); 278 281 279 282 return ret; 280 283 } ··· 341 342 drv_ctx->req_fq = old_fq; 342 343 343 344 if (kill_fq(qidev, new_fq)) 344 - dev_warn(qidev, "New CAAM FQ: %u kill failed\n", 345 - new_fq->fqid); 345 + dev_warn(qidev, "New CAAM FQ kill failed\n"); 346 346 347 347 return ret; 348 348 } ··· 371 373 drv_ctx->req_fq = old_fq; 372 374 373 375 if (kill_fq(qidev, new_fq)) 374 - dev_warn(qidev, "New CAAM FQ: %u kill failed\n", 375 - new_fq->fqid); 376 + dev_warn(qidev, "New CAAM FQ kill failed\n"); 376 377 } else if (kill_fq(qidev, old_fq)) { 377 - dev_warn(qidev, "Old CAAM FQ: %u kill failed\n", old_fq->fqid); 378 + dev_warn(qidev, "Old CAAM FQ kill failed\n"); 378 379 } 379 380 380 381 return 0; ··· 389 392 dma_addr_t hwdesc; 390 393 struct caam_drv_ctx *drv_ctx; 391 394 const cpumask_t *cpus = qman_affine_cpus(); 392 - static DEFINE_PER_CPU(int, last_cpu); 393 395 394 396 num_words = desc_len(sh_desc); 395 397 if (num_words > MAX_SDLEN) { ··· 507 511 508 512 if (kill_fq(qidev, per_cpu(pcpu_qipriv.rsp_fq, i))) 509 513 dev_err(qidev, "Rsp FQ kill failed, cpu: %d\n", i); 510 - kfree(per_cpu(pcpu_qipriv.rsp_fq, i)); 511 514 } 512 515 513 516 /* ··· 641 646 642 647 per_cpu(pcpu_qipriv.rsp_fq, cpu) = fq; 643 648 644 - dev_info(qidev, "Allocated response FQ %u for CPU %u", fq->fqid, cpu); 649 + dev_dbg(qidev, "Allocated response FQ %u for CPU %u", fq->fqid, cpu); 645 650 return 0; 646 651 } 647 652 ··· 674 679 return ret; 675 680 } 676 681 677 - dev_info(qidev, "Congestion threshold set to %llu\n", val); 682 + dev_dbg(qidev, "Congestion threshold set to %llu\n", val); 678 683 return 0; 679 684 } 680 685 ··· 732 737 qi_pdev = platform_device_register_full(&qi_pdev_info); 733 738 if (IS_ERR(qi_pdev)) 734 739 return PTR_ERR(qi_pdev); 740 + set_dma_ops(&qi_pdev->dev, get_dma_ops(ctrldev)); 735 741 736 742 ctrlpriv = dev_get_drvdata(ctrldev); 737 743 qidev = &qi_pdev->dev; ··· 791 795 /* Done with the CGRs; restore the cpus allowed mask */ 792 796 set_cpus_allowed_ptr(current, &old_cpumask); 793 797 #ifdef CONFIG_DEBUG_FS 794 - ctrlpriv->qi_congested = debugfs_create_file("qi_congested", 0444, 795 - ctrlpriv->ctl, 796 - &times_congested, 797 - &caam_fops_u64_ro); 798 + debugfs_create_file("qi_congested", 0444, ctrlpriv->ctl, 799 + &times_congested, &caam_fops_u64_ro); 798 800 #endif 799 801 dev_info(qidev, "Linux CAAM Queue I/F driver initialised\n"); 800 802 return 0;

+3

drivers/crypto/caam/qi.h

··· 39 39 */ 40 40 #define MAX_SDLEN ((CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN) / CAAM_CMD_SZ) 41 41 42 + /* Length of a single buffer in the QI driver memory cache */ 43 + #define CAAM_QI_MEMCACHE_SIZE 768 44 + 42 45 extern bool caam_congested __read_mostly; 43 46 44 47 /*

+1

drivers/crypto/caam/regs.h

··· 293 293 u32 cha_rev_ls; /* CRNR - CHA Rev No. Least significant half*/ 294 294 #define CTPR_MS_QI_SHIFT 25 295 295 #define CTPR_MS_QI_MASK (0x1ull << CTPR_MS_QI_SHIFT) 296 + #define CTPR_MS_DPAA2 BIT(13) 296 297 #define CTPR_MS_VIRT_EN_INCL 0x00000001 297 298 #define CTPR_MS_VIRT_EN_POR 0x00000002 298 299 #define CTPR_MS_PG_SZ_MASK 0x10

+81

drivers/crypto/caam/sg_sw_qm2.h

··· 1 + /* 2 + * Copyright 2015-2016 Freescale Semiconductor, Inc. 3 + * Copyright 2017 NXP 4 + * 5 + * Redistribution and use in source and binary forms, with or without 6 + * modification, are permitted provided that the following conditions are met: 7 + * * Redistributions of source code must retain the above copyright 8 + * notice, this list of conditions and the following disclaimer. 9 + * * Redistributions in binary form must reproduce the above copyright 10 + * notice, this list of conditions and the following disclaimer in the 11 + * documentation and/or other materials provided with the distribution. 12 + * * Neither the names of the above-listed copyright holders nor the 13 + * names of any contributors may be used to endorse or promote products 14 + * derived from this software without specific prior written permission. 15 + * 16 + * 17 + * ALTERNATIVELY, this software may be distributed under the terms of the 18 + * GNU General Public License ("GPL") as published by the Free Software 19 + * Foundation, either version 2 of that License or (at your option) any 20 + * later version. 21 + * 22 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 23 + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 26 + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 + * POSSIBILITY OF SUCH DAMAGE. 33 + */ 34 + 35 + #ifndef _SG_SW_QM2_H_ 36 + #define _SG_SW_QM2_H_ 37 + 38 + #include "../../../drivers/staging/fsl-mc/include/dpaa2-fd.h" 39 + 40 + static inline void dma_to_qm_sg_one(struct dpaa2_sg_entry *qm_sg_ptr, 41 + dma_addr_t dma, u32 len, u16 offset) 42 + { 43 + dpaa2_sg_set_addr(qm_sg_ptr, dma); 44 + dpaa2_sg_set_format(qm_sg_ptr, dpaa2_sg_single); 45 + dpaa2_sg_set_final(qm_sg_ptr, false); 46 + dpaa2_sg_set_len(qm_sg_ptr, len); 47 + dpaa2_sg_set_bpid(qm_sg_ptr, 0); 48 + dpaa2_sg_set_offset(qm_sg_ptr, offset); 49 + } 50 + 51 + /* 52 + * convert scatterlist to h/w link table format 53 + * but does not have final bit; instead, returns last entry 54 + */ 55 + static inline struct dpaa2_sg_entry * 56 + sg_to_qm_sg(struct scatterlist *sg, int sg_count, 57 + struct dpaa2_sg_entry *qm_sg_ptr, u16 offset) 58 + { 59 + while (sg_count && sg) { 60 + dma_to_qm_sg_one(qm_sg_ptr, sg_dma_address(sg), 61 + sg_dma_len(sg), offset); 62 + qm_sg_ptr++; 63 + sg = sg_next(sg); 64 + sg_count--; 65 + } 66 + return qm_sg_ptr - 1; 67 + } 68 + 69 + /* 70 + * convert scatterlist to h/w link table format 71 + * scatterlist must have been previously dma mapped 72 + */ 73 + static inline void sg_to_qm_sg_last(struct scatterlist *sg, int sg_count, 74 + struct dpaa2_sg_entry *qm_sg_ptr, 75 + u16 offset) 76 + { 77 + qm_sg_ptr = sg_to_qm_sg(sg, sg_count, qm_sg_ptr, offset); 78 + dpaa2_sg_set_final(qm_sg_ptr, true); 79 + } 80 + 81 + #endif /* _SG_SW_QM2_H_ */

+25 -18

drivers/crypto/caam/sg_sw_sec4.h

··· 5 5 * 6 6 */ 7 7 8 + #ifndef _SG_SW_SEC4_H_ 9 + #define _SG_SW_SEC4_H_ 10 + 11 + #include "ctrl.h" 8 12 #include "regs.h" 13 + #include "sg_sw_qm2.h" 14 + #include "../../../drivers/staging/fsl-mc/include/dpaa2-fd.h" 9 15 10 16 struct sec4_sg_entry { 11 17 u64 ptr; ··· 25 19 static inline void dma_to_sec4_sg_one(struct sec4_sg_entry *sec4_sg_ptr, 26 20 dma_addr_t dma, u32 len, u16 offset) 27 21 { 28 - sec4_sg_ptr->ptr = cpu_to_caam_dma64(dma); 29 - sec4_sg_ptr->len = cpu_to_caam32(len); 30 - sec4_sg_ptr->bpid_offset = cpu_to_caam32(offset & SEC4_SG_OFFSET_MASK); 22 + if (caam_dpaa2) { 23 + dma_to_qm_sg_one((struct dpaa2_sg_entry *)sec4_sg_ptr, dma, len, 24 + offset); 25 + } else { 26 + sec4_sg_ptr->ptr = cpu_to_caam_dma64(dma); 27 + sec4_sg_ptr->len = cpu_to_caam32(len); 28 + sec4_sg_ptr->bpid_offset = cpu_to_caam32(offset & 29 + SEC4_SG_OFFSET_MASK); 30 + } 31 31 #ifdef DEBUG 32 32 print_hex_dump(KERN_ERR, "sec4_sg_ptr@: ", 33 33 DUMP_PREFIX_ADDRESS, 16, 4, sec4_sg_ptr, ··· 59 47 return sec4_sg_ptr - 1; 60 48 } 61 49 50 + static inline void sg_to_sec4_set_last(struct sec4_sg_entry *sec4_sg_ptr) 51 + { 52 + if (caam_dpaa2) 53 + dpaa2_sg_set_final((struct dpaa2_sg_entry *)sec4_sg_ptr, true); 54 + else 55 + sec4_sg_ptr->len |= cpu_to_caam32(SEC4_SG_LEN_FIN); 56 + } 57 + 62 58 /* 63 59 * convert scatterlist to h/w link table format 64 60 * scatterlist must have been previously dma mapped ··· 76 56 u16 offset) 77 57 { 78 58 sec4_sg_ptr = sg_to_sec4_sg(sg, sg_count, sec4_sg_ptr, offset); 79 - sec4_sg_ptr->len |= cpu_to_caam32(SEC4_SG_LEN_FIN); 59 + sg_to_sec4_set_last(sec4_sg_ptr); 80 60 } 81 61 82 - static inline struct sec4_sg_entry *sg_to_sec4_sg_len( 83 - struct scatterlist *sg, unsigned int total, 84 - struct sec4_sg_entry *sec4_sg_ptr) 85 - { 86 - do { 87 - unsigned int len = min(sg_dma_len(sg), total); 88 - 89 - dma_to_sec4_sg_one(sec4_sg_ptr, sg_dma_address(sg), len, 0); 90 - sec4_sg_ptr++; 91 - sg = sg_next(sg); 92 - total -= len; 93 - } while (total); 94 - return sec4_sg_ptr - 1; 95 - } 62 + #endif /* _SG_SW_SEC4_H_ */

+9 -4

drivers/crypto/cavium/cpt/cptpf_main.c

··· 268 268 mcode = &cpt->mcode[cpt->next_mc_idx]; 269 269 memcpy(mcode->version, (u8 *)fw_entry->data, CPT_UCODE_VERSION_SZ); 270 270 mcode->code_size = ntohl(ucode->code_length) * 2; 271 - if (!mcode->code_size) 272 - return -EINVAL; 271 + if (!mcode->code_size) { 272 + ret = -EINVAL; 273 + goto fw_release; 274 + } 273 275 274 276 mcode->is_ae = is_ae; 275 277 mcode->core_mask = 0ULL; ··· 282 280 &mcode->phys_base, GFP_KERNEL); 283 281 if (!mcode->code) { 284 282 dev_err(dev, "Unable to allocate space for microcode"); 285 - return -ENOMEM; 283 + ret = -ENOMEM; 284 + goto fw_release; 286 285 } 287 286 288 287 memcpy((void *)mcode->code, (void *)(fw_entry->data + sizeof(*ucode)), ··· 305 302 ret = do_cpt_init(cpt, mcode); 306 303 if (ret) { 307 304 dev_err(dev, "do_cpt_init failed with ret: %d\n", ret); 308 - return ret; 305 + goto fw_release; 309 306 } 310 307 311 308 dev_info(dev, "Microcode Loaded %s\n", mcode->version); 312 309 mcode->is_mc_valid = 1; 313 310 cpt->next_mc_idx++; 311 + 312 + fw_release: 314 313 release_firmware(fw_entry); 315 314 316 315 return ret;

+3 -1

drivers/crypto/cavium/nitrox/nitrox_main.c

··· 513 513 pci_set_master(pdev); 514 514 515 515 ndev = kzalloc(sizeof(*ndev), GFP_KERNEL); 516 - if (!ndev) 516 + if (!ndev) { 517 + err = -ENOMEM; 517 518 goto ndev_fail; 519 + } 518 520 519 521 pci_set_drvdata(pdev, ndev); 520 522 ndev->pdev = pdev;

+15 -7

drivers/crypto/ccp/Kconfig

··· 1 1 config CRYPTO_DEV_CCP_DD 2 - tristate "Cryptographic Coprocessor device driver" 3 - depends on CRYPTO_DEV_CCP 2 + tristate "Secure Processor device driver" 4 3 default m 4 + help 5 + Provides AMD Secure Processor device driver. 6 + If you choose 'M' here, this module will be called ccp. 7 + 8 + config CRYPTO_DEV_SP_CCP 9 + bool "Cryptographic Coprocessor device" 10 + default y 11 + depends on CRYPTO_DEV_CCP_DD 5 12 select HW_RANDOM 6 13 select DMA_ENGINE 7 14 select DMADEVICES 8 15 select CRYPTO_SHA1 9 16 select CRYPTO_SHA256 10 17 help 11 - Provides the interface to use the AMD Cryptographic Coprocessor 12 - which can be used to offload encryption operations such as SHA, 13 - AES and more. If you choose 'M' here, this module will be called 14 - ccp. 18 + Provides the support for AMD Cryptographic Coprocessor (CCP) device 19 + which can be used to offload encryption operations such as SHA, AES 20 + and more. 15 21 16 22 config CRYPTO_DEV_CCP_CRYPTO 17 23 tristate "Encryption and hashing offload support" 18 - depends on CRYPTO_DEV_CCP_DD 19 24 default m 25 + depends on CRYPTO_DEV_CCP_DD 26 + depends on CRYPTO_DEV_SP_CCP 20 27 select CRYPTO_HASH 21 28 select CRYPTO_BLKCIPHER 22 29 select CRYPTO_AUTHENC 30 + select CRYPTO_RSA 23 31 help 24 32 Support for using the cryptographic API with the AMD Cryptographic 25 33 Coprocessor. This module supports offload of SHA and AES algorithms.

+4 -3

drivers/crypto/ccp/Makefile

··· 1 1 obj-$(CONFIG_CRYPTO_DEV_CCP_DD) += ccp.o 2 - ccp-objs := ccp-dev.o \ 2 + ccp-objs := sp-dev.o sp-platform.o 3 + ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \ 3 4 ccp-ops.o \ 4 5 ccp-dev-v3.o \ 5 6 ccp-dev-v5.o \ 6 - ccp-platform.o \ 7 7 ccp-dmaengine.o \ 8 8 ccp-debugfs.o 9 - ccp-$(CONFIG_PCI) += ccp-pci.o 9 + ccp-$(CONFIG_PCI) += sp-pci.o 10 10 11 11 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o 12 12 ccp-crypto-objs := ccp-crypto-main.o \ ··· 15 15 ccp-crypto-aes-xts.o \ 16 16 ccp-crypto-aes-galois.o \ 17 17 ccp-crypto-des3.o \ 18 + ccp-crypto-rsa.o \ 18 19 ccp-crypto-sha.o

+1 -1

drivers/crypto/ccp/ccp-crypto-aes-galois.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support 3 3 * 4 - * Copyright (C) 2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Gary R Hook <gary.hook@amd.com> 7 7 *

+59 -49

drivers/crypto/ccp/ccp-crypto-aes-xts.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) AES XTS crypto API support 3 3 * 4 - * Copyright (C) 2013 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 + * Author: Gary R Hook <gary.hook@amd.com> 6 7 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 8 * 8 9 * This program is free software; you can redistribute it and/or modify ··· 16 15 #include <linux/delay.h> 17 16 #include <linux/scatterlist.h> 18 17 #include <crypto/aes.h> 18 + #include <crypto/xts.h> 19 19 #include <crypto/internal/skcipher.h> 20 20 #include <crypto/scatterwalk.h> 21 21 ··· 39 37 u32 value; 40 38 }; 41 39 42 - static struct ccp_unit_size_map unit_size_map[] = { 40 + static struct ccp_unit_size_map xts_unit_sizes[] = { 43 41 { 44 - .size = 4096, 45 - .value = CCP_XTS_AES_UNIT_SIZE_4096, 46 - }, 47 - { 48 - .size = 2048, 49 - .value = CCP_XTS_AES_UNIT_SIZE_2048, 50 - }, 51 - { 52 - .size = 1024, 53 - .value = CCP_XTS_AES_UNIT_SIZE_1024, 54 - }, 55 - { 56 - .size = 512, 57 - .value = CCP_XTS_AES_UNIT_SIZE_512, 58 - }, 59 - { 60 - .size = 256, 61 - .value = CCP_XTS_AES_UNIT_SIZE__LAST, 62 - }, 63 - { 64 - .size = 128, 65 - .value = CCP_XTS_AES_UNIT_SIZE__LAST, 66 - }, 67 - { 68 - .size = 64, 69 - .value = CCP_XTS_AES_UNIT_SIZE__LAST, 70 - }, 71 - { 72 - .size = 32, 73 - .value = CCP_XTS_AES_UNIT_SIZE__LAST, 74 - }, 75 - { 76 - .size = 16, 42 + .size = 16, 77 43 .value = CCP_XTS_AES_UNIT_SIZE_16, 78 44 }, 79 45 { 80 - .size = 1, 81 - .value = CCP_XTS_AES_UNIT_SIZE__LAST, 46 + .size = 512, 47 + .value = CCP_XTS_AES_UNIT_SIZE_512, 48 + }, 49 + { 50 + .size = 1024, 51 + .value = CCP_XTS_AES_UNIT_SIZE_1024, 52 + }, 53 + { 54 + .size = 2048, 55 + .value = CCP_XTS_AES_UNIT_SIZE_2048, 56 + }, 57 + { 58 + .size = 4096, 59 + .value = CCP_XTS_AES_UNIT_SIZE_4096, 82 60 }, 83 61 }; 84 62 ··· 78 96 static int ccp_aes_xts_setkey(struct crypto_ablkcipher *tfm, const u8 *key, 79 97 unsigned int key_len) 80 98 { 81 - struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ablkcipher_tfm(tfm)); 99 + struct crypto_tfm *xfm = crypto_ablkcipher_tfm(tfm); 100 + struct ccp_ctx *ctx = crypto_tfm_ctx(xfm); 101 + unsigned int ccpversion = ccp_version(); 102 + int ret; 82 103 83 - /* Only support 128-bit AES key with a 128-bit Tweak key, 84 - * otherwise use the fallback 104 + ret = xts_check_key(xfm, key, key_len); 105 + if (ret) 106 + return ret; 107 + 108 + /* Version 3 devices support 128-bit keys; version 5 devices can 109 + * accommodate 128- and 256-bit keys. 85 110 */ 86 111 switch (key_len) { 87 112 case AES_KEYSIZE_128 * 2: 88 113 memcpy(ctx->u.aes.key, key, key_len); 114 + break; 115 + case AES_KEYSIZE_256 * 2: 116 + if (ccpversion > CCP_VERSION(3, 0)) 117 + memcpy(ctx->u.aes.key, key, key_len); 89 118 break; 90 119 } 91 120 ctx->u.aes.key_len = key_len / 2; ··· 110 117 { 111 118 struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 112 119 struct ccp_aes_req_ctx *rctx = ablkcipher_request_ctx(req); 120 + unsigned int ccpversion = ccp_version(); 121 + unsigned int fallback = 0; 113 122 unsigned int unit; 114 123 u32 unit_size; 115 124 int ret; ··· 125 130 if (!req->info) 126 131 return -EINVAL; 127 132 133 + /* Check conditions under which the CCP can fulfill a request. The 134 + * device can handle input plaintext of a length that is a multiple 135 + * of the unit_size, bug the crypto implementation only supports 136 + * the unit_size being equal to the input length. This limits the 137 + * number of scenarios we can handle. 138 + */ 128 139 unit_size = CCP_XTS_AES_UNIT_SIZE__LAST; 129 - if (req->nbytes <= unit_size_map[0].size) { 130 - for (unit = 0; unit < ARRAY_SIZE(unit_size_map); unit++) { 131 - if (!(req->nbytes & (unit_size_map[unit].size - 1))) { 132 - unit_size = unit_size_map[unit].value; 133 - break; 134 - } 140 + for (unit = 0; unit < ARRAY_SIZE(xts_unit_sizes); unit++) { 141 + if (req->nbytes == xts_unit_sizes[unit].size) { 142 + unit_size = unit; 143 + break; 135 144 } 136 145 } 137 - 138 - if ((unit_size == CCP_XTS_AES_UNIT_SIZE__LAST) || 139 - (ctx->u.aes.key_len != AES_KEYSIZE_128)) { 146 + /* The CCP has restrictions on block sizes. Also, a version 3 device 147 + * only supports AES-128 operations; version 5 CCPs support both 148 + * AES-128 and -256 operations. 149 + */ 150 + if (unit_size == CCP_XTS_AES_UNIT_SIZE__LAST) 151 + fallback = 1; 152 + if ((ccpversion < CCP_VERSION(5, 0)) && 153 + (ctx->u.aes.key_len != AES_KEYSIZE_128)) 154 + fallback = 1; 155 + if ((ctx->u.aes.key_len != AES_KEYSIZE_128) && 156 + (ctx->u.aes.key_len != AES_KEYSIZE_256)) 157 + fallback = 1; 158 + if (fallback) { 140 159 SKCIPHER_REQUEST_ON_STACK(subreq, ctx->u.aes.tfm_skcipher); 141 160 142 161 /* Use the fallback to process the request for any ··· 173 164 memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 174 165 INIT_LIST_HEAD(&rctx->cmd.entry); 175 166 rctx->cmd.engine = CCP_ENGINE_XTS_AES_128; 167 + rctx->cmd.u.xts.type = CCP_AES_TYPE_128; 176 168 rctx->cmd.u.xts.action = (encrypt) ? CCP_AES_ACTION_ENCRYPT 177 169 : CCP_AES_ACTION_DECRYPT; 178 170 rctx->cmd.u.xts.unit_size = unit_size;

+1 -1

drivers/crypto/ccp/ccp-crypto-des3.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) DES3 crypto API support 3 3 * 4 - * Copyright (C) 2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Gary R Hook <ghook@amd.com> 7 7 *

+20 -1

drivers/crypto/ccp/ccp-crypto-main.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) crypto API support 3 3 * 4 - * Copyright (C) 2013 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * ··· 17 17 #include <linux/ccp.h> 18 18 #include <linux/scatterlist.h> 19 19 #include <crypto/internal/hash.h> 20 + #include <crypto/internal/akcipher.h> 20 21 21 22 #include "ccp-crypto.h" 22 23 ··· 38 37 module_param(des3_disable, uint, 0444); 39 38 MODULE_PARM_DESC(des3_disable, "Disable use of 3DES - any non-zero value"); 40 39 40 + static unsigned int rsa_disable; 41 + module_param(rsa_disable, uint, 0444); 42 + MODULE_PARM_DESC(rsa_disable, "Disable use of RSA - any non-zero value"); 43 + 41 44 /* List heads for the supported algorithms */ 42 45 static LIST_HEAD(hash_algs); 43 46 static LIST_HEAD(cipher_algs); 44 47 static LIST_HEAD(aead_algs); 48 + static LIST_HEAD(akcipher_algs); 45 49 46 50 /* For any tfm, requests for that tfm must be returned on the order 47 51 * received. With multiple queues available, the CCP can process more ··· 364 358 return ret; 365 359 } 366 360 361 + if (!rsa_disable) { 362 + ret = ccp_register_rsa_algs(&akcipher_algs); 363 + if (ret) 364 + return ret; 365 + } 366 + 367 367 return 0; 368 368 } 369 369 ··· 378 366 struct ccp_crypto_ahash_alg *ahash_alg, *ahash_tmp; 379 367 struct ccp_crypto_ablkcipher_alg *ablk_alg, *ablk_tmp; 380 368 struct ccp_crypto_aead *aead_alg, *aead_tmp; 369 + struct ccp_crypto_akcipher_alg *akc_alg, *akc_tmp; 381 370 382 371 list_for_each_entry_safe(ahash_alg, ahash_tmp, &hash_algs, entry) { 383 372 crypto_unregister_ahash(&ahash_alg->alg); ··· 396 383 crypto_unregister_aead(&aead_alg->alg); 397 384 list_del(&aead_alg->entry); 398 385 kfree(aead_alg); 386 + } 387 + 388 + list_for_each_entry_safe(akc_alg, akc_tmp, &akcipher_algs, entry) { 389 + crypto_unregister_akcipher(&akc_alg->alg); 390 + list_del(&akc_alg->entry); 391 + kfree(akc_alg); 399 392 } 400 393 } 401 394

+299

drivers/crypto/ccp/ccp-crypto-rsa.c

··· 1 + /* 2 + * AMD Cryptographic Coprocessor (CCP) RSA crypto API support 3 + * 4 + * Copyright (C) 2017 Advanced Micro Devices, Inc. 5 + * 6 + * Author: Gary R Hook <gary.hook@amd.com> 7 + * 8 + * This program is free software; you can redistribute it and/or modify 9 + * it under the terms of the GNU General Public License version 2 as 10 + * published by the Free Software Foundation. 11 + */ 12 + 13 + #include <linux/module.h> 14 + #include <linux/sched.h> 15 + #include <linux/scatterlist.h> 16 + #include <linux/crypto.h> 17 + #include <crypto/algapi.h> 18 + #include <crypto/internal/rsa.h> 19 + #include <crypto/internal/akcipher.h> 20 + #include <crypto/akcipher.h> 21 + #include <crypto/scatterwalk.h> 22 + 23 + #include "ccp-crypto.h" 24 + 25 + static inline struct akcipher_request *akcipher_request_cast( 26 + struct crypto_async_request *req) 27 + { 28 + return container_of(req, struct akcipher_request, base); 29 + } 30 + 31 + static inline int ccp_copy_and_save_keypart(u8 **kpbuf, unsigned int *kplen, 32 + const u8 *buf, size_t sz) 33 + { 34 + int nskip; 35 + 36 + for (nskip = 0; nskip < sz; nskip++) 37 + if (buf[nskip]) 38 + break; 39 + *kplen = sz - nskip; 40 + *kpbuf = kzalloc(*kplen, GFP_KERNEL); 41 + if (!*kpbuf) 42 + return -ENOMEM; 43 + memcpy(*kpbuf, buf + nskip, *kplen); 44 + 45 + return 0; 46 + } 47 + 48 + static int ccp_rsa_complete(struct crypto_async_request *async_req, int ret) 49 + { 50 + struct akcipher_request *req = akcipher_request_cast(async_req); 51 + struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx(req); 52 + 53 + if (ret) 54 + return ret; 55 + 56 + req->dst_len = rctx->cmd.u.rsa.key_size >> 3; 57 + 58 + return 0; 59 + } 60 + 61 + static unsigned int ccp_rsa_maxsize(struct crypto_akcipher *tfm) 62 + { 63 + if (ccp_version() > CCP_VERSION(3, 0)) 64 + return CCP5_RSA_MAXMOD; 65 + else 66 + return CCP_RSA_MAXMOD; 67 + } 68 + 69 + static int ccp_rsa_crypt(struct akcipher_request *req, bool encrypt) 70 + { 71 + struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 72 + struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 73 + struct ccp_rsa_req_ctx *rctx = akcipher_request_ctx(req); 74 + int ret = 0; 75 + 76 + memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 77 + INIT_LIST_HEAD(&rctx->cmd.entry); 78 + rctx->cmd.engine = CCP_ENGINE_RSA; 79 + 80 + rctx->cmd.u.rsa.key_size = ctx->u.rsa.key_len; /* in bits */ 81 + if (encrypt) { 82 + rctx->cmd.u.rsa.exp = &ctx->u.rsa.e_sg; 83 + rctx->cmd.u.rsa.exp_len = ctx->u.rsa.e_len; 84 + } else { 85 + rctx->cmd.u.rsa.exp = &ctx->u.rsa.d_sg; 86 + rctx->cmd.u.rsa.exp_len = ctx->u.rsa.d_len; 87 + } 88 + rctx->cmd.u.rsa.mod = &ctx->u.rsa.n_sg; 89 + rctx->cmd.u.rsa.mod_len = ctx->u.rsa.n_len; 90 + rctx->cmd.u.rsa.src = req->src; 91 + rctx->cmd.u.rsa.src_len = req->src_len; 92 + rctx->cmd.u.rsa.dst = req->dst; 93 + 94 + ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 95 + 96 + return ret; 97 + } 98 + 99 + static int ccp_rsa_encrypt(struct akcipher_request *req) 100 + { 101 + return ccp_rsa_crypt(req, true); 102 + } 103 + 104 + static int ccp_rsa_decrypt(struct akcipher_request *req) 105 + { 106 + return ccp_rsa_crypt(req, false); 107 + } 108 + 109 + static int ccp_check_key_length(unsigned int len) 110 + { 111 + /* In bits */ 112 + if (len < 8 || len > 4096) 113 + return -EINVAL; 114 + return 0; 115 + } 116 + 117 + static void ccp_rsa_free_key_bufs(struct ccp_ctx *ctx) 118 + { 119 + /* Clean up old key data */ 120 + kzfree(ctx->u.rsa.e_buf); 121 + ctx->u.rsa.e_buf = NULL; 122 + ctx->u.rsa.e_len = 0; 123 + kzfree(ctx->u.rsa.n_buf); 124 + ctx->u.rsa.n_buf = NULL; 125 + ctx->u.rsa.n_len = 0; 126 + kzfree(ctx->u.rsa.d_buf); 127 + ctx->u.rsa.d_buf = NULL; 128 + ctx->u.rsa.d_len = 0; 129 + } 130 + 131 + static int ccp_rsa_setkey(struct crypto_akcipher *tfm, const void *key, 132 + unsigned int keylen, bool private) 133 + { 134 + struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 135 + struct rsa_key raw_key; 136 + int ret; 137 + 138 + ccp_rsa_free_key_bufs(ctx); 139 + memset(&raw_key, 0, sizeof(raw_key)); 140 + 141 + /* Code borrowed from crypto/rsa.c */ 142 + if (private) 143 + ret = rsa_parse_priv_key(&raw_key, key, keylen); 144 + else 145 + ret = rsa_parse_pub_key(&raw_key, key, keylen); 146 + if (ret) 147 + goto n_key; 148 + 149 + ret = ccp_copy_and_save_keypart(&ctx->u.rsa.n_buf, &ctx->u.rsa.n_len, 150 + raw_key.n, raw_key.n_sz); 151 + if (ret) 152 + goto key_err; 153 + sg_init_one(&ctx->u.rsa.n_sg, ctx->u.rsa.n_buf, ctx->u.rsa.n_len); 154 + 155 + ctx->u.rsa.key_len = ctx->u.rsa.n_len << 3; /* convert to bits */ 156 + if (ccp_check_key_length(ctx->u.rsa.key_len)) { 157 + ret = -EINVAL; 158 + goto key_err; 159 + } 160 + 161 + ret = ccp_copy_and_save_keypart(&ctx->u.rsa.e_buf, &ctx->u.rsa.e_len, 162 + raw_key.e, raw_key.e_sz); 163 + if (ret) 164 + goto key_err; 165 + sg_init_one(&ctx->u.rsa.e_sg, ctx->u.rsa.e_buf, ctx->u.rsa.e_len); 166 + 167 + if (private) { 168 + ret = ccp_copy_and_save_keypart(&ctx->u.rsa.d_buf, 169 + &ctx->u.rsa.d_len, 170 + raw_key.d, raw_key.d_sz); 171 + if (ret) 172 + goto key_err; 173 + sg_init_one(&ctx->u.rsa.d_sg, 174 + ctx->u.rsa.d_buf, ctx->u.rsa.d_len); 175 + } 176 + 177 + return 0; 178 + 179 + key_err: 180 + ccp_rsa_free_key_bufs(ctx); 181 + 182 + n_key: 183 + return ret; 184 + } 185 + 186 + static int ccp_rsa_setprivkey(struct crypto_akcipher *tfm, const void *key, 187 + unsigned int keylen) 188 + { 189 + return ccp_rsa_setkey(tfm, key, keylen, true); 190 + } 191 + 192 + static int ccp_rsa_setpubkey(struct crypto_akcipher *tfm, const void *key, 193 + unsigned int keylen) 194 + { 195 + return ccp_rsa_setkey(tfm, key, keylen, false); 196 + } 197 + 198 + static int ccp_rsa_init_tfm(struct crypto_akcipher *tfm) 199 + { 200 + struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); 201 + 202 + akcipher_set_reqsize(tfm, sizeof(struct ccp_rsa_req_ctx)); 203 + ctx->complete = ccp_rsa_complete; 204 + 205 + return 0; 206 + } 207 + 208 + static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm) 209 + { 210 + struct ccp_ctx *ctx = crypto_tfm_ctx(&tfm->base); 211 + 212 + ccp_rsa_free_key_bufs(ctx); 213 + } 214 + 215 + static struct akcipher_alg ccp_rsa_defaults = { 216 + .encrypt = ccp_rsa_encrypt, 217 + .decrypt = ccp_rsa_decrypt, 218 + .sign = ccp_rsa_decrypt, 219 + .verify = ccp_rsa_encrypt, 220 + .set_pub_key = ccp_rsa_setpubkey, 221 + .set_priv_key = ccp_rsa_setprivkey, 222 + .max_size = ccp_rsa_maxsize, 223 + .init = ccp_rsa_init_tfm, 224 + .exit = ccp_rsa_exit_tfm, 225 + .base = { 226 + .cra_name = "rsa", 227 + .cra_driver_name = "rsa-ccp", 228 + .cra_priority = CCP_CRA_PRIORITY, 229 + .cra_module = THIS_MODULE, 230 + .cra_ctxsize = 2 * sizeof(struct ccp_ctx), 231 + }, 232 + }; 233 + 234 + struct ccp_rsa_def { 235 + unsigned int version; 236 + const char *name; 237 + const char *driver_name; 238 + unsigned int reqsize; 239 + struct akcipher_alg *alg_defaults; 240 + }; 241 + 242 + static struct ccp_rsa_def rsa_algs[] = { 243 + { 244 + .version = CCP_VERSION(3, 0), 245 + .name = "rsa", 246 + .driver_name = "rsa-ccp", 247 + .reqsize = sizeof(struct ccp_rsa_req_ctx), 248 + .alg_defaults = &ccp_rsa_defaults, 249 + } 250 + }; 251 + 252 + int ccp_register_rsa_alg(struct list_head *head, const struct ccp_rsa_def *def) 253 + { 254 + struct ccp_crypto_akcipher_alg *ccp_alg; 255 + struct akcipher_alg *alg; 256 + int ret; 257 + 258 + ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL); 259 + if (!ccp_alg) 260 + return -ENOMEM; 261 + 262 + INIT_LIST_HEAD(&ccp_alg->entry); 263 + 264 + alg = &ccp_alg->alg; 265 + *alg = *def->alg_defaults; 266 + snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 267 + snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 268 + def->driver_name); 269 + ret = crypto_register_akcipher(alg); 270 + if (ret) { 271 + pr_err("%s akcipher algorithm registration error (%d)\n", 272 + alg->base.cra_name, ret); 273 + kfree(ccp_alg); 274 + return ret; 275 + } 276 + 277 + list_add(&ccp_alg->entry, head); 278 + 279 + return 0; 280 + } 281 + 282 + int ccp_register_rsa_algs(struct list_head *head) 283 + { 284 + int i, ret; 285 + unsigned int ccpversion = ccp_version(); 286 + 287 + /* Register the RSA algorithm in standard mode 288 + * This works for CCP v3 and later 289 + */ 290 + for (i = 0; i < ARRAY_SIZE(rsa_algs); i++) { 291 + if (rsa_algs[i].version > ccpversion) 292 + continue; 293 + ret = ccp_register_rsa_alg(head, &rsa_algs[i]); 294 + if (ret) 295 + return ret; 296 + } 297 + 298 + return 0; 299 + }

+1 -1

drivers/crypto/ccp/ccp-crypto-sha.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) SHA crypto API support 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com>

+34 -2

drivers/crypto/ccp/ccp-crypto.h

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) crypto API support 3 3 * 4 - * Copyright (C) 2013 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * ··· 24 24 #include <crypto/ctr.h> 25 25 #include <crypto/hash.h> 26 26 #include <crypto/sha.h> 27 + #include <crypto/akcipher.h> 28 + #include <crypto/internal/rsa.h> 27 29 28 30 #define CCP_LOG_LEVEL KERN_INFO 29 31 ··· 58 56 char child_alg[CRYPTO_MAX_ALG_NAME]; 59 57 60 58 struct ahash_alg alg; 59 + }; 60 + 61 + struct ccp_crypto_akcipher_alg { 62 + struct list_head entry; 63 + 64 + struct akcipher_alg alg; 61 65 }; 62 66 63 67 static inline struct ccp_crypto_ablkcipher_alg * ··· 99 91 100 92 struct scatterlist key_sg; 101 93 unsigned int key_len; 102 - u8 key[AES_MAX_KEY_SIZE]; 94 + u8 key[AES_MAX_KEY_SIZE * 2]; 103 95 104 96 u8 nonce[CTR_RFC3686_NONCE_SIZE]; 105 97 ··· 235 227 u8 buf[MAX_SHA_BLOCK_SIZE]; 236 228 }; 237 229 230 + /***** RSA related defines *****/ 231 + 232 + struct ccp_rsa_ctx { 233 + unsigned int key_len; /* in bits */ 234 + struct scatterlist e_sg; 235 + u8 *e_buf; 236 + unsigned int e_len; 237 + struct scatterlist n_sg; 238 + u8 *n_buf; 239 + unsigned int n_len; 240 + struct scatterlist d_sg; 241 + u8 *d_buf; 242 + unsigned int d_len; 243 + }; 244 + 245 + struct ccp_rsa_req_ctx { 246 + struct ccp_cmd cmd; 247 + }; 248 + 249 + #define CCP_RSA_MAXMOD (4 * 1024 / 8) 250 + #define CCP5_RSA_MAXMOD (16 * 1024 / 8) 251 + 238 252 /***** Common Context Structure *****/ 239 253 struct ccp_ctx { 240 254 int (*complete)(struct crypto_async_request *req, int ret); 241 255 242 256 union { 243 257 struct ccp_aes_ctx aes; 258 + struct ccp_rsa_ctx rsa; 244 259 struct ccp_sha_ctx sha; 245 260 struct ccp_des3_ctx des3; 246 261 } u; ··· 280 249 int ccp_register_aes_aeads(struct list_head *head); 281 250 int ccp_register_sha_algs(struct list_head *head); 282 251 int ccp_register_des3_algs(struct list_head *head); 252 + int ccp_register_rsa_algs(struct list_head *head); 283 253 284 254 #endif

+10 -5

drivers/crypto/ccp/ccp-debugfs.c

··· 305 305 306 306 ccp->debugfs_instance = debugfs_create_dir(ccp->name, ccp_debugfs_dir); 307 307 if (!ccp->debugfs_instance) 308 - return; 308 + goto err; 309 309 310 310 debugfs_info = debugfs_create_file("info", 0400, 311 311 ccp->debugfs_instance, ccp, 312 312 &ccp_debugfs_info_ops); 313 313 if (!debugfs_info) 314 - return; 314 + goto err; 315 315 316 316 debugfs_stats = debugfs_create_file("stats", 0600, 317 317 ccp->debugfs_instance, ccp, 318 318 &ccp_debugfs_stats_ops); 319 319 if (!debugfs_stats) 320 - return; 320 + goto err; 321 321 322 322 for (i = 0; i < ccp->cmd_q_count; i++) { 323 323 cmd_q = &ccp->cmd_q[i]; ··· 327 327 debugfs_q_instance = 328 328 debugfs_create_dir(name, ccp->debugfs_instance); 329 329 if (!debugfs_q_instance) 330 - return; 330 + goto err; 331 331 332 332 debugfs_q_stats = 333 333 debugfs_create_file("stats", 0600, 334 334 debugfs_q_instance, cmd_q, 335 335 &ccp_debugfs_queue_ops); 336 336 if (!debugfs_q_stats) 337 - return; 337 + goto err; 338 338 } 339 + 340 + return; 341 + 342 + err: 343 + debugfs_remove_recursive(ccp->debugfs_instance); 339 344 } 340 345 341 346 void ccp5_debugfs_destroy(void)

+13 -7

drivers/crypto/ccp/ccp-dev-v3.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 359 359 360 360 static irqreturn_t ccp_irq_handler(int irq, void *data) 361 361 { 362 - struct device *dev = data; 363 - struct ccp_device *ccp = dev_get_drvdata(dev); 362 + struct ccp_device *ccp = (struct ccp_device *)data; 364 363 365 364 ccp_disable_queue_interrupts(ccp); 366 365 if (ccp->use_tasklet) ··· 453 454 iowrite32(ccp->qim, ccp->io_regs + IRQ_STATUS_REG); 454 455 455 456 /* Request an irq */ 456 - ret = ccp->get_irq(ccp); 457 + ret = sp_request_ccp_irq(ccp->sp, ccp_irq_handler, ccp->name, ccp); 457 458 if (ret) { 458 459 dev_err(dev, "unable to allocate an IRQ\n"); 459 460 goto e_pool; ··· 510 511 if (ccp->cmd_q[i].kthread) 511 512 kthread_stop(ccp->cmd_q[i].kthread); 512 513 513 - ccp->free_irq(ccp); 514 + sp_free_ccp_irq(ccp->sp, ccp); 514 515 515 516 e_pool: 516 517 for (i = 0; i < ccp->cmd_q_count; i++) ··· 549 550 if (ccp->cmd_q[i].kthread) 550 551 kthread_stop(ccp->cmd_q[i].kthread); 551 552 552 - ccp->free_irq(ccp); 553 + sp_free_ccp_irq(ccp->sp, ccp); 553 554 554 555 for (i = 0; i < ccp->cmd_q_count; i++) 555 556 dma_pool_destroy(ccp->cmd_q[i].dma_pool); ··· 585 586 .irqhandler = ccp_irq_handler, 586 587 }; 587 588 589 + const struct ccp_vdata ccpv3_platform = { 590 + .version = CCP_VERSION(3, 0), 591 + .setup = NULL, 592 + .perform = &ccp3_actions, 593 + .offset = 0, 594 + }; 595 + 588 596 const struct ccp_vdata ccpv3 = { 589 597 .version = CCP_VERSION(3, 0), 590 598 .setup = NULL, 591 599 .perform = &ccp3_actions, 592 - .bar = 2, 593 600 .offset = 0x20000, 601 + .rsamax = CCP_RSA_MAX_WIDTH, 594 602 };

+14 -14

drivers/crypto/ccp/ccp-dev-v5.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Gary R Hook <gary.hook@amd.com> 7 7 * ··· 145 145 #define CCP_AES_MODE(p) ((p)->aes.mode) 146 146 #define CCP_AES_TYPE(p) ((p)->aes.type) 147 147 #define CCP_XTS_SIZE(p) ((p)->aes_xts.size) 148 + #define CCP_XTS_TYPE(p) ((p)->aes_xts.type) 148 149 #define CCP_XTS_ENCRYPT(p) ((p)->aes_xts.encrypt) 149 150 #define CCP_DES3_SIZE(p) ((p)->des3.size) 150 151 #define CCP_DES3_ENCRYPT(p) ((p)->des3.encrypt) ··· 345 344 CCP5_CMD_PROT(&desc) = 0; 346 345 347 346 function.raw = 0; 347 + CCP_XTS_TYPE(&function) = op->u.xts.type; 348 348 CCP_XTS_ENCRYPT(&function) = op->u.xts.action; 349 349 CCP_XTS_SIZE(&function) = op->u.xts.unit_size; 350 350 CCP5_CMD_FUNCTION(&desc) = function.raw; ··· 471 469 CCP5_CMD_PROT(&desc) = 0; 472 470 473 471 function.raw = 0; 474 - CCP_RSA_SIZE(&function) = op->u.rsa.mod_size >> 3; 472 + CCP_RSA_SIZE(&function) = (op->u.rsa.mod_size + 7) >> 3; 475 473 CCP5_CMD_FUNCTION(&desc) = function.raw; 476 474 477 475 CCP5_CMD_LEN(&desc) = op->u.rsa.input_len; ··· 486 484 CCP5_CMD_DST_HI(&desc) = ccp_addr_hi(&op->dst.u.dma); 487 485 CCP5_CMD_DST_MEM(&desc) = CCP_MEMTYPE_SYSTEM; 488 486 489 - /* Exponent is in LSB memory */ 490 - CCP5_CMD_KEY_LO(&desc) = op->sb_key * LSB_ITEM_SIZE; 491 - CCP5_CMD_KEY_HI(&desc) = 0; 492 - CCP5_CMD_KEY_MEM(&desc) = CCP_MEMTYPE_SB; 487 + /* Key (Exponent) is in external memory */ 488 + CCP5_CMD_KEY_LO(&desc) = ccp_addr_lo(&op->exp.u.dma); 489 + CCP5_CMD_KEY_HI(&desc) = ccp_addr_hi(&op->exp.u.dma); 490 + CCP5_CMD_KEY_MEM(&desc) = CCP_MEMTYPE_SYSTEM; 493 491 494 492 return ccp5_do_cmd(&desc, op->cmd_q); 495 493 } ··· 771 769 772 770 static irqreturn_t ccp5_irq_handler(int irq, void *data) 773 771 { 774 - struct device *dev = data; 775 - struct ccp_device *ccp = dev_get_drvdata(dev); 772 + struct ccp_device *ccp = (struct ccp_device *)data; 776 773 777 774 ccp5_disable_queue_interrupts(ccp); 778 775 ccp->total_interrupts++; ··· 882 881 883 882 dev_dbg(dev, "Requesting an IRQ...\n"); 884 883 /* Request an irq */ 885 - ret = ccp->get_irq(ccp); 884 + ret = sp_request_ccp_irq(ccp->sp, ccp5_irq_handler, ccp->name, ccp); 886 885 if (ret) { 887 886 dev_err(dev, "unable to allocate an IRQ\n"); 888 887 goto e_pool; ··· 988 987 kthread_stop(ccp->cmd_q[i].kthread); 989 988 990 989 e_irq: 991 - ccp->free_irq(ccp); 990 + sp_free_ccp_irq(ccp->sp, ccp); 992 991 993 992 e_pool: 994 993 for (i = 0; i < ccp->cmd_q_count; i++) ··· 1038 1037 if (ccp->cmd_q[i].kthread) 1039 1038 kthread_stop(ccp->cmd_q[i].kthread); 1040 1039 1041 - ccp->free_irq(ccp); 1040 + sp_free_ccp_irq(ccp->sp, ccp); 1042 1041 1043 1042 for (i = 0; i < ccp->cmd_q_count; i++) { 1044 1043 cmd_q = &ccp->cmd_q[i]; ··· 1107 1106 .init = ccp5_init, 1108 1107 .destroy = ccp5_destroy, 1109 1108 .get_free_slots = ccp5_get_free_slots, 1110 - .irqhandler = ccp5_irq_handler, 1111 1109 }; 1112 1110 1113 1111 const struct ccp_vdata ccpv5a = { 1114 1112 .version = CCP_VERSION(5, 0), 1115 1113 .setup = ccp5_config, 1116 1114 .perform = &ccp5_actions, 1117 - .bar = 2, 1118 1115 .offset = 0x0, 1116 + .rsamax = CCP5_RSA_MAX_WIDTH, 1119 1117 }; 1120 1118 1121 1119 const struct ccp_vdata ccpv5b = { ··· 1122 1122 .dma_chan_attr = DMA_PRIVATE, 1123 1123 .setup = ccp5other_config, 1124 1124 .perform = &ccp5_actions, 1125 - .bar = 2, 1126 1125 .offset = 0x0, 1126 + .rsamax = CCP5_RSA_MAX_WIDTH, 1127 1127 };

+87 -53

drivers/crypto/ccp/ccp-dev.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 11 11 * published by the Free Software Foundation. 12 12 */ 13 13 14 - #include <linux/module.h> 15 14 #include <linux/kernel.h> 16 15 #include <linux/kthread.h> 17 16 #include <linux/sched.h> ··· 28 29 #include <linux/ccp.h> 29 30 30 31 #include "ccp-dev.h" 31 - 32 - MODULE_AUTHOR("Tom Lendacky <thomas.lendacky@amd.com>"); 33 - MODULE_AUTHOR("Gary R Hook <gary.hook@amd.com>"); 34 - MODULE_LICENSE("GPL"); 35 - MODULE_VERSION("1.1.0"); 36 - MODULE_DESCRIPTION("AMD Cryptographic Coprocessor driver"); 37 32 38 33 struct ccp_tasklet_data { 39 34 struct completion completion; ··· 103 110 /* Round-robin counter */ 104 111 static DEFINE_SPINLOCK(ccp_rr_lock); 105 112 static struct ccp_device *ccp_rr; 106 - 107 - /* Ever-increasing value to produce unique unit numbers */ 108 - static atomic_t ccp_unit_ordinal; 109 - static unsigned int ccp_increment_unit_ordinal(void) 110 - { 111 - return atomic_inc_return(&ccp_unit_ordinal); 112 - } 113 113 114 114 /** 115 115 * ccp_add_device - add a CCP device to the list ··· 401 415 struct ccp_cmd *cmd = tdata->cmd; 402 416 403 417 cmd->callback(cmd->data, cmd->ret); 418 + 404 419 complete(&tdata->completion); 405 420 } 406 421 ··· 451 464 * 452 465 * @dev: device struct of the CCP 453 466 */ 454 - struct ccp_device *ccp_alloc_struct(struct device *dev) 467 + struct ccp_device *ccp_alloc_struct(struct sp_device *sp) 455 468 { 469 + struct device *dev = sp->dev; 456 470 struct ccp_device *ccp; 457 471 458 472 ccp = devm_kzalloc(dev, sizeof(*ccp), GFP_KERNEL); 459 473 if (!ccp) 460 474 return NULL; 461 475 ccp->dev = dev; 476 + ccp->sp = sp; 477 + ccp->axcache = sp->axcache; 462 478 463 479 INIT_LIST_HEAD(&ccp->cmd); 464 480 INIT_LIST_HEAD(&ccp->backlog); ··· 476 486 init_waitqueue_head(&ccp->sb_queue); 477 487 init_waitqueue_head(&ccp->suspend_queue); 478 488 479 - ccp->ord = ccp_increment_unit_ordinal(); 480 - snprintf(ccp->name, MAX_CCP_NAME_LEN, "ccp-%u", ccp->ord); 481 - snprintf(ccp->rngname, MAX_CCP_NAME_LEN, "ccp-%u-rng", ccp->ord); 489 + snprintf(ccp->name, MAX_CCP_NAME_LEN, "ccp-%u", sp->ord); 490 + snprintf(ccp->rngname, MAX_CCP_NAME_LEN, "ccp-%u-rng", sp->ord); 482 491 483 492 return ccp; 484 493 } ··· 527 538 528 539 return ccp->cmd_q_count == suspended; 529 540 } 530 - #endif 531 541 532 - static int __init ccp_mod_init(void) 542 + int ccp_dev_suspend(struct sp_device *sp, pm_message_t state) 533 543 { 534 - #ifdef CONFIG_X86 535 - int ret; 544 + struct ccp_device *ccp = sp->ccp_data; 545 + unsigned long flags; 546 + unsigned int i; 536 547 537 - ret = ccp_pci_init(); 538 - if (ret) 539 - return ret; 548 + spin_lock_irqsave(&ccp->cmd_lock, flags); 540 549 541 - /* Don't leave the driver loaded if init failed */ 542 - if (ccp_present() != 0) { 543 - ccp_pci_exit(); 544 - return -ENODEV; 545 - } 550 + ccp->suspending = 1; 551 + 552 + /* Wake all the queue kthreads to prepare for suspend */ 553 + for (i = 0; i < ccp->cmd_q_count; i++) 554 + wake_up_process(ccp->cmd_q[i].kthread); 555 + 556 + spin_unlock_irqrestore(&ccp->cmd_lock, flags); 557 + 558 + /* Wait for all queue kthreads to say they're done */ 559 + while (!ccp_queues_suspended(ccp)) 560 + wait_event_interruptible(ccp->suspend_queue, 561 + ccp_queues_suspended(ccp)); 546 562 547 563 return 0; 548 - #endif 564 + } 549 565 550 - #ifdef CONFIG_ARM64 551 - int ret; 566 + int ccp_dev_resume(struct sp_device *sp) 567 + { 568 + struct ccp_device *ccp = sp->ccp_data; 569 + unsigned long flags; 570 + unsigned int i; 552 571 553 - ret = ccp_platform_init(); 554 - if (ret) 555 - return ret; 572 + spin_lock_irqsave(&ccp->cmd_lock, flags); 556 573 557 - /* Don't leave the driver loaded if init failed */ 558 - if (ccp_present() != 0) { 559 - ccp_platform_exit(); 560 - return -ENODEV; 574 + ccp->suspending = 0; 575 + 576 + /* Wake up all the kthreads */ 577 + for (i = 0; i < ccp->cmd_q_count; i++) { 578 + ccp->cmd_q[i].suspended = 0; 579 + wake_up_process(ccp->cmd_q[i].kthread); 561 580 } 562 581 582 + spin_unlock_irqrestore(&ccp->cmd_lock, flags); 583 + 563 584 return 0; 585 + } 564 586 #endif 565 587 566 - return -ENODEV; 567 - } 568 - 569 - static void __exit ccp_mod_exit(void) 588 + int ccp_dev_init(struct sp_device *sp) 570 589 { 571 - #ifdef CONFIG_X86 572 - ccp_pci_exit(); 573 - #endif 590 + struct device *dev = sp->dev; 591 + struct ccp_device *ccp; 592 + int ret; 574 593 575 - #ifdef CONFIG_ARM64 576 - ccp_platform_exit(); 577 - #endif 594 + ret = -ENOMEM; 595 + ccp = ccp_alloc_struct(sp); 596 + if (!ccp) 597 + goto e_err; 598 + sp->ccp_data = ccp; 599 + 600 + ccp->vdata = (struct ccp_vdata *)sp->dev_vdata->ccp_vdata; 601 + if (!ccp->vdata || !ccp->vdata->version) { 602 + ret = -ENODEV; 603 + dev_err(dev, "missing driver data\n"); 604 + goto e_err; 605 + } 606 + 607 + ccp->use_tasklet = sp->use_tasklet; 608 + 609 + ccp->io_regs = sp->io_map + ccp->vdata->offset; 610 + if (ccp->vdata->setup) 611 + ccp->vdata->setup(ccp); 612 + 613 + ret = ccp->vdata->perform->init(ccp); 614 + if (ret) 615 + goto e_err; 616 + 617 + dev_notice(dev, "ccp enabled\n"); 618 + 619 + return 0; 620 + 621 + e_err: 622 + sp->ccp_data = NULL; 623 + 624 + dev_notice(dev, "ccp initialization failed\n"); 625 + 626 + return ret; 578 627 } 579 628 580 - module_init(ccp_mod_init); 581 - module_exit(ccp_mod_exit); 629 + void ccp_dev_destroy(struct sp_device *sp) 630 + { 631 + struct ccp_device *ccp = sp->ccp_data; 632 + 633 + if (!ccp) 634 + return; 635 + 636 + ccp->vdata->perform->destroy(ccp); 637 + }

+9 -21

drivers/crypto/ccp/ccp-dev.h

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 26 26 #include <linux/interrupt.h> 27 27 #include <linux/irqreturn.h> 28 28 #include <linux/dmaengine.h> 29 + 30 + #include "sp-dev.h" 29 31 30 32 #define MAX_CCP_NAME_LEN 16 31 33 #define MAX_DMAPOOL_NAME_LEN 32 ··· 194 192 #define CCP_AES_CTX_SB_COUNT 1 195 193 196 194 #define CCP_XTS_AES_KEY_SB_COUNT 1 195 + #define CCP5_XTS_AES_KEY_SB_COUNT 2 197 196 #define CCP_XTS_AES_CTX_SB_COUNT 1 198 197 199 198 #define CCP_DES3_KEY_SB_COUNT 1 ··· 203 200 #define CCP_SHA_SB_COUNT 1 204 201 205 202 #define CCP_RSA_MAX_WIDTH 4096 203 + #define CCP5_RSA_MAX_WIDTH 16384 206 204 207 205 #define CCP_PASSTHRU_BLOCKSIZE 256 208 206 #define CCP_PASSTHRU_MASKSIZE 32 ··· 348 344 char rngname[MAX_CCP_NAME_LEN]; 349 345 350 346 struct device *dev; 347 + struct sp_device *sp; 351 348 352 349 /* Bus specific device information 353 350 */ 354 351 void *dev_specific; 355 - int (*get_irq)(struct ccp_device *ccp); 356 - void (*free_irq)(struct ccp_device *ccp); 357 352 unsigned int qim; 358 353 unsigned int irq; 359 354 bool use_tasklet; ··· 365 362 * them. 366 363 */ 367 364 struct mutex req_mutex ____cacheline_aligned; 368 - void __iomem *io_map; 369 365 void __iomem *io_regs; 370 366 371 367 /* Master lists that all cmds are queued on. Because there can be ··· 499 497 }; 500 498 501 499 struct ccp_xts_aes_op { 500 + enum ccp_aes_type type; 502 501 enum ccp_aes_action action; 503 502 enum ccp_xts_aes_unit_size unit_size; 504 503 }; ··· 629 626 struct dword7 dw7; 630 627 }; 631 628 632 - int ccp_pci_init(void); 633 - void ccp_pci_exit(void); 634 - 635 - int ccp_platform_init(void); 636 - void ccp_platform_exit(void); 637 - 638 629 void ccp_add_device(struct ccp_device *ccp); 639 630 void ccp_del_device(struct ccp_device *ccp); 640 631 641 632 extern void ccp_log_error(struct ccp_device *, int); 642 633 643 - struct ccp_device *ccp_alloc_struct(struct device *dev); 634 + struct ccp_device *ccp_alloc_struct(struct sp_device *sp); 644 635 bool ccp_queues_suspended(struct ccp_device *ccp); 645 636 int ccp_cmd_queue_thread(void *data); 646 637 int ccp_trng_read(struct hwrng *rng, void *data, size_t max, bool wait); ··· 666 669 irqreturn_t (*irqhandler)(int, void *); 667 670 }; 668 671 669 - /* Structure to hold CCP version-specific values */ 670 - struct ccp_vdata { 671 - const unsigned int version; 672 - const unsigned int dma_chan_attr; 673 - void (*setup)(struct ccp_device *); 674 - const struct ccp_actions *perform; 675 - const unsigned int bar; 676 - const unsigned int offset; 677 - }; 678 - 672 + extern const struct ccp_vdata ccpv3_platform; 679 673 extern const struct ccp_vdata ccpv3; 680 674 extern const struct ccp_vdata ccpv5a; 681 675 extern const struct ccp_vdata ccpv5b;

+1 -1

drivers/crypto/ccp/ccp-dmaengine.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Gary R Hook <gary.hook@amd.com> 7 7 *

+91 -42

drivers/crypto/ccp/ccp-ops.c

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 168 168 169 169 wa->dma.address = dma_map_single(wa->dev, wa->address, len, 170 170 dir); 171 - if (!wa->dma.address) 171 + if (dma_mapping_error(wa->dev, wa->dma.address)) 172 172 return -ENOMEM; 173 173 174 174 wa->dma.length = len; ··· 1038 1038 struct ccp_op op; 1039 1039 unsigned int unit_size, dm_offset; 1040 1040 bool in_place = false; 1041 + unsigned int sb_count; 1042 + enum ccp_aes_type aestype; 1041 1043 int ret; 1042 1044 1043 1045 switch (xts->unit_size) { ··· 1063 1061 return -EINVAL; 1064 1062 } 1065 1063 1066 - if (xts->key_len != AES_KEYSIZE_128) 1064 + if (xts->key_len == AES_KEYSIZE_128) 1065 + aestype = CCP_AES_TYPE_128; 1066 + else if (xts->key_len == AES_KEYSIZE_256) 1067 + aestype = CCP_AES_TYPE_256; 1068 + else 1067 1069 return -EINVAL; 1068 1070 1069 1071 if (!xts->final && (xts->src_len & (AES_BLOCK_SIZE - 1))) ··· 1089 1083 op.sb_key = cmd_q->sb_key; 1090 1084 op.sb_ctx = cmd_q->sb_ctx; 1091 1085 op.init = 1; 1086 + op.u.xts.type = aestype; 1092 1087 op.u.xts.action = xts->action; 1093 1088 op.u.xts.unit_size = xts->unit_size; 1094 1089 1095 - /* All supported key sizes fit in a single (32-byte) SB entry 1096 - * and must be in little endian format. Use the 256-bit byte 1097 - * swap passthru option to convert from big endian to little 1098 - * endian. 1090 + /* A version 3 device only supports 128-bit keys, which fits into a 1091 + * single SB entry. A version 5 device uses a 512-bit vector, so two 1092 + * SB entries. 1099 1093 */ 1094 + if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) 1095 + sb_count = CCP_XTS_AES_KEY_SB_COUNT; 1096 + else 1097 + sb_count = CCP5_XTS_AES_KEY_SB_COUNT; 1100 1098 ret = ccp_init_dm_workarea(&key, cmd_q, 1101 - CCP_XTS_AES_KEY_SB_COUNT * CCP_SB_BYTES, 1099 + sb_count * CCP_SB_BYTES, 1102 1100 DMA_TO_DEVICE); 1103 1101 if (ret) 1104 1102 return ret; 1105 1103 1106 - dm_offset = CCP_SB_BYTES - AES_KEYSIZE_128; 1107 - ccp_set_dm_area(&key, dm_offset, xts->key, 0, xts->key_len); 1108 - ccp_set_dm_area(&key, 0, xts->key, dm_offset, xts->key_len); 1104 + if (cmd_q->ccp->vdata->version == CCP_VERSION(3, 0)) { 1105 + /* All supported key sizes must be in little endian format. 1106 + * Use the 256-bit byte swap passthru option to convert from 1107 + * big endian to little endian. 1108 + */ 1109 + dm_offset = CCP_SB_BYTES - AES_KEYSIZE_128; 1110 + ccp_set_dm_area(&key, dm_offset, xts->key, 0, xts->key_len); 1111 + ccp_set_dm_area(&key, 0, xts->key, xts->key_len, xts->key_len); 1112 + } else { 1113 + /* Version 5 CCPs use a 512-bit space for the key: each portion 1114 + * occupies 256 bits, or one entire slot, and is zero-padded. 1115 + */ 1116 + unsigned int pad; 1117 + 1118 + dm_offset = CCP_SB_BYTES; 1119 + pad = dm_offset - xts->key_len; 1120 + ccp_set_dm_area(&key, pad, xts->key, 0, xts->key_len); 1121 + ccp_set_dm_area(&key, dm_offset + pad, xts->key, xts->key_len, 1122 + xts->key_len); 1123 + } 1109 1124 ret = ccp_copy_to_sb(cmd_q, &key, op.jobid, op.sb_key, 1110 1125 CCP_PASSTHRU_BYTESWAP_256BIT); 1111 1126 if (ret) { ··· 1758 1731 static int ccp_run_rsa_cmd(struct ccp_cmd_queue *cmd_q, struct ccp_cmd *cmd) 1759 1732 { 1760 1733 struct ccp_rsa_engine *rsa = &cmd->u.rsa; 1761 - struct ccp_dm_workarea exp, src; 1762 - struct ccp_data dst; 1734 + struct ccp_dm_workarea exp, src, dst; 1763 1735 struct ccp_op op; 1764 1736 unsigned int sb_count, i_len, o_len; 1765 1737 int ret; 1766 1738 1767 - if (rsa->key_size > CCP_RSA_MAX_WIDTH) 1739 + /* Check against the maximum allowable size, in bits */ 1740 + if (rsa->key_size > cmd_q->ccp->vdata->rsamax) 1768 1741 return -EINVAL; 1769 1742 1770 1743 if (!rsa->exp || !rsa->mod || !rsa->src || !rsa->dst) 1771 1744 return -EINVAL; 1772 1745 1746 + memset(&op, 0, sizeof(op)); 1747 + op.cmd_q = cmd_q; 1748 + op.jobid = CCP_NEW_JOBID(cmd_q->ccp); 1749 + 1773 1750 /* The RSA modulus must precede the message being acted upon, so 1774 1751 * it must be copied to a DMA area where the message and the 1775 1752 * modulus can be concatenated. Therefore the input buffer 1776 1753 * length required is twice the output buffer length (which 1777 - * must be a multiple of 256-bits). 1754 + * must be a multiple of 256-bits). Compute o_len, i_len in bytes. 1755 + * Buffer sizes must be a multiple of 32 bytes; rounding up may be 1756 + * required. 1778 1757 */ 1779 - o_len = ((rsa->key_size + 255) / 256) * 32; 1758 + o_len = 32 * ((rsa->key_size + 255) / 256); 1780 1759 i_len = o_len * 2; 1781 1760 1782 - sb_count = o_len / CCP_SB_BYTES; 1761 + sb_count = 0; 1762 + if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { 1763 + /* sb_count is the number of storage block slots required 1764 + * for the modulus. 1765 + */ 1766 + sb_count = o_len / CCP_SB_BYTES; 1767 + op.sb_key = cmd_q->ccp->vdata->perform->sballoc(cmd_q, 1768 + sb_count); 1769 + if (!op.sb_key) 1770 + return -EIO; 1771 + } else { 1772 + /* A version 5 device allows a modulus size that will not fit 1773 + * in the LSB, so the command will transfer it from memory. 1774 + * Set the sb key to the default, even though it's not used. 1775 + */ 1776 + op.sb_key = cmd_q->sb_key; 1777 + } 1783 1778 1784 - memset(&op, 0, sizeof(op)); 1785 - op.cmd_q = cmd_q; 1786 - op.jobid = ccp_gen_jobid(cmd_q->ccp); 1787 - op.sb_key = cmd_q->ccp->vdata->perform->sballoc(cmd_q, sb_count); 1788 - 1789 - if (!op.sb_key) 1790 - return -EIO; 1791 - 1792 - /* The RSA exponent may span multiple (32-byte) SB entries and must 1793 - * be in little endian format. Reverse copy each 32-byte chunk 1794 - * of the exponent (En chunk to E0 chunk, E(n-1) chunk to E1 chunk) 1795 - * and each byte within that chunk and do not perform any byte swap 1796 - * operations on the passthru operation. 1779 + /* The RSA exponent must be in little endian format. Reverse its 1780 + * byte order. 1797 1781 */ 1798 1782 ret = ccp_init_dm_workarea(&exp, cmd_q, o_len, DMA_TO_DEVICE); 1799 1783 if (ret) ··· 1813 1775 ret = ccp_reverse_set_dm_area(&exp, 0, rsa->exp, 0, rsa->exp_len); 1814 1776 if (ret) 1815 1777 goto e_exp; 1816 - ret = ccp_copy_to_sb(cmd_q, &exp, op.jobid, op.sb_key, 1817 - CCP_PASSTHRU_BYTESWAP_NOOP); 1818 - if (ret) { 1819 - cmd->engine_error = cmd_q->cmd_error; 1820 - goto e_exp; 1778 + 1779 + if (cmd_q->ccp->vdata->version < CCP_VERSION(5, 0)) { 1780 + /* Copy the exponent to the local storage block, using 1781 + * as many 32-byte blocks as were allocated above. It's 1782 + * already little endian, so no further change is required. 1783 + */ 1784 + ret = ccp_copy_to_sb(cmd_q, &exp, op.jobid, op.sb_key, 1785 + CCP_PASSTHRU_BYTESWAP_NOOP); 1786 + if (ret) { 1787 + cmd->engine_error = cmd_q->cmd_error; 1788 + goto e_exp; 1789 + } 1790 + } else { 1791 + /* The exponent can be retrieved from memory via DMA. */ 1792 + op.exp.u.dma.address = exp.dma.address; 1793 + op.exp.u.dma.offset = 0; 1821 1794 } 1822 1795 1823 1796 /* Concatenate the modulus and the message. Both the modulus and ··· 1847 1798 goto e_src; 1848 1799 1849 1800 /* Prepare the output area for the operation */ 1850 - ret = ccp_init_data(&dst, cmd_q, rsa->dst, rsa->mod_len, 1851 - o_len, DMA_FROM_DEVICE); 1801 + ret = ccp_init_dm_workarea(&dst, cmd_q, o_len, DMA_FROM_DEVICE); 1852 1802 if (ret) 1853 1803 goto e_src; 1854 1804 ··· 1855 1807 op.src.u.dma.address = src.dma.address; 1856 1808 op.src.u.dma.offset = 0; 1857 1809 op.src.u.dma.length = i_len; 1858 - op.dst.u.dma.address = dst.dm_wa.dma.address; 1810 + op.dst.u.dma.address = dst.dma.address; 1859 1811 op.dst.u.dma.offset = 0; 1860 1812 op.dst.u.dma.length = o_len; 1861 1813 ··· 1868 1820 goto e_dst; 1869 1821 } 1870 1822 1871 - ccp_reverse_get_dm_area(&dst.dm_wa, 0, rsa->dst, 0, rsa->mod_len); 1823 + ccp_reverse_get_dm_area(&dst, 0, rsa->dst, 0, rsa->mod_len); 1872 1824 1873 1825 e_dst: 1874 - ccp_free_data(&dst, cmd_q); 1826 + ccp_dm_free(&dst); 1875 1827 1876 1828 e_src: 1877 1829 ccp_dm_free(&src); ··· 1880 1832 ccp_dm_free(&exp); 1881 1833 1882 1834 e_sb: 1883 - cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); 1835 + if (sb_count) 1836 + cmd_q->ccp->vdata->perform->sbfree(cmd_q, op.sb_key, sb_count); 1884 1837 1885 1838 return ret; 1886 1839 } ··· 2041 1992 2042 1993 memset(&op, 0, sizeof(op)); 2043 1994 op.cmd_q = cmd_q; 2044 - op.jobid = ccp_gen_jobid(cmd_q->ccp); 1995 + op.jobid = CCP_NEW_JOBID(cmd_q->ccp); 2045 1996 2046 1997 if (pt->bit_mod != CCP_PASSTHRU_BITWISE_NOOP) { 2047 1998 /* Load the mask */

-356

drivers/crypto/ccp/ccp-pci.c

··· 1 - /* 2 - * AMD Cryptographic Coprocessor (CCP) driver 3 - * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 5 - * 6 - * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 - * Author: Gary R Hook <gary.hook@amd.com> 8 - * 9 - * This program is free software; you can redistribute it and/or modify 10 - * it under the terms of the GNU General Public License version 2 as 11 - * published by the Free Software Foundation. 12 - */ 13 - 14 - #include <linux/module.h> 15 - #include <linux/kernel.h> 16 - #include <linux/device.h> 17 - #include <linux/pci.h> 18 - #include <linux/pci_ids.h> 19 - #include <linux/dma-mapping.h> 20 - #include <linux/kthread.h> 21 - #include <linux/sched.h> 22 - #include <linux/interrupt.h> 23 - #include <linux/spinlock.h> 24 - #include <linux/delay.h> 25 - #include <linux/ccp.h> 26 - 27 - #include "ccp-dev.h" 28 - 29 - #define MSIX_VECTORS 2 30 - 31 - struct ccp_msix { 32 - u32 vector; 33 - char name[16]; 34 - }; 35 - 36 - struct ccp_pci { 37 - int msix_count; 38 - struct ccp_msix msix[MSIX_VECTORS]; 39 - }; 40 - 41 - static int ccp_get_msix_irqs(struct ccp_device *ccp) 42 - { 43 - struct ccp_pci *ccp_pci = ccp->dev_specific; 44 - struct device *dev = ccp->dev; 45 - struct pci_dev *pdev = to_pci_dev(dev); 46 - struct msix_entry msix_entry[MSIX_VECTORS]; 47 - unsigned int name_len = sizeof(ccp_pci->msix[0].name) - 1; 48 - int v, ret; 49 - 50 - for (v = 0; v < ARRAY_SIZE(msix_entry); v++) 51 - msix_entry[v].entry = v; 52 - 53 - ret = pci_enable_msix_range(pdev, msix_entry, 1, v); 54 - if (ret < 0) 55 - return ret; 56 - 57 - ccp_pci->msix_count = ret; 58 - for (v = 0; v < ccp_pci->msix_count; v++) { 59 - /* Set the interrupt names and request the irqs */ 60 - snprintf(ccp_pci->msix[v].name, name_len, "%s-%u", 61 - ccp->name, v); 62 - ccp_pci->msix[v].vector = msix_entry[v].vector; 63 - ret = request_irq(ccp_pci->msix[v].vector, 64 - ccp->vdata->perform->irqhandler, 65 - 0, ccp_pci->msix[v].name, dev); 66 - if (ret) { 67 - dev_notice(dev, "unable to allocate MSI-X IRQ (%d)\n", 68 - ret); 69 - goto e_irq; 70 - } 71 - } 72 - ccp->use_tasklet = true; 73 - 74 - return 0; 75 - 76 - e_irq: 77 - while (v--) 78 - free_irq(ccp_pci->msix[v].vector, dev); 79 - 80 - pci_disable_msix(pdev); 81 - 82 - ccp_pci->msix_count = 0; 83 - 84 - return ret; 85 - } 86 - 87 - static int ccp_get_msi_irq(struct ccp_device *ccp) 88 - { 89 - struct device *dev = ccp->dev; 90 - struct pci_dev *pdev = to_pci_dev(dev); 91 - int ret; 92 - 93 - ret = pci_enable_msi(pdev); 94 - if (ret) 95 - return ret; 96 - 97 - ccp->irq = pdev->irq; 98 - ret = request_irq(ccp->irq, ccp->vdata->perform->irqhandler, 0, 99 - ccp->name, dev); 100 - if (ret) { 101 - dev_notice(dev, "unable to allocate MSI IRQ (%d)\n", ret); 102 - goto e_msi; 103 - } 104 - ccp->use_tasklet = true; 105 - 106 - return 0; 107 - 108 - e_msi: 109 - pci_disable_msi(pdev); 110 - 111 - return ret; 112 - } 113 - 114 - static int ccp_get_irqs(struct ccp_device *ccp) 115 - { 116 - struct device *dev = ccp->dev; 117 - int ret; 118 - 119 - ret = ccp_get_msix_irqs(ccp); 120 - if (!ret) 121 - return 0; 122 - 123 - /* Couldn't get MSI-X vectors, try MSI */ 124 - dev_notice(dev, "could not enable MSI-X (%d), trying MSI\n", ret); 125 - ret = ccp_get_msi_irq(ccp); 126 - if (!ret) 127 - return 0; 128 - 129 - /* Couldn't get MSI interrupt */ 130 - dev_notice(dev, "could not enable MSI (%d)\n", ret); 131 - 132 - return ret; 133 - } 134 - 135 - static void ccp_free_irqs(struct ccp_device *ccp) 136 - { 137 - struct ccp_pci *ccp_pci = ccp->dev_specific; 138 - struct device *dev = ccp->dev; 139 - struct pci_dev *pdev = to_pci_dev(dev); 140 - 141 - if (ccp_pci->msix_count) { 142 - while (ccp_pci->msix_count--) 143 - free_irq(ccp_pci->msix[ccp_pci->msix_count].vector, 144 - dev); 145 - pci_disable_msix(pdev); 146 - } else if (ccp->irq) { 147 - free_irq(ccp->irq, dev); 148 - pci_disable_msi(pdev); 149 - } 150 - ccp->irq = 0; 151 - } 152 - 153 - static int ccp_find_mmio_area(struct ccp_device *ccp) 154 - { 155 - struct device *dev = ccp->dev; 156 - struct pci_dev *pdev = to_pci_dev(dev); 157 - resource_size_t io_len; 158 - unsigned long io_flags; 159 - 160 - io_flags = pci_resource_flags(pdev, ccp->vdata->bar); 161 - io_len = pci_resource_len(pdev, ccp->vdata->bar); 162 - if ((io_flags & IORESOURCE_MEM) && 163 - (io_len >= (ccp->vdata->offset + 0x800))) 164 - return ccp->vdata->bar; 165 - 166 - return -EIO; 167 - } 168 - 169 - static int ccp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) 170 - { 171 - struct ccp_device *ccp; 172 - struct ccp_pci *ccp_pci; 173 - struct device *dev = &pdev->dev; 174 - unsigned int bar; 175 - int ret; 176 - 177 - ret = -ENOMEM; 178 - ccp = ccp_alloc_struct(dev); 179 - if (!ccp) 180 - goto e_err; 181 - 182 - ccp_pci = devm_kzalloc(dev, sizeof(*ccp_pci), GFP_KERNEL); 183 - if (!ccp_pci) 184 - goto e_err; 185 - 186 - ccp->dev_specific = ccp_pci; 187 - ccp->vdata = (struct ccp_vdata *)id->driver_data; 188 - if (!ccp->vdata || !ccp->vdata->version) { 189 - ret = -ENODEV; 190 - dev_err(dev, "missing driver data\n"); 191 - goto e_err; 192 - } 193 - ccp->get_irq = ccp_get_irqs; 194 - ccp->free_irq = ccp_free_irqs; 195 - 196 - ret = pci_request_regions(pdev, "ccp"); 197 - if (ret) { 198 - dev_err(dev, "pci_request_regions failed (%d)\n", ret); 199 - goto e_err; 200 - } 201 - 202 - ret = pci_enable_device(pdev); 203 - if (ret) { 204 - dev_err(dev, "pci_enable_device failed (%d)\n", ret); 205 - goto e_regions; 206 - } 207 - 208 - pci_set_master(pdev); 209 - 210 - ret = ccp_find_mmio_area(ccp); 211 - if (ret < 0) 212 - goto e_device; 213 - bar = ret; 214 - 215 - ret = -EIO; 216 - ccp->io_map = pci_iomap(pdev, bar, 0); 217 - if (!ccp->io_map) { 218 - dev_err(dev, "pci_iomap failed\n"); 219 - goto e_device; 220 - } 221 - ccp->io_regs = ccp->io_map + ccp->vdata->offset; 222 - 223 - ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48)); 224 - if (ret) { 225 - ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32)); 226 - if (ret) { 227 - dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", 228 - ret); 229 - goto e_iomap; 230 - } 231 - } 232 - 233 - dev_set_drvdata(dev, ccp); 234 - 235 - if (ccp->vdata->setup) 236 - ccp->vdata->setup(ccp); 237 - 238 - ret = ccp->vdata->perform->init(ccp); 239 - if (ret) 240 - goto e_iomap; 241 - 242 - dev_notice(dev, "enabled\n"); 243 - 244 - return 0; 245 - 246 - e_iomap: 247 - pci_iounmap(pdev, ccp->io_map); 248 - 249 - e_device: 250 - pci_disable_device(pdev); 251 - 252 - e_regions: 253 - pci_release_regions(pdev); 254 - 255 - e_err: 256 - dev_notice(dev, "initialization failed\n"); 257 - return ret; 258 - } 259 - 260 - static void ccp_pci_remove(struct pci_dev *pdev) 261 - { 262 - struct device *dev = &pdev->dev; 263 - struct ccp_device *ccp = dev_get_drvdata(dev); 264 - 265 - if (!ccp) 266 - return; 267 - 268 - ccp->vdata->perform->destroy(ccp); 269 - 270 - pci_iounmap(pdev, ccp->io_map); 271 - 272 - pci_disable_device(pdev); 273 - 274 - pci_release_regions(pdev); 275 - 276 - dev_notice(dev, "disabled\n"); 277 - } 278 - 279 - #ifdef CONFIG_PM 280 - static int ccp_pci_suspend(struct pci_dev *pdev, pm_message_t state) 281 - { 282 - struct device *dev = &pdev->dev; 283 - struct ccp_device *ccp = dev_get_drvdata(dev); 284 - unsigned long flags; 285 - unsigned int i; 286 - 287 - spin_lock_irqsave(&ccp->cmd_lock, flags); 288 - 289 - ccp->suspending = 1; 290 - 291 - /* Wake all the queue kthreads to prepare for suspend */ 292 - for (i = 0; i < ccp->cmd_q_count; i++) 293 - wake_up_process(ccp->cmd_q[i].kthread); 294 - 295 - spin_unlock_irqrestore(&ccp->cmd_lock, flags); 296 - 297 - /* Wait for all queue kthreads to say they're done */ 298 - while (!ccp_queues_suspended(ccp)) 299 - wait_event_interruptible(ccp->suspend_queue, 300 - ccp_queues_suspended(ccp)); 301 - 302 - return 0; 303 - } 304 - 305 - static int ccp_pci_resume(struct pci_dev *pdev) 306 - { 307 - struct device *dev = &pdev->dev; 308 - struct ccp_device *ccp = dev_get_drvdata(dev); 309 - unsigned long flags; 310 - unsigned int i; 311 - 312 - spin_lock_irqsave(&ccp->cmd_lock, flags); 313 - 314 - ccp->suspending = 0; 315 - 316 - /* Wake up all the kthreads */ 317 - for (i = 0; i < ccp->cmd_q_count; i++) { 318 - ccp->cmd_q[i].suspended = 0; 319 - wake_up_process(ccp->cmd_q[i].kthread); 320 - } 321 - 322 - spin_unlock_irqrestore(&ccp->cmd_lock, flags); 323 - 324 - return 0; 325 - } 326 - #endif 327 - 328 - static const struct pci_device_id ccp_pci_table[] = { 329 - { PCI_VDEVICE(AMD, 0x1537), (kernel_ulong_t)&ccpv3 }, 330 - { PCI_VDEVICE(AMD, 0x1456), (kernel_ulong_t)&ccpv5a }, 331 - { PCI_VDEVICE(AMD, 0x1468), (kernel_ulong_t)&ccpv5b }, 332 - /* Last entry must be zero */ 333 - { 0, } 334 - }; 335 - MODULE_DEVICE_TABLE(pci, ccp_pci_table); 336 - 337 - static struct pci_driver ccp_pci_driver = { 338 - .name = "ccp", 339 - .id_table = ccp_pci_table, 340 - .probe = ccp_pci_probe, 341 - .remove = ccp_pci_remove, 342 - #ifdef CONFIG_PM 343 - .suspend = ccp_pci_suspend, 344 - .resume = ccp_pci_resume, 345 - #endif 346 - }; 347 - 348 - int ccp_pci_init(void) 349 - { 350 - return pci_register_driver(&ccp_pci_driver); 351 - } 352 - 353 - void ccp_pci_exit(void) 354 - { 355 - pci_unregister_driver(&ccp_pci_driver); 356 - }

-293

drivers/crypto/ccp/ccp-platform.c

··· 1 - /* 2 - * AMD Cryptographic Coprocessor (CCP) driver 3 - * 4 - * Copyright (C) 2014,2016 Advanced Micro Devices, Inc. 5 - * 6 - * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 - * 8 - * This program is free software; you can redistribute it and/or modify 9 - * it under the terms of the GNU General Public License version 2 as 10 - * published by the Free Software Foundation. 11 - */ 12 - 13 - #include <linux/module.h> 14 - #include <linux/kernel.h> 15 - #include <linux/device.h> 16 - #include <linux/platform_device.h> 17 - #include <linux/ioport.h> 18 - #include <linux/dma-mapping.h> 19 - #include <linux/kthread.h> 20 - #include <linux/sched.h> 21 - #include <linux/interrupt.h> 22 - #include <linux/spinlock.h> 23 - #include <linux/delay.h> 24 - #include <linux/ccp.h> 25 - #include <linux/of.h> 26 - #include <linux/of_address.h> 27 - #include <linux/acpi.h> 28 - 29 - #include "ccp-dev.h" 30 - 31 - struct ccp_platform { 32 - int coherent; 33 - }; 34 - 35 - static const struct acpi_device_id ccp_acpi_match[]; 36 - static const struct of_device_id ccp_of_match[]; 37 - 38 - static struct ccp_vdata *ccp_get_of_version(struct platform_device *pdev) 39 - { 40 - #ifdef CONFIG_OF 41 - const struct of_device_id *match; 42 - 43 - match = of_match_node(ccp_of_match, pdev->dev.of_node); 44 - if (match && match->data) 45 - return (struct ccp_vdata *)match->data; 46 - #endif 47 - return NULL; 48 - } 49 - 50 - static struct ccp_vdata *ccp_get_acpi_version(struct platform_device *pdev) 51 - { 52 - #ifdef CONFIG_ACPI 53 - const struct acpi_device_id *match; 54 - 55 - match = acpi_match_device(ccp_acpi_match, &pdev->dev); 56 - if (match && match->driver_data) 57 - return (struct ccp_vdata *)match->driver_data; 58 - #endif 59 - return NULL; 60 - } 61 - 62 - static int ccp_get_irq(struct ccp_device *ccp) 63 - { 64 - struct device *dev = ccp->dev; 65 - struct platform_device *pdev = to_platform_device(dev); 66 - int ret; 67 - 68 - ret = platform_get_irq(pdev, 0); 69 - if (ret < 0) 70 - return ret; 71 - 72 - ccp->irq = ret; 73 - ret = request_irq(ccp->irq, ccp->vdata->perform->irqhandler, 0, 74 - ccp->name, dev); 75 - if (ret) { 76 - dev_notice(dev, "unable to allocate IRQ (%d)\n", ret); 77 - return ret; 78 - } 79 - 80 - return 0; 81 - } 82 - 83 - static int ccp_get_irqs(struct ccp_device *ccp) 84 - { 85 - struct device *dev = ccp->dev; 86 - int ret; 87 - 88 - ret = ccp_get_irq(ccp); 89 - if (!ret) 90 - return 0; 91 - 92 - /* Couldn't get an interrupt */ 93 - dev_notice(dev, "could not enable interrupts (%d)\n", ret); 94 - 95 - return ret; 96 - } 97 - 98 - static void ccp_free_irqs(struct ccp_device *ccp) 99 - { 100 - struct device *dev = ccp->dev; 101 - 102 - free_irq(ccp->irq, dev); 103 - } 104 - 105 - static struct resource *ccp_find_mmio_area(struct ccp_device *ccp) 106 - { 107 - struct device *dev = ccp->dev; 108 - struct platform_device *pdev = to_platform_device(dev); 109 - struct resource *ior; 110 - 111 - ior = platform_get_resource(pdev, IORESOURCE_MEM, 0); 112 - if (ior && (resource_size(ior) >= 0x800)) 113 - return ior; 114 - 115 - return NULL; 116 - } 117 - 118 - static int ccp_platform_probe(struct platform_device *pdev) 119 - { 120 - struct ccp_device *ccp; 121 - struct ccp_platform *ccp_platform; 122 - struct device *dev = &pdev->dev; 123 - enum dev_dma_attr attr; 124 - struct resource *ior; 125 - int ret; 126 - 127 - ret = -ENOMEM; 128 - ccp = ccp_alloc_struct(dev); 129 - if (!ccp) 130 - goto e_err; 131 - 132 - ccp_platform = devm_kzalloc(dev, sizeof(*ccp_platform), GFP_KERNEL); 133 - if (!ccp_platform) 134 - goto e_err; 135 - 136 - ccp->dev_specific = ccp_platform; 137 - ccp->vdata = pdev->dev.of_node ? ccp_get_of_version(pdev) 138 - : ccp_get_acpi_version(pdev); 139 - if (!ccp->vdata || !ccp->vdata->version) { 140 - ret = -ENODEV; 141 - dev_err(dev, "missing driver data\n"); 142 - goto e_err; 143 - } 144 - ccp->get_irq = ccp_get_irqs; 145 - ccp->free_irq = ccp_free_irqs; 146 - 147 - ior = ccp_find_mmio_area(ccp); 148 - ccp->io_map = devm_ioremap_resource(dev, ior); 149 - if (IS_ERR(ccp->io_map)) { 150 - ret = PTR_ERR(ccp->io_map); 151 - goto e_err; 152 - } 153 - ccp->io_regs = ccp->io_map; 154 - 155 - attr = device_get_dma_attr(dev); 156 - if (attr == DEV_DMA_NOT_SUPPORTED) { 157 - dev_err(dev, "DMA is not supported"); 158 - goto e_err; 159 - } 160 - 161 - ccp_platform->coherent = (attr == DEV_DMA_COHERENT); 162 - if (ccp_platform->coherent) 163 - ccp->axcache = CACHE_WB_NO_ALLOC; 164 - else 165 - ccp->axcache = CACHE_NONE; 166 - 167 - ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48)); 168 - if (ret) { 169 - dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", ret); 170 - goto e_err; 171 - } 172 - 173 - dev_set_drvdata(dev, ccp); 174 - 175 - ret = ccp->vdata->perform->init(ccp); 176 - if (ret) 177 - goto e_err; 178 - 179 - dev_notice(dev, "enabled\n"); 180 - 181 - return 0; 182 - 183 - e_err: 184 - dev_notice(dev, "initialization failed\n"); 185 - return ret; 186 - } 187 - 188 - static int ccp_platform_remove(struct platform_device *pdev) 189 - { 190 - struct device *dev = &pdev->dev; 191 - struct ccp_device *ccp = dev_get_drvdata(dev); 192 - 193 - ccp->vdata->perform->destroy(ccp); 194 - 195 - dev_notice(dev, "disabled\n"); 196 - 197 - return 0; 198 - } 199 - 200 - #ifdef CONFIG_PM 201 - static int ccp_platform_suspend(struct platform_device *pdev, 202 - pm_message_t state) 203 - { 204 - struct device *dev = &pdev->dev; 205 - struct ccp_device *ccp = dev_get_drvdata(dev); 206 - unsigned long flags; 207 - unsigned int i; 208 - 209 - spin_lock_irqsave(&ccp->cmd_lock, flags); 210 - 211 - ccp->suspending = 1; 212 - 213 - /* Wake all the queue kthreads to prepare for suspend */ 214 - for (i = 0; i < ccp->cmd_q_count; i++) 215 - wake_up_process(ccp->cmd_q[i].kthread); 216 - 217 - spin_unlock_irqrestore(&ccp->cmd_lock, flags); 218 - 219 - /* Wait for all queue kthreads to say they're done */ 220 - while (!ccp_queues_suspended(ccp)) 221 - wait_event_interruptible(ccp->suspend_queue, 222 - ccp_queues_suspended(ccp)); 223 - 224 - return 0; 225 - } 226 - 227 - static int ccp_platform_resume(struct platform_device *pdev) 228 - { 229 - struct device *dev = &pdev->dev; 230 - struct ccp_device *ccp = dev_get_drvdata(dev); 231 - unsigned long flags; 232 - unsigned int i; 233 - 234 - spin_lock_irqsave(&ccp->cmd_lock, flags); 235 - 236 - ccp->suspending = 0; 237 - 238 - /* Wake up all the kthreads */ 239 - for (i = 0; i < ccp->cmd_q_count; i++) { 240 - ccp->cmd_q[i].suspended = 0; 241 - wake_up_process(ccp->cmd_q[i].kthread); 242 - } 243 - 244 - spin_unlock_irqrestore(&ccp->cmd_lock, flags); 245 - 246 - return 0; 247 - } 248 - #endif 249 - 250 - #ifdef CONFIG_ACPI 251 - static const struct acpi_device_id ccp_acpi_match[] = { 252 - { "AMDI0C00", (kernel_ulong_t)&ccpv3 }, 253 - { }, 254 - }; 255 - MODULE_DEVICE_TABLE(acpi, ccp_acpi_match); 256 - #endif 257 - 258 - #ifdef CONFIG_OF 259 - static const struct of_device_id ccp_of_match[] = { 260 - { .compatible = "amd,ccp-seattle-v1a", 261 - .data = (const void *)&ccpv3 }, 262 - { }, 263 - }; 264 - MODULE_DEVICE_TABLE(of, ccp_of_match); 265 - #endif 266 - 267 - static struct platform_driver ccp_platform_driver = { 268 - .driver = { 269 - .name = "ccp", 270 - #ifdef CONFIG_ACPI 271 - .acpi_match_table = ccp_acpi_match, 272 - #endif 273 - #ifdef CONFIG_OF 274 - .of_match_table = ccp_of_match, 275 - #endif 276 - }, 277 - .probe = ccp_platform_probe, 278 - .remove = ccp_platform_remove, 279 - #ifdef CONFIG_PM 280 - .suspend = ccp_platform_suspend, 281 - .resume = ccp_platform_resume, 282 - #endif 283 - }; 284 - 285 - int ccp_platform_init(void) 286 - { 287 - return platform_driver_register(&ccp_platform_driver); 288 - } 289 - 290 - void ccp_platform_exit(void) 291 - { 292 - platform_driver_unregister(&ccp_platform_driver); 293 - }

+277

drivers/crypto/ccp/sp-dev.c

··· 1 + /* 2 + * AMD Secure Processor driver 3 + * 4 + * Copyright (C) 2017 Advanced Micro Devices, Inc. 5 + * 6 + * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 + * Author: Gary R Hook <gary.hook@amd.com> 8 + * Author: Brijesh Singh <brijesh.singh@amd.com> 9 + * 10 + * This program is free software; you can redistribute it and/or modify 11 + * it under the terms of the GNU General Public License version 2 as 12 + * published by the Free Software Foundation. 13 + */ 14 + 15 + #include <linux/module.h> 16 + #include <linux/kernel.h> 17 + #include <linux/kthread.h> 18 + #include <linux/sched.h> 19 + #include <linux/interrupt.h> 20 + #include <linux/spinlock.h> 21 + #include <linux/spinlock_types.h> 22 + #include <linux/types.h> 23 + #include <linux/ccp.h> 24 + 25 + #include "ccp-dev.h" 26 + #include "sp-dev.h" 27 + 28 + MODULE_AUTHOR("Tom Lendacky <thomas.lendacky@amd.com>"); 29 + MODULE_AUTHOR("Gary R Hook <gary.hook@amd.com>"); 30 + MODULE_LICENSE("GPL"); 31 + MODULE_VERSION("1.1.0"); 32 + MODULE_DESCRIPTION("AMD Secure Processor driver"); 33 + 34 + /* List of SPs, SP count, read-write access lock, and access functions 35 + * 36 + * Lock structure: get sp_unit_lock for reading whenever we need to 37 + * examine the SP list. 38 + */ 39 + static DEFINE_RWLOCK(sp_unit_lock); 40 + static LIST_HEAD(sp_units); 41 + 42 + /* Ever-increasing value to produce unique unit numbers */ 43 + static atomic_t sp_ordinal; 44 + 45 + static void sp_add_device(struct sp_device *sp) 46 + { 47 + unsigned long flags; 48 + 49 + write_lock_irqsave(&sp_unit_lock, flags); 50 + 51 + list_add_tail(&sp->entry, &sp_units); 52 + 53 + write_unlock_irqrestore(&sp_unit_lock, flags); 54 + } 55 + 56 + static void sp_del_device(struct sp_device *sp) 57 + { 58 + unsigned long flags; 59 + 60 + write_lock_irqsave(&sp_unit_lock, flags); 61 + 62 + list_del(&sp->entry); 63 + 64 + write_unlock_irqrestore(&sp_unit_lock, flags); 65 + } 66 + 67 + static irqreturn_t sp_irq_handler(int irq, void *data) 68 + { 69 + struct sp_device *sp = data; 70 + 71 + if (sp->ccp_irq_handler) 72 + sp->ccp_irq_handler(irq, sp->ccp_irq_data); 73 + 74 + if (sp->psp_irq_handler) 75 + sp->psp_irq_handler(irq, sp->psp_irq_data); 76 + 77 + return IRQ_HANDLED; 78 + } 79 + 80 + int sp_request_ccp_irq(struct sp_device *sp, irq_handler_t handler, 81 + const char *name, void *data) 82 + { 83 + int ret; 84 + 85 + if ((sp->psp_irq == sp->ccp_irq) && sp->dev_vdata->psp_vdata) { 86 + /* Need a common routine to manage all interrupts */ 87 + sp->ccp_irq_data = data; 88 + sp->ccp_irq_handler = handler; 89 + 90 + if (!sp->irq_registered) { 91 + ret = request_irq(sp->ccp_irq, sp_irq_handler, 0, 92 + sp->name, sp); 93 + if (ret) 94 + return ret; 95 + 96 + sp->irq_registered = true; 97 + } 98 + } else { 99 + /* Each sub-device can manage it's own interrupt */ 100 + ret = request_irq(sp->ccp_irq, handler, 0, name, data); 101 + if (ret) 102 + return ret; 103 + } 104 + 105 + return 0; 106 + } 107 + 108 + int sp_request_psp_irq(struct sp_device *sp, irq_handler_t handler, 109 + const char *name, void *data) 110 + { 111 + int ret; 112 + 113 + if ((sp->psp_irq == sp->ccp_irq) && sp->dev_vdata->ccp_vdata) { 114 + /* Need a common routine to manage all interrupts */ 115 + sp->psp_irq_data = data; 116 + sp->psp_irq_handler = handler; 117 + 118 + if (!sp->irq_registered) { 119 + ret = request_irq(sp->psp_irq, sp_irq_handler, 0, 120 + sp->name, sp); 121 + if (ret) 122 + return ret; 123 + 124 + sp->irq_registered = true; 125 + } 126 + } else { 127 + /* Each sub-device can manage it's own interrupt */ 128 + ret = request_irq(sp->psp_irq, handler, 0, name, data); 129 + if (ret) 130 + return ret; 131 + } 132 + 133 + return 0; 134 + } 135 + 136 + void sp_free_ccp_irq(struct sp_device *sp, void *data) 137 + { 138 + if ((sp->psp_irq == sp->ccp_irq) && sp->dev_vdata->psp_vdata) { 139 + /* Using common routine to manage all interrupts */ 140 + if (!sp->psp_irq_handler) { 141 + /* Nothing else using it, so free it */ 142 + free_irq(sp->ccp_irq, sp); 143 + 144 + sp->irq_registered = false; 145 + } 146 + 147 + sp->ccp_irq_handler = NULL; 148 + sp->ccp_irq_data = NULL; 149 + } else { 150 + /* Each sub-device can manage it's own interrupt */ 151 + free_irq(sp->ccp_irq, data); 152 + } 153 + } 154 + 155 + void sp_free_psp_irq(struct sp_device *sp, void *data) 156 + { 157 + if ((sp->psp_irq == sp->ccp_irq) && sp->dev_vdata->ccp_vdata) { 158 + /* Using common routine to manage all interrupts */ 159 + if (!sp->ccp_irq_handler) { 160 + /* Nothing else using it, so free it */ 161 + free_irq(sp->psp_irq, sp); 162 + 163 + sp->irq_registered = false; 164 + } 165 + 166 + sp->psp_irq_handler = NULL; 167 + sp->psp_irq_data = NULL; 168 + } else { 169 + /* Each sub-device can manage it's own interrupt */ 170 + free_irq(sp->psp_irq, data); 171 + } 172 + } 173 + 174 + /** 175 + * sp_alloc_struct - allocate and initialize the sp_device struct 176 + * 177 + * @dev: device struct of the SP 178 + */ 179 + struct sp_device *sp_alloc_struct(struct device *dev) 180 + { 181 + struct sp_device *sp; 182 + 183 + sp = devm_kzalloc(dev, sizeof(*sp), GFP_KERNEL); 184 + if (!sp) 185 + return NULL; 186 + 187 + sp->dev = dev; 188 + sp->ord = atomic_inc_return(&sp_ordinal); 189 + snprintf(sp->name, SP_MAX_NAME_LEN, "sp-%u", sp->ord); 190 + 191 + return sp; 192 + } 193 + 194 + int sp_init(struct sp_device *sp) 195 + { 196 + sp_add_device(sp); 197 + 198 + if (sp->dev_vdata->ccp_vdata) 199 + ccp_dev_init(sp); 200 + 201 + return 0; 202 + } 203 + 204 + void sp_destroy(struct sp_device *sp) 205 + { 206 + if (sp->dev_vdata->ccp_vdata) 207 + ccp_dev_destroy(sp); 208 + 209 + sp_del_device(sp); 210 + } 211 + 212 + #ifdef CONFIG_PM 213 + int sp_suspend(struct sp_device *sp, pm_message_t state) 214 + { 215 + int ret; 216 + 217 + if (sp->dev_vdata->ccp_vdata) { 218 + ret = ccp_dev_suspend(sp, state); 219 + if (ret) 220 + return ret; 221 + } 222 + 223 + return 0; 224 + } 225 + 226 + int sp_resume(struct sp_device *sp) 227 + { 228 + int ret; 229 + 230 + if (sp->dev_vdata->ccp_vdata) { 231 + ret = ccp_dev_resume(sp); 232 + if (ret) 233 + return ret; 234 + } 235 + 236 + return 0; 237 + } 238 + #endif 239 + 240 + static int __init sp_mod_init(void) 241 + { 242 + #ifdef CONFIG_X86 243 + int ret; 244 + 245 + ret = sp_pci_init(); 246 + if (ret) 247 + return ret; 248 + 249 + return 0; 250 + #endif 251 + 252 + #ifdef CONFIG_ARM64 253 + int ret; 254 + 255 + ret = sp_platform_init(); 256 + if (ret) 257 + return ret; 258 + 259 + return 0; 260 + #endif 261 + 262 + return -ENODEV; 263 + } 264 + 265 + static void __exit sp_mod_exit(void) 266 + { 267 + #ifdef CONFIG_X86 268 + sp_pci_exit(); 269 + #endif 270 + 271 + #ifdef CONFIG_ARM64 272 + sp_platform_exit(); 273 + #endif 274 + } 275 + 276 + module_init(sp_mod_init); 277 + module_exit(sp_mod_exit);

+133

drivers/crypto/ccp/sp-dev.h

··· 1 + /* 2 + * AMD Secure Processor driver 3 + * 4 + * Copyright (C) 2017 Advanced Micro Devices, Inc. 5 + * 6 + * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 + * Author: Gary R Hook <gary.hook@amd.com> 8 + * Author: Brijesh Singh <brijesh.singh@amd.com> 9 + * 10 + * This program is free software; you can redistribute it and/or modify 11 + * it under the terms of the GNU General Public License version 2 as 12 + * published by the Free Software Foundation. 13 + */ 14 + 15 + #ifndef __SP_DEV_H__ 16 + #define __SP_DEV_H__ 17 + 18 + #include <linux/device.h> 19 + #include <linux/pci.h> 20 + #include <linux/spinlock.h> 21 + #include <linux/mutex.h> 22 + #include <linux/list.h> 23 + #include <linux/wait.h> 24 + #include <linux/dmapool.h> 25 + #include <linux/hw_random.h> 26 + #include <linux/bitops.h> 27 + #include <linux/interrupt.h> 28 + #include <linux/irqreturn.h> 29 + 30 + #define SP_MAX_NAME_LEN 32 31 + 32 + #define CACHE_NONE 0x00 33 + #define CACHE_WB_NO_ALLOC 0xb7 34 + 35 + /* Structure to hold CCP device data */ 36 + struct ccp_device; 37 + struct ccp_vdata { 38 + const unsigned int version; 39 + const unsigned int dma_chan_attr; 40 + void (*setup)(struct ccp_device *); 41 + const struct ccp_actions *perform; 42 + const unsigned int offset; 43 + const unsigned int rsamax; 44 + }; 45 + /* Structure to hold SP device data */ 46 + struct sp_dev_vdata { 47 + const unsigned int bar; 48 + 49 + const struct ccp_vdata *ccp_vdata; 50 + void *psp_vdata; 51 + }; 52 + 53 + struct sp_device { 54 + struct list_head entry; 55 + 56 + struct device *dev; 57 + 58 + struct sp_dev_vdata *dev_vdata; 59 + unsigned int ord; 60 + char name[SP_MAX_NAME_LEN]; 61 + 62 + /* Bus specific device information */ 63 + void *dev_specific; 64 + 65 + /* I/O area used for device communication. */ 66 + void __iomem *io_map; 67 + 68 + /* DMA caching attribute support */ 69 + unsigned int axcache; 70 + 71 + bool irq_registered; 72 + bool use_tasklet; 73 + 74 + unsigned int ccp_irq; 75 + irq_handler_t ccp_irq_handler; 76 + void *ccp_irq_data; 77 + 78 + unsigned int psp_irq; 79 + irq_handler_t psp_irq_handler; 80 + void *psp_irq_data; 81 + 82 + void *ccp_data; 83 + void *psp_data; 84 + }; 85 + 86 + int sp_pci_init(void); 87 + void sp_pci_exit(void); 88 + 89 + int sp_platform_init(void); 90 + void sp_platform_exit(void); 91 + 92 + struct sp_device *sp_alloc_struct(struct device *dev); 93 + 94 + int sp_init(struct sp_device *sp); 95 + void sp_destroy(struct sp_device *sp); 96 + struct sp_device *sp_get_master(void); 97 + 98 + int sp_suspend(struct sp_device *sp, pm_message_t state); 99 + int sp_resume(struct sp_device *sp); 100 + int sp_request_ccp_irq(struct sp_device *sp, irq_handler_t handler, 101 + const char *name, void *data); 102 + void sp_free_ccp_irq(struct sp_device *sp, void *data); 103 + int sp_request_psp_irq(struct sp_device *sp, irq_handler_t handler, 104 + const char *name, void *data); 105 + void sp_free_psp_irq(struct sp_device *sp, void *data); 106 + 107 + #ifdef CONFIG_CRYPTO_DEV_SP_CCP 108 + 109 + int ccp_dev_init(struct sp_device *sp); 110 + void ccp_dev_destroy(struct sp_device *sp); 111 + 112 + int ccp_dev_suspend(struct sp_device *sp, pm_message_t state); 113 + int ccp_dev_resume(struct sp_device *sp); 114 + 115 + #else /* !CONFIG_CRYPTO_DEV_SP_CCP */ 116 + 117 + static inline int ccp_dev_init(struct sp_device *sp) 118 + { 119 + return 0; 120 + } 121 + static inline void ccp_dev_destroy(struct sp_device *sp) { } 122 + 123 + static inline int ccp_dev_suspend(struct sp_device *sp, pm_message_t state) 124 + { 125 + return 0; 126 + } 127 + static inline int ccp_dev_resume(struct sp_device *sp) 128 + { 129 + return 0; 130 + } 131 + #endif /* CONFIG_CRYPTO_DEV_SP_CCP */ 132 + 133 + #endif

+276

drivers/crypto/ccp/sp-pci.c

··· 1 + /* 2 + * AMD Secure Processor device driver 3 + * 4 + * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 5 + * 6 + * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 + * Author: Gary R Hook <gary.hook@amd.com> 8 + * 9 + * This program is free software; you can redistribute it and/or modify 10 + * it under the terms of the GNU General Public License version 2 as 11 + * published by the Free Software Foundation. 12 + */ 13 + 14 + #include <linux/module.h> 15 + #include <linux/kernel.h> 16 + #include <linux/device.h> 17 + #include <linux/pci.h> 18 + #include <linux/pci_ids.h> 19 + #include <linux/dma-mapping.h> 20 + #include <linux/kthread.h> 21 + #include <linux/sched.h> 22 + #include <linux/interrupt.h> 23 + #include <linux/spinlock.h> 24 + #include <linux/delay.h> 25 + #include <linux/ccp.h> 26 + 27 + #include "ccp-dev.h" 28 + 29 + #define MSIX_VECTORS 2 30 + 31 + struct sp_pci { 32 + int msix_count; 33 + struct msix_entry msix_entry[MSIX_VECTORS]; 34 + }; 35 + 36 + static int sp_get_msix_irqs(struct sp_device *sp) 37 + { 38 + struct sp_pci *sp_pci = sp->dev_specific; 39 + struct device *dev = sp->dev; 40 + struct pci_dev *pdev = to_pci_dev(dev); 41 + int v, ret; 42 + 43 + for (v = 0; v < ARRAY_SIZE(sp_pci->msix_entry); v++) 44 + sp_pci->msix_entry[v].entry = v; 45 + 46 + ret = pci_enable_msix_range(pdev, sp_pci->msix_entry, 1, v); 47 + if (ret < 0) 48 + return ret; 49 + 50 + sp_pci->msix_count = ret; 51 + sp->use_tasklet = true; 52 + 53 + sp->psp_irq = sp_pci->msix_entry[0].vector; 54 + sp->ccp_irq = (sp_pci->msix_count > 1) ? sp_pci->msix_entry[1].vector 55 + : sp_pci->msix_entry[0].vector; 56 + return 0; 57 + } 58 + 59 + static int sp_get_msi_irq(struct sp_device *sp) 60 + { 61 + struct device *dev = sp->dev; 62 + struct pci_dev *pdev = to_pci_dev(dev); 63 + int ret; 64 + 65 + ret = pci_enable_msi(pdev); 66 + if (ret) 67 + return ret; 68 + 69 + sp->ccp_irq = pdev->irq; 70 + sp->psp_irq = pdev->irq; 71 + 72 + return 0; 73 + } 74 + 75 + static int sp_get_irqs(struct sp_device *sp) 76 + { 77 + struct device *dev = sp->dev; 78 + int ret; 79 + 80 + ret = sp_get_msix_irqs(sp); 81 + if (!ret) 82 + return 0; 83 + 84 + /* Couldn't get MSI-X vectors, try MSI */ 85 + dev_notice(dev, "could not enable MSI-X (%d), trying MSI\n", ret); 86 + ret = sp_get_msi_irq(sp); 87 + if (!ret) 88 + return 0; 89 + 90 + /* Couldn't get MSI interrupt */ 91 + dev_notice(dev, "could not enable MSI (%d)\n", ret); 92 + 93 + return ret; 94 + } 95 + 96 + static void sp_free_irqs(struct sp_device *sp) 97 + { 98 + struct sp_pci *sp_pci = sp->dev_specific; 99 + struct device *dev = sp->dev; 100 + struct pci_dev *pdev = to_pci_dev(dev); 101 + 102 + if (sp_pci->msix_count) 103 + pci_disable_msix(pdev); 104 + else if (sp->psp_irq) 105 + pci_disable_msi(pdev); 106 + 107 + sp->ccp_irq = 0; 108 + sp->psp_irq = 0; 109 + } 110 + 111 + static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) 112 + { 113 + struct sp_device *sp; 114 + struct sp_pci *sp_pci; 115 + struct device *dev = &pdev->dev; 116 + void __iomem * const *iomap_table; 117 + int bar_mask; 118 + int ret; 119 + 120 + ret = -ENOMEM; 121 + sp = sp_alloc_struct(dev); 122 + if (!sp) 123 + goto e_err; 124 + 125 + sp_pci = devm_kzalloc(dev, sizeof(*sp_pci), GFP_KERNEL); 126 + if (!sp_pci) 127 + goto e_err; 128 + 129 + sp->dev_specific = sp_pci; 130 + sp->dev_vdata = (struct sp_dev_vdata *)id->driver_data; 131 + if (!sp->dev_vdata) { 132 + ret = -ENODEV; 133 + dev_err(dev, "missing driver data\n"); 134 + goto e_err; 135 + } 136 + 137 + ret = pcim_enable_device(pdev); 138 + if (ret) { 139 + dev_err(dev, "pcim_enable_device failed (%d)\n", ret); 140 + goto e_err; 141 + } 142 + 143 + bar_mask = pci_select_bars(pdev, IORESOURCE_MEM); 144 + ret = pcim_iomap_regions(pdev, bar_mask, "ccp"); 145 + if (ret) { 146 + dev_err(dev, "pcim_iomap_regions failed (%d)\n", ret); 147 + goto e_err; 148 + } 149 + 150 + iomap_table = pcim_iomap_table(pdev); 151 + if (!iomap_table) { 152 + dev_err(dev, "pcim_iomap_table failed\n"); 153 + ret = -ENOMEM; 154 + goto e_err; 155 + } 156 + 157 + sp->io_map = iomap_table[sp->dev_vdata->bar]; 158 + if (!sp->io_map) { 159 + dev_err(dev, "ioremap failed\n"); 160 + ret = -ENOMEM; 161 + goto e_err; 162 + } 163 + 164 + ret = sp_get_irqs(sp); 165 + if (ret) 166 + goto e_err; 167 + 168 + pci_set_master(pdev); 169 + 170 + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48)); 171 + if (ret) { 172 + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(32)); 173 + if (ret) { 174 + dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", 175 + ret); 176 + goto e_err; 177 + } 178 + } 179 + 180 + dev_set_drvdata(dev, sp); 181 + 182 + ret = sp_init(sp); 183 + if (ret) 184 + goto e_err; 185 + 186 + dev_notice(dev, "enabled\n"); 187 + 188 + return 0; 189 + 190 + e_err: 191 + dev_notice(dev, "initialization failed\n"); 192 + return ret; 193 + } 194 + 195 + static void sp_pci_remove(struct pci_dev *pdev) 196 + { 197 + struct device *dev = &pdev->dev; 198 + struct sp_device *sp = dev_get_drvdata(dev); 199 + 200 + if (!sp) 201 + return; 202 + 203 + sp_destroy(sp); 204 + 205 + sp_free_irqs(sp); 206 + 207 + dev_notice(dev, "disabled\n"); 208 + } 209 + 210 + #ifdef CONFIG_PM 211 + static int sp_pci_suspend(struct pci_dev *pdev, pm_message_t state) 212 + { 213 + struct device *dev = &pdev->dev; 214 + struct sp_device *sp = dev_get_drvdata(dev); 215 + 216 + return sp_suspend(sp, state); 217 + } 218 + 219 + static int sp_pci_resume(struct pci_dev *pdev) 220 + { 221 + struct device *dev = &pdev->dev; 222 + struct sp_device *sp = dev_get_drvdata(dev); 223 + 224 + return sp_resume(sp); 225 + } 226 + #endif 227 + 228 + static const struct sp_dev_vdata dev_vdata[] = { 229 + { 230 + .bar = 2, 231 + #ifdef CONFIG_CRYPTO_DEV_SP_CCP 232 + .ccp_vdata = &ccpv3, 233 + #endif 234 + }, 235 + { 236 + .bar = 2, 237 + #ifdef CONFIG_CRYPTO_DEV_SP_CCP 238 + .ccp_vdata = &ccpv5a, 239 + #endif 240 + }, 241 + { 242 + .bar = 2, 243 + #ifdef CONFIG_CRYPTO_DEV_SP_CCP 244 + .ccp_vdata = &ccpv5b, 245 + #endif 246 + }, 247 + }; 248 + static const struct pci_device_id sp_pci_table[] = { 249 + { PCI_VDEVICE(AMD, 0x1537), (kernel_ulong_t)&dev_vdata[0] }, 250 + { PCI_VDEVICE(AMD, 0x1456), (kernel_ulong_t)&dev_vdata[1] }, 251 + { PCI_VDEVICE(AMD, 0x1468), (kernel_ulong_t)&dev_vdata[2] }, 252 + /* Last entry must be zero */ 253 + { 0, } 254 + }; 255 + MODULE_DEVICE_TABLE(pci, sp_pci_table); 256 + 257 + static struct pci_driver sp_pci_driver = { 258 + .name = "ccp", 259 + .id_table = sp_pci_table, 260 + .probe = sp_pci_probe, 261 + .remove = sp_pci_remove, 262 + #ifdef CONFIG_PM 263 + .suspend = sp_pci_suspend, 264 + .resume = sp_pci_resume, 265 + #endif 266 + }; 267 + 268 + int sp_pci_init(void) 269 + { 270 + return pci_register_driver(&sp_pci_driver); 271 + } 272 + 273 + void sp_pci_exit(void) 274 + { 275 + pci_unregister_driver(&sp_pci_driver); 276 + }

+256

drivers/crypto/ccp/sp-platform.c

··· 1 + /* 2 + * AMD Secure Processor device driver 3 + * 4 + * Copyright (C) 2014,2016 Advanced Micro Devices, Inc. 5 + * 6 + * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 + * 8 + * This program is free software; you can redistribute it and/or modify 9 + * it under the terms of the GNU General Public License version 2 as 10 + * published by the Free Software Foundation. 11 + */ 12 + 13 + #include <linux/module.h> 14 + #include <linux/kernel.h> 15 + #include <linux/device.h> 16 + #include <linux/platform_device.h> 17 + #include <linux/ioport.h> 18 + #include <linux/dma-mapping.h> 19 + #include <linux/kthread.h> 20 + #include <linux/sched.h> 21 + #include <linux/interrupt.h> 22 + #include <linux/spinlock.h> 23 + #include <linux/delay.h> 24 + #include <linux/ccp.h> 25 + #include <linux/of.h> 26 + #include <linux/of_address.h> 27 + #include <linux/acpi.h> 28 + 29 + #include "ccp-dev.h" 30 + 31 + struct sp_platform { 32 + int coherent; 33 + unsigned int irq_count; 34 + }; 35 + 36 + static const struct acpi_device_id sp_acpi_match[]; 37 + static const struct of_device_id sp_of_match[]; 38 + 39 + static struct sp_dev_vdata *sp_get_of_version(struct platform_device *pdev) 40 + { 41 + #ifdef CONFIG_OF 42 + const struct of_device_id *match; 43 + 44 + match = of_match_node(sp_of_match, pdev->dev.of_node); 45 + if (match && match->data) 46 + return (struct sp_dev_vdata *)match->data; 47 + #endif 48 + return NULL; 49 + } 50 + 51 + static struct sp_dev_vdata *sp_get_acpi_version(struct platform_device *pdev) 52 + { 53 + #ifdef CONFIG_ACPI 54 + const struct acpi_device_id *match; 55 + 56 + match = acpi_match_device(sp_acpi_match, &pdev->dev); 57 + if (match && match->driver_data) 58 + return (struct sp_dev_vdata *)match->driver_data; 59 + #endif 60 + return NULL; 61 + } 62 + 63 + static int sp_get_irqs(struct sp_device *sp) 64 + { 65 + struct sp_platform *sp_platform = sp->dev_specific; 66 + struct device *dev = sp->dev; 67 + struct platform_device *pdev = to_platform_device(dev); 68 + unsigned int i, count; 69 + int ret; 70 + 71 + for (i = 0, count = 0; i < pdev->num_resources; i++) { 72 + struct resource *res = &pdev->resource[i]; 73 + 74 + if (resource_type(res) == IORESOURCE_IRQ) 75 + count++; 76 + } 77 + 78 + sp_platform->irq_count = count; 79 + 80 + ret = platform_get_irq(pdev, 0); 81 + if (ret < 0) { 82 + dev_notice(dev, "unable to get IRQ (%d)\n", ret); 83 + return ret; 84 + } 85 + 86 + sp->psp_irq = ret; 87 + if (count == 1) { 88 + sp->ccp_irq = ret; 89 + } else { 90 + ret = platform_get_irq(pdev, 1); 91 + if (ret < 0) { 92 + dev_notice(dev, "unable to get IRQ (%d)\n", ret); 93 + return ret; 94 + } 95 + 96 + sp->ccp_irq = ret; 97 + } 98 + 99 + return 0; 100 + } 101 + 102 + static int sp_platform_probe(struct platform_device *pdev) 103 + { 104 + struct sp_device *sp; 105 + struct sp_platform *sp_platform; 106 + struct device *dev = &pdev->dev; 107 + enum dev_dma_attr attr; 108 + struct resource *ior; 109 + int ret; 110 + 111 + ret = -ENOMEM; 112 + sp = sp_alloc_struct(dev); 113 + if (!sp) 114 + goto e_err; 115 + 116 + sp_platform = devm_kzalloc(dev, sizeof(*sp_platform), GFP_KERNEL); 117 + if (!sp_platform) 118 + goto e_err; 119 + 120 + sp->dev_specific = sp_platform; 121 + sp->dev_vdata = pdev->dev.of_node ? sp_get_of_version(pdev) 122 + : sp_get_acpi_version(pdev); 123 + if (!sp->dev_vdata) { 124 + ret = -ENODEV; 125 + dev_err(dev, "missing driver data\n"); 126 + goto e_err; 127 + } 128 + 129 + ior = platform_get_resource(pdev, IORESOURCE_MEM, 0); 130 + sp->io_map = devm_ioremap_resource(dev, ior); 131 + if (IS_ERR(sp->io_map)) { 132 + ret = PTR_ERR(sp->io_map); 133 + goto e_err; 134 + } 135 + 136 + attr = device_get_dma_attr(dev); 137 + if (attr == DEV_DMA_NOT_SUPPORTED) { 138 + dev_err(dev, "DMA is not supported"); 139 + goto e_err; 140 + } 141 + 142 + sp_platform->coherent = (attr == DEV_DMA_COHERENT); 143 + if (sp_platform->coherent) 144 + sp->axcache = CACHE_WB_NO_ALLOC; 145 + else 146 + sp->axcache = CACHE_NONE; 147 + 148 + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48)); 149 + if (ret) { 150 + dev_err(dev, "dma_set_mask_and_coherent failed (%d)\n", ret); 151 + goto e_err; 152 + } 153 + 154 + ret = sp_get_irqs(sp); 155 + if (ret) 156 + goto e_err; 157 + 158 + dev_set_drvdata(dev, sp); 159 + 160 + ret = sp_init(sp); 161 + if (ret) 162 + goto e_err; 163 + 164 + dev_notice(dev, "enabled\n"); 165 + 166 + return 0; 167 + 168 + e_err: 169 + dev_notice(dev, "initialization failed\n"); 170 + return ret; 171 + } 172 + 173 + static int sp_platform_remove(struct platform_device *pdev) 174 + { 175 + struct device *dev = &pdev->dev; 176 + struct sp_device *sp = dev_get_drvdata(dev); 177 + 178 + sp_destroy(sp); 179 + 180 + dev_notice(dev, "disabled\n"); 181 + 182 + return 0; 183 + } 184 + 185 + #ifdef CONFIG_PM 186 + static int sp_platform_suspend(struct platform_device *pdev, 187 + pm_message_t state) 188 + { 189 + struct device *dev = &pdev->dev; 190 + struct sp_device *sp = dev_get_drvdata(dev); 191 + 192 + return sp_suspend(sp, state); 193 + } 194 + 195 + static int sp_platform_resume(struct platform_device *pdev) 196 + { 197 + struct device *dev = &pdev->dev; 198 + struct sp_device *sp = dev_get_drvdata(dev); 199 + 200 + return sp_resume(sp); 201 + } 202 + #endif 203 + 204 + static const struct sp_dev_vdata dev_vdata[] = { 205 + { 206 + .bar = 0, 207 + #ifdef CONFIG_CRYPTO_DEV_SP_CCP 208 + .ccp_vdata = &ccpv3_platform, 209 + #endif 210 + }, 211 + }; 212 + 213 + #ifdef CONFIG_ACPI 214 + static const struct acpi_device_id sp_acpi_match[] = { 215 + { "AMDI0C00", (kernel_ulong_t)&dev_vdata[0] }, 216 + { }, 217 + }; 218 + MODULE_DEVICE_TABLE(acpi, sp_acpi_match); 219 + #endif 220 + 221 + #ifdef CONFIG_OF 222 + static const struct of_device_id sp_of_match[] = { 223 + { .compatible = "amd,ccp-seattle-v1a", 224 + .data = (const void *)&dev_vdata[0] }, 225 + { }, 226 + }; 227 + MODULE_DEVICE_TABLE(of, sp_of_match); 228 + #endif 229 + 230 + static struct platform_driver sp_platform_driver = { 231 + .driver = { 232 + .name = "ccp", 233 + #ifdef CONFIG_ACPI 234 + .acpi_match_table = sp_acpi_match, 235 + #endif 236 + #ifdef CONFIG_OF 237 + .of_match_table = sp_of_match, 238 + #endif 239 + }, 240 + .probe = sp_platform_probe, 241 + .remove = sp_platform_remove, 242 + #ifdef CONFIG_PM 243 + .suspend = sp_platform_suspend, 244 + .resume = sp_platform_resume, 245 + #endif 246 + }; 247 + 248 + int sp_platform_init(void) 249 + { 250 + return platform_driver_register(&sp_platform_driver); 251 + } 252 + 253 + void sp_platform_exit(void) 254 + { 255 + platform_driver_unregister(&sp_platform_driver); 256 + }

+10 -7

drivers/crypto/geode-aes.c

··· 1 1 /* Copyright (C) 2004-2006, Advanced Micro Devices, Inc. 2 - * 3 - * This program is free software; you can redistribute it and/or modify 4 - * it under the terms of the GNU General Public License as published by 5 - * the Free Software Foundation; either version 2 of the License, or 6 - * (at your option) any later version. 7 - */ 2 + * 3 + * This program is free software; you can redistribute it and/or modify 4 + * it under the terms of the GNU General Public License as published by 5 + * the Free Software Foundation; either version 2 of the License, or 6 + * (at your option) any later version. 7 + */ 8 8 9 9 #include <linux/module.h> 10 10 #include <linux/kernel.h> ··· 30 30 _writefield(u32 offset, void *value) 31 31 { 32 32 int i; 33 + 33 34 for (i = 0; i < 4; i++) 34 35 iowrite32(((u32 *) value)[i], _iobase + offset + (i * 4)); 35 36 } ··· 40 39 _readfield(u32 offset, void *value) 41 40 { 42 41 int i; 42 + 43 43 for (i = 0; i < 4; i++) 44 44 ((u32 *) value)[i] = ioread32(_iobase + offset + (i * 4)); 45 45 } ··· 517 515 static int geode_aes_probe(struct pci_dev *dev, const struct pci_device_id *id) 518 516 { 519 517 int ret; 518 + 520 519 ret = pci_enable_device(dev); 521 520 if (ret) 522 521 return ret; ··· 573 570 } 574 571 575 572 static struct pci_device_id geode_aes_tbl[] = { 576 - { PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_LX_AES), } , 573 + { PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_LX_AES), }, 577 574 { 0, } 578 575 }; 579 576

+1 -1

drivers/crypto/img-hash.c

··· 1054 1054 1055 1055 static int img_hash_remove(struct platform_device *pdev) 1056 1056 { 1057 - static struct img_hash_dev *hdev; 1057 + struct img_hash_dev *hdev; 1058 1058 1059 1059 hdev = platform_get_drvdata(pdev); 1060 1060 spin_lock(&img_hash.lock);

+3 -2

drivers/crypto/inside-secure/safexcel.c

··· 839 839 snprintf(irq_name, 6, "ring%d", i); 840 840 irq = safexcel_request_ring_irq(pdev, irq_name, safexcel_irq_ring, 841 841 ring_irq); 842 - 843 - if (irq < 0) 842 + if (irq < 0) { 843 + ret = irq; 844 844 goto err_clk; 845 + } 845 846 846 847 priv->ring[i].work_data.priv = priv; 847 848 priv->ring[i].work_data.ring = i;

+1 -1

drivers/crypto/mediatek/mtk-platform.c

··· 500 500 cryp->irq[i] = platform_get_irq(pdev, i); 501 501 if (cryp->irq[i] < 0) { 502 502 dev_err(cryp->dev, "no IRQ:%d resource info\n", i); 503 - return -ENXIO; 503 + return cryp->irq[i]; 504 504 } 505 505 } 506 506

+2 -2

drivers/crypto/mxc-scc.c

··· 708 708 for (i = 0; i < 2; i++) { 709 709 irq = platform_get_irq(pdev, i); 710 710 if (irq < 0) { 711 - dev_err(dev, "failed to get irq resource\n"); 712 - ret = -EINVAL; 711 + dev_err(dev, "failed to get irq resource: %d\n", irq); 712 + ret = irq; 713 713 goto err_out; 714 714 } 715 715

+6 -2

drivers/crypto/mxs-dcp.c

··· 908 908 909 909 iores = platform_get_resource(pdev, IORESOURCE_MEM, 0); 910 910 dcp_vmi_irq = platform_get_irq(pdev, 0); 911 - if (dcp_vmi_irq < 0) 911 + if (dcp_vmi_irq < 0) { 912 + dev_err(dev, "Failed to get IRQ: (%d)!\n", dcp_vmi_irq); 912 913 return dcp_vmi_irq; 914 + } 913 915 914 916 dcp_irq = platform_get_irq(pdev, 1); 915 - if (dcp_irq < 0) 917 + if (dcp_irq < 0) { 918 + dev_err(dev, "Failed to get IRQ: (%d)!\n", dcp_irq); 916 919 return dcp_irq; 920 + } 917 921 918 922 sdcp = devm_kzalloc(dev, sizeof(*sdcp), GFP_KERNEL); 919 923 if (!sdcp)

+28 -32

drivers/crypto/n2_core.c

··· 1730 1730 continue; 1731 1731 id = mdesc_get_property(mdesc, tgt, "id", NULL); 1732 1732 if (table[*id] != NULL) { 1733 - dev_err(&dev->dev, "%s: SPU cpu slot already set.\n", 1734 - dev->dev.of_node->full_name); 1733 + dev_err(&dev->dev, "%pOF: SPU cpu slot already set.\n", 1734 + dev->dev.of_node); 1735 1735 return -EINVAL; 1736 1736 } 1737 1737 cpumask_set_cpu(*id, &p->sharing); ··· 1751 1751 1752 1752 p = kzalloc(sizeof(struct spu_queue), GFP_KERNEL); 1753 1753 if (!p) { 1754 - dev_err(&dev->dev, "%s: Could not allocate SPU queue.\n", 1755 - dev->dev.of_node->full_name); 1754 + dev_err(&dev->dev, "%pOF: Could not allocate SPU queue.\n", 1755 + dev->dev.of_node); 1756 1756 return -ENOMEM; 1757 1757 } 1758 1758 ··· 1981 1981 static int n2_crypto_probe(struct platform_device *dev) 1982 1982 { 1983 1983 struct mdesc_handle *mdesc; 1984 - const char *full_name; 1985 1984 struct n2_crypto *np; 1986 1985 int err; 1987 1986 1988 1987 n2_spu_driver_version(); 1989 1988 1990 - full_name = dev->dev.of_node->full_name; 1991 - pr_info("Found N2CP at %s\n", full_name); 1989 + pr_info("Found N2CP at %pOF\n", dev->dev.of_node); 1992 1990 1993 1991 np = alloc_n2cp(); 1994 1992 if (!np) { 1995 - dev_err(&dev->dev, "%s: Unable to allocate n2cp.\n", 1996 - full_name); 1993 + dev_err(&dev->dev, "%pOF: Unable to allocate n2cp.\n", 1994 + dev->dev.of_node); 1997 1995 return -ENOMEM; 1998 1996 } 1999 1997 2000 1998 err = grab_global_resources(); 2001 1999 if (err) { 2002 - dev_err(&dev->dev, "%s: Unable to grab " 2003 - "global resources.\n", full_name); 2000 + dev_err(&dev->dev, "%pOF: Unable to grab global resources.\n", 2001 + dev->dev.of_node); 2004 2002 goto out_free_n2cp; 2005 2003 } 2006 2004 2007 2005 mdesc = mdesc_grab(); 2008 2006 2009 2007 if (!mdesc) { 2010 - dev_err(&dev->dev, "%s: Unable to grab MDESC.\n", 2011 - full_name); 2008 + dev_err(&dev->dev, "%pOF: Unable to grab MDESC.\n", 2009 + dev->dev.of_node); 2012 2010 err = -ENODEV; 2013 2011 goto out_free_global; 2014 2012 } 2015 2013 err = grab_mdesc_irq_props(mdesc, dev, &np->cwq_info, "n2cp"); 2016 2014 if (err) { 2017 - dev_err(&dev->dev, "%s: Unable to grab IRQ props.\n", 2018 - full_name); 2015 + dev_err(&dev->dev, "%pOF: Unable to grab IRQ props.\n", 2016 + dev->dev.of_node); 2019 2017 mdesc_release(mdesc); 2020 2018 goto out_free_global; 2021 2019 } ··· 2024 2026 mdesc_release(mdesc); 2025 2027 2026 2028 if (err) { 2027 - dev_err(&dev->dev, "%s: CWQ MDESC scan failed.\n", 2028 - full_name); 2029 + dev_err(&dev->dev, "%pOF: CWQ MDESC scan failed.\n", 2030 + dev->dev.of_node); 2029 2031 goto out_free_global; 2030 2032 } 2031 2033 2032 2034 err = n2_register_algs(); 2033 2035 if (err) { 2034 - dev_err(&dev->dev, "%s: Unable to register algorithms.\n", 2035 - full_name); 2036 + dev_err(&dev->dev, "%pOF: Unable to register algorithms.\n", 2037 + dev->dev.of_node); 2036 2038 goto out_free_spu_list; 2037 2039 } 2038 2040 ··· 2090 2092 static int n2_mau_probe(struct platform_device *dev) 2091 2093 { 2092 2094 struct mdesc_handle *mdesc; 2093 - const char *full_name; 2094 2095 struct n2_mau *mp; 2095 2096 int err; 2096 2097 2097 2098 n2_spu_driver_version(); 2098 2099 2099 - full_name = dev->dev.of_node->full_name; 2100 - pr_info("Found NCP at %s\n", full_name); 2100 + pr_info("Found NCP at %pOF\n", dev->dev.of_node); 2101 2101 2102 2102 mp = alloc_ncp(); 2103 2103 if (!mp) { 2104 - dev_err(&dev->dev, "%s: Unable to allocate ncp.\n", 2105 - full_name); 2104 + dev_err(&dev->dev, "%pOF: Unable to allocate ncp.\n", 2105 + dev->dev.of_node); 2106 2106 return -ENOMEM; 2107 2107 } 2108 2108 2109 2109 err = grab_global_resources(); 2110 2110 if (err) { 2111 - dev_err(&dev->dev, "%s: Unable to grab " 2112 - "global resources.\n", full_name); 2111 + dev_err(&dev->dev, "%pOF: Unable to grab global resources.\n", 2112 + dev->dev.of_node); 2113 2113 goto out_free_ncp; 2114 2114 } 2115 2115 2116 2116 mdesc = mdesc_grab(); 2117 2117 2118 2118 if (!mdesc) { 2119 - dev_err(&dev->dev, "%s: Unable to grab MDESC.\n", 2120 - full_name); 2119 + dev_err(&dev->dev, "%pOF: Unable to grab MDESC.\n", 2120 + dev->dev.of_node); 2121 2121 err = -ENODEV; 2122 2122 goto out_free_global; 2123 2123 } 2124 2124 2125 2125 err = grab_mdesc_irq_props(mdesc, dev, &mp->mau_info, "ncp"); 2126 2126 if (err) { 2127 - dev_err(&dev->dev, "%s: Unable to grab IRQ props.\n", 2128 - full_name); 2127 + dev_err(&dev->dev, "%pOF: Unable to grab IRQ props.\n", 2128 + dev->dev.of_node); 2129 2129 mdesc_release(mdesc); 2130 2130 goto out_free_global; 2131 2131 } ··· 2134 2138 mdesc_release(mdesc); 2135 2139 2136 2140 if (err) { 2137 - dev_err(&dev->dev, "%s: MAU MDESC scan failed.\n", 2138 - full_name); 2141 + dev_err(&dev->dev, "%pOF: MAU MDESC scan failed.\n", 2142 + dev->dev.of_node); 2139 2143 goto out_free_global; 2140 2144 } 2141 2145

+1

drivers/crypto/omap-aes.c

··· 1095 1095 irq = platform_get_irq(pdev, 0); 1096 1096 if (irq < 0) { 1097 1097 dev_err(dev, "can't get IRQ resource\n"); 1098 + err = irq; 1098 1099 goto err_irq; 1099 1100 } 1100 1101

+2 -1

drivers/crypto/omap-des.c

··· 1023 1023 1024 1024 irq = platform_get_irq(pdev, 0); 1025 1025 if (irq < 0) { 1026 - dev_err(dev, "can't get IRQ resource\n"); 1026 + dev_err(dev, "can't get IRQ resource: %d\n", irq); 1027 + err = irq; 1027 1028 goto err_irq; 1028 1029 } 1029 1030

+1 -1

drivers/crypto/omap-sham.c

··· 2133 2133 2134 2134 static int omap_sham_remove(struct platform_device *pdev) 2135 2135 { 2136 - static struct omap_sham_dev *dd; 2136 + struct omap_sham_dev *dd; 2137 2137 int i, j; 2138 2138 2139 2139 dd = platform_get_drvdata(pdev);

+1 -1

drivers/crypto/qat/qat_common/adf_aer.c

··· 208 208 static void adf_resume(struct pci_dev *pdev) 209 209 { 210 210 dev_info(&pdev->dev, "Acceleration driver reset completed\n"); 211 - dev_info(&pdev->dev, "Device is up and runnig\n"); 211 + dev_info(&pdev->dev, "Device is up and running\n"); 212 212 } 213 213 214 214 static const struct pci_error_handlers adf_err_handler = {

+56 -18

drivers/crypto/rockchip/rk3288_crypto.c

··· 169 169 { 170 170 struct rk_crypto_info *dev = platform_get_drvdata(dev_id); 171 171 u32 interrupt_status; 172 - int err = 0; 173 172 174 173 spin_lock(&dev->lock); 175 174 interrupt_status = CRYPTO_READ(dev, RK_CRYPTO_INTSTS); 176 175 CRYPTO_WRITE(dev, RK_CRYPTO_INTSTS, interrupt_status); 176 + 177 177 if (interrupt_status & 0x0a) { 178 178 dev_warn(dev->dev, "DMA Error\n"); 179 - err = -EFAULT; 180 - } else if (interrupt_status & 0x05) { 181 - err = dev->update(dev); 179 + dev->err = -EFAULT; 182 180 } 183 - if (err) 184 - dev->complete(dev, err); 181 + tasklet_schedule(&dev->done_task); 182 + 185 183 spin_unlock(&dev->lock); 186 184 return IRQ_HANDLED; 187 185 } 188 186 189 - static void rk_crypto_tasklet_cb(unsigned long data) 187 + static int rk_crypto_enqueue(struct rk_crypto_info *dev, 188 + struct crypto_async_request *async_req) 189 + { 190 + unsigned long flags; 191 + int ret; 192 + 193 + spin_lock_irqsave(&dev->lock, flags); 194 + ret = crypto_enqueue_request(&dev->queue, async_req); 195 + if (dev->busy) { 196 + spin_unlock_irqrestore(&dev->lock, flags); 197 + return ret; 198 + } 199 + dev->busy = true; 200 + spin_unlock_irqrestore(&dev->lock, flags); 201 + tasklet_schedule(&dev->queue_task); 202 + 203 + return ret; 204 + } 205 + 206 + static void rk_crypto_queue_task_cb(unsigned long data) 190 207 { 191 208 struct rk_crypto_info *dev = (struct rk_crypto_info *)data; 192 209 struct crypto_async_request *async_req, *backlog; 193 210 unsigned long flags; 194 211 int err = 0; 195 212 213 + dev->err = 0; 196 214 spin_lock_irqsave(&dev->lock, flags); 197 215 backlog = crypto_get_backlog(&dev->queue); 198 216 async_req = crypto_dequeue_request(&dev->queue); 199 - spin_unlock_irqrestore(&dev->lock, flags); 217 + 200 218 if (!async_req) { 201 - dev_err(dev->dev, "async_req is NULL !!\n"); 219 + dev->busy = false; 220 + spin_unlock_irqrestore(&dev->lock, flags); 202 221 return; 203 222 } 223 + spin_unlock_irqrestore(&dev->lock, flags); 224 + 204 225 if (backlog) { 205 226 backlog->complete(backlog, -EINPROGRESS); 206 227 backlog = NULL; 207 228 } 208 229 209 - if (crypto_tfm_alg_type(async_req->tfm) == CRYPTO_ALG_TYPE_ABLKCIPHER) 210 - dev->ablk_req = ablkcipher_request_cast(async_req); 211 - else 212 - dev->ahash_req = ahash_request_cast(async_req); 230 + dev->async_req = async_req; 213 231 err = dev->start(dev); 214 232 if (err) 215 - dev->complete(dev, err); 233 + dev->complete(dev->async_req, err); 234 + } 235 + 236 + static void rk_crypto_done_task_cb(unsigned long data) 237 + { 238 + struct rk_crypto_info *dev = (struct rk_crypto_info *)data; 239 + 240 + if (dev->err) { 241 + dev->complete(dev->async_req, dev->err); 242 + return; 243 + } 244 + 245 + dev->err = dev->update(dev); 246 + if (dev->err) 247 + dev->complete(dev->async_req, dev->err); 216 248 } 217 249 218 250 static struct rk_crypto_tmp *rk_cipher_algs[] = { ··· 393 361 crypto_info->dev = &pdev->dev; 394 362 platform_set_drvdata(pdev, crypto_info); 395 363 396 - tasklet_init(&crypto_info->crypto_tasklet, 397 - rk_crypto_tasklet_cb, (unsigned long)crypto_info); 364 + tasklet_init(&crypto_info->queue_task, 365 + rk_crypto_queue_task_cb, (unsigned long)crypto_info); 366 + tasklet_init(&crypto_info->done_task, 367 + rk_crypto_done_task_cb, (unsigned long)crypto_info); 398 368 crypto_init_queue(&crypto_info->queue, 50); 399 369 400 370 crypto_info->enable_clk = rk_crypto_enable_clk; 401 371 crypto_info->disable_clk = rk_crypto_disable_clk; 402 372 crypto_info->load_data = rk_load_data; 403 373 crypto_info->unload_data = rk_unload_data; 374 + crypto_info->enqueue = rk_crypto_enqueue; 375 + crypto_info->busy = false; 404 376 405 377 err = rk_crypto_register(crypto_info); 406 378 if (err) { ··· 416 380 return 0; 417 381 418 382 err_register_alg: 419 - tasklet_kill(&crypto_info->crypto_tasklet); 383 + tasklet_kill(&crypto_info->queue_task); 384 + tasklet_kill(&crypto_info->done_task); 420 385 err_crypto: 421 386 return err; 422 387 } ··· 427 390 struct rk_crypto_info *crypto_tmp = platform_get_drvdata(pdev); 428 391 429 392 rk_crypto_unregister(); 430 - tasklet_kill(&crypto_tmp->crypto_tasklet); 393 + tasklet_kill(&crypto_tmp->done_task); 394 + tasklet_kill(&crypto_tmp->queue_task); 431 395 return 0; 432 396 } 433 397

+10 -5

drivers/crypto/rockchip/rk3288_crypto.h

··· 190 190 void __iomem *reg; 191 191 int irq; 192 192 struct crypto_queue queue; 193 - struct tasklet_struct crypto_tasklet; 194 - struct ablkcipher_request *ablk_req; 195 - struct ahash_request *ahash_req; 193 + struct tasklet_struct queue_task; 194 + struct tasklet_struct done_task; 195 + struct crypto_async_request *async_req; 196 + int err; 196 197 /* device lock */ 197 198 spinlock_t lock; 198 199 ··· 209 208 size_t nents; 210 209 unsigned int total; 211 210 unsigned int count; 212 - u32 mode; 213 211 dma_addr_t addr_in; 214 212 dma_addr_t addr_out; 213 + bool busy; 215 214 int (*start)(struct rk_crypto_info *dev); 216 215 int (*update)(struct rk_crypto_info *dev); 217 - void (*complete)(struct rk_crypto_info *dev, int err); 216 + void (*complete)(struct crypto_async_request *base, int err); 218 217 int (*enable_clk)(struct rk_crypto_info *dev); 219 218 void (*disable_clk)(struct rk_crypto_info *dev); 220 219 int (*load_data)(struct rk_crypto_info *dev, 221 220 struct scatterlist *sg_src, 222 221 struct scatterlist *sg_dst); 223 222 void (*unload_data)(struct rk_crypto_info *dev); 223 + int (*enqueue)(struct rk_crypto_info *dev, 224 + struct crypto_async_request *async_req); 224 225 }; 225 226 226 227 /* the private variable of hash */ ··· 235 232 /* the privete variable of hash for fallback */ 236 233 struct rk_ahash_rctx { 237 234 struct ahash_request fallback_req; 235 + u32 mode; 238 236 }; 239 237 240 238 /* the private variable of cipher */ 241 239 struct rk_cipher_ctx { 242 240 struct rk_crypto_info *dev; 243 241 unsigned int keylen; 242 + u32 mode; 244 243 }; 245 244 246 245 enum alg_type {

+50 -53

drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c

··· 15 15 16 16 #define RK_CRYPTO_DEC BIT(0) 17 17 18 - static void rk_crypto_complete(struct rk_crypto_info *dev, int err) 18 + static void rk_crypto_complete(struct crypto_async_request *base, int err) 19 19 { 20 - if (dev->ablk_req->base.complete) 21 - dev->ablk_req->base.complete(&dev->ablk_req->base, err); 20 + if (base->complete) 21 + base->complete(base, err); 22 22 } 23 23 24 24 static int rk_handle_req(struct rk_crypto_info *dev, 25 25 struct ablkcipher_request *req) 26 26 { 27 - unsigned long flags; 28 - int err; 29 - 30 27 if (!IS_ALIGNED(req->nbytes, dev->align_size)) 31 28 return -EINVAL; 32 - 33 - dev->left_bytes = req->nbytes; 34 - dev->total = req->nbytes; 35 - dev->sg_src = req->src; 36 - dev->first = req->src; 37 - dev->nents = sg_nents(req->src); 38 - dev->sg_dst = req->dst; 39 - dev->aligned = 1; 40 - dev->ablk_req = req; 41 - 42 - spin_lock_irqsave(&dev->lock, flags); 43 - err = ablkcipher_enqueue_request(&dev->queue, req); 44 - spin_unlock_irqrestore(&dev->lock, flags); 45 - tasklet_schedule(&dev->crypto_tasklet); 46 - return err; 29 + else 30 + return dev->enqueue(dev, &req->base); 47 31 } 48 32 49 33 static int rk_aes_setkey(struct crypto_ablkcipher *cipher, ··· 77 93 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 78 94 struct rk_crypto_info *dev = ctx->dev; 79 95 80 - dev->mode = RK_CRYPTO_AES_ECB_MODE; 96 + ctx->mode = RK_CRYPTO_AES_ECB_MODE; 81 97 return rk_handle_req(dev, req); 82 98 } 83 99 ··· 87 103 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 88 104 struct rk_crypto_info *dev = ctx->dev; 89 105 90 - dev->mode = RK_CRYPTO_AES_ECB_MODE | RK_CRYPTO_DEC; 106 + ctx->mode = RK_CRYPTO_AES_ECB_MODE | RK_CRYPTO_DEC; 91 107 return rk_handle_req(dev, req); 92 108 } 93 109 ··· 97 113 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 98 114 struct rk_crypto_info *dev = ctx->dev; 99 115 100 - dev->mode = RK_CRYPTO_AES_CBC_MODE; 116 + ctx->mode = RK_CRYPTO_AES_CBC_MODE; 101 117 return rk_handle_req(dev, req); 102 118 } 103 119 ··· 107 123 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 108 124 struct rk_crypto_info *dev = ctx->dev; 109 125 110 - dev->mode = RK_CRYPTO_AES_CBC_MODE | RK_CRYPTO_DEC; 126 + ctx->mode = RK_CRYPTO_AES_CBC_MODE | RK_CRYPTO_DEC; 111 127 return rk_handle_req(dev, req); 112 128 } 113 129 ··· 117 133 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 118 134 struct rk_crypto_info *dev = ctx->dev; 119 135 120 - dev->mode = 0; 136 + ctx->mode = 0; 121 137 return rk_handle_req(dev, req); 122 138 } 123 139 ··· 127 143 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 128 144 struct rk_crypto_info *dev = ctx->dev; 129 145 130 - dev->mode = RK_CRYPTO_DEC; 146 + ctx->mode = RK_CRYPTO_DEC; 131 147 return rk_handle_req(dev, req); 132 148 } 133 149 ··· 137 153 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 138 154 struct rk_crypto_info *dev = ctx->dev; 139 155 140 - dev->mode = RK_CRYPTO_TDES_CHAINMODE_CBC; 156 + ctx->mode = RK_CRYPTO_TDES_CHAINMODE_CBC; 141 157 return rk_handle_req(dev, req); 142 158 } 143 159 ··· 147 163 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 148 164 struct rk_crypto_info *dev = ctx->dev; 149 165 150 - dev->mode = RK_CRYPTO_TDES_CHAINMODE_CBC | RK_CRYPTO_DEC; 166 + ctx->mode = RK_CRYPTO_TDES_CHAINMODE_CBC | RK_CRYPTO_DEC; 151 167 return rk_handle_req(dev, req); 152 168 } 153 169 ··· 157 173 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 158 174 struct rk_crypto_info *dev = ctx->dev; 159 175 160 - dev->mode = RK_CRYPTO_TDES_SELECT; 176 + ctx->mode = RK_CRYPTO_TDES_SELECT; 161 177 return rk_handle_req(dev, req); 162 178 } 163 179 ··· 167 183 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 168 184 struct rk_crypto_info *dev = ctx->dev; 169 185 170 - dev->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_DEC; 186 + ctx->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_DEC; 171 187 return rk_handle_req(dev, req); 172 188 } 173 189 ··· 177 193 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 178 194 struct rk_crypto_info *dev = ctx->dev; 179 195 180 - dev->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_TDES_CHAINMODE_CBC; 196 + ctx->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_TDES_CHAINMODE_CBC; 181 197 return rk_handle_req(dev, req); 182 198 } 183 199 ··· 187 203 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); 188 204 struct rk_crypto_info *dev = ctx->dev; 189 205 190 - dev->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_TDES_CHAINMODE_CBC | 206 + ctx->mode = RK_CRYPTO_TDES_SELECT | RK_CRYPTO_TDES_CHAINMODE_CBC | 191 207 RK_CRYPTO_DEC; 192 208 return rk_handle_req(dev, req); 193 209 } 194 210 195 211 static void rk_ablk_hw_init(struct rk_crypto_info *dev) 196 212 { 197 - struct crypto_ablkcipher *cipher = 198 - crypto_ablkcipher_reqtfm(dev->ablk_req); 213 + struct ablkcipher_request *req = 214 + ablkcipher_request_cast(dev->async_req); 215 + struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(req); 199 216 struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); 200 217 struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(cipher); 201 218 u32 ivsize, block, conf_reg = 0; ··· 205 220 ivsize = crypto_ablkcipher_ivsize(cipher); 206 221 207 222 if (block == DES_BLOCK_SIZE) { 208 - dev->mode |= RK_CRYPTO_TDES_FIFO_MODE | 223 + ctx->mode |= RK_CRYPTO_TDES_FIFO_MODE | 209 224 RK_CRYPTO_TDES_BYTESWAP_KEY | 210 225 RK_CRYPTO_TDES_BYTESWAP_IV; 211 - CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, dev->mode); 212 - memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, 213 - dev->ablk_req->info, ivsize); 226 + CRYPTO_WRITE(dev, RK_CRYPTO_TDES_CTRL, ctx->mode); 227 + memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, req->info, ivsize); 214 228 conf_reg = RK_CRYPTO_DESSEL; 215 229 } else { 216 - dev->mode |= RK_CRYPTO_AES_FIFO_MODE | 230 + ctx->mode |= RK_CRYPTO_AES_FIFO_MODE | 217 231 RK_CRYPTO_AES_KEY_CHANGE | 218 232 RK_CRYPTO_AES_BYTESWAP_KEY | 219 233 RK_CRYPTO_AES_BYTESWAP_IV; 220 234 if (ctx->keylen == AES_KEYSIZE_192) 221 - dev->mode |= RK_CRYPTO_AES_192BIT_key; 235 + ctx->mode |= RK_CRYPTO_AES_192BIT_key; 222 236 else if (ctx->keylen == AES_KEYSIZE_256) 223 - dev->mode |= RK_CRYPTO_AES_256BIT_key; 224 - CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, dev->mode); 225 - memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, 226 - dev->ablk_req->info, ivsize); 237 + ctx->mode |= RK_CRYPTO_AES_256BIT_key; 238 + CRYPTO_WRITE(dev, RK_CRYPTO_AES_CTRL, ctx->mode); 239 + memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, req->info, ivsize); 227 240 } 228 241 conf_reg |= RK_CRYPTO_BYTESWAP_BTFIFO | 229 242 RK_CRYPTO_BYTESWAP_BRFIFO; ··· 251 268 252 269 static int rk_ablk_start(struct rk_crypto_info *dev) 253 270 { 271 + struct ablkcipher_request *req = 272 + ablkcipher_request_cast(dev->async_req); 254 273 unsigned long flags; 255 - int err; 274 + int err = 0; 275 + 276 + dev->left_bytes = req->nbytes; 277 + dev->total = req->nbytes; 278 + dev->sg_src = req->src; 279 + dev->first = req->src; 280 + dev->nents = sg_nents(req->src); 281 + dev->sg_dst = req->dst; 282 + dev->aligned = 1; 256 283 257 284 spin_lock_irqsave(&dev->lock, flags); 258 285 rk_ablk_hw_init(dev); ··· 273 280 274 281 static void rk_iv_copyback(struct rk_crypto_info *dev) 275 282 { 276 - struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(dev->ablk_req); 283 + struct ablkcipher_request *req = 284 + ablkcipher_request_cast(dev->async_req); 285 + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); 277 286 u32 ivsize = crypto_ablkcipher_ivsize(tfm); 278 287 279 288 if (ivsize == DES_BLOCK_SIZE) 280 - memcpy_fromio(dev->ablk_req->info, 281 - dev->reg + RK_CRYPTO_TDES_IV_0, ivsize); 289 + memcpy_fromio(req->info, dev->reg + RK_CRYPTO_TDES_IV_0, 290 + ivsize); 282 291 else if (ivsize == AES_BLOCK_SIZE) 283 - memcpy_fromio(dev->ablk_req->info, 284 - dev->reg + RK_CRYPTO_AES_IV_0, ivsize); 292 + memcpy_fromio(req->info, dev->reg + RK_CRYPTO_AES_IV_0, ivsize); 285 293 } 286 294 287 295 /* return: ··· 292 298 static int rk_ablk_rx(struct rk_crypto_info *dev) 293 299 { 294 300 int err = 0; 301 + struct ablkcipher_request *req = 302 + ablkcipher_request_cast(dev->async_req); 295 303 296 304 dev->unload_data(dev); 297 305 if (!dev->aligned) { 298 - if (!sg_pcopy_from_buffer(dev->ablk_req->dst, dev->nents, 306 + if (!sg_pcopy_from_buffer(req->dst, dev->nents, 299 307 dev->addr_vir, dev->count, 300 308 dev->total - dev->left_bytes - 301 309 dev->count)) { ··· 320 324 } else { 321 325 rk_iv_copyback(dev); 322 326 /* here show the calculation is over without any err */ 323 - dev->complete(dev, 0); 327 + dev->complete(dev->async_req, 0); 328 + tasklet_schedule(&dev->queue_task); 324 329 } 325 330 out_rx: 326 331 return err;

+60 -59

drivers/crypto/rockchip/rk3288_crypto_ahash.c

··· 40 40 return 0; 41 41 } 42 42 43 - static void rk_ahash_crypto_complete(struct rk_crypto_info *dev, int err) 43 + static void rk_ahash_crypto_complete(struct crypto_async_request *base, int err) 44 44 { 45 - if (dev->ahash_req->base.complete) 46 - dev->ahash_req->base.complete(&dev->ahash_req->base, err); 45 + if (base->complete) 46 + base->complete(base, err); 47 47 } 48 48 49 49 static void rk_ahash_reg_init(struct rk_crypto_info *dev) 50 50 { 51 + struct ahash_request *req = ahash_request_cast(dev->async_req); 52 + struct rk_ahash_rctx *rctx = ahash_request_ctx(req); 51 53 int reg_status = 0; 52 54 53 55 reg_status = CRYPTO_READ(dev, RK_CRYPTO_CTRL) | ··· 69 67 CRYPTO_WRITE(dev, RK_CRYPTO_INTSTS, RK_CRYPTO_HRDMA_ERR_INT | 70 68 RK_CRYPTO_HRDMA_DONE_INT); 71 69 72 - CRYPTO_WRITE(dev, RK_CRYPTO_HASH_CTRL, dev->mode | 70 + CRYPTO_WRITE(dev, RK_CRYPTO_HASH_CTRL, rctx->mode | 73 71 RK_CRYPTO_HASH_SWAP_DO); 74 72 75 73 CRYPTO_WRITE(dev, RK_CRYPTO_CONF, RK_CRYPTO_BYTESWAP_HRFIFO | ··· 166 164 167 165 static int rk_ahash_digest(struct ahash_request *req) 168 166 { 169 - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 170 167 struct rk_ahash_ctx *tctx = crypto_tfm_ctx(req->base.tfm); 171 - struct rk_crypto_info *dev = NULL; 172 - unsigned long flags; 173 - int ret; 168 + struct rk_crypto_info *dev = tctx->dev; 174 169 175 170 if (!req->nbytes) 176 171 return zero_message_process(req); 177 - 178 - dev = tctx->dev; 179 - dev->total = req->nbytes; 180 - dev->left_bytes = req->nbytes; 181 - dev->aligned = 0; 182 - dev->mode = 0; 183 - dev->align_size = 4; 184 - dev->sg_dst = NULL; 185 - dev->sg_src = req->src; 186 - dev->first = req->src; 187 - dev->nents = sg_nents(req->src); 188 - 189 - switch (crypto_ahash_digestsize(tfm)) { 190 - case SHA1_DIGEST_SIZE: 191 - dev->mode = RK_CRYPTO_HASH_SHA1; 192 - break; 193 - case SHA256_DIGEST_SIZE: 194 - dev->mode = RK_CRYPTO_HASH_SHA256; 195 - break; 196 - case MD5_DIGEST_SIZE: 197 - dev->mode = RK_CRYPTO_HASH_MD5; 198 - break; 199 - default: 200 - return -EINVAL; 201 - } 202 - 203 - rk_ahash_reg_init(dev); 204 - 205 - spin_lock_irqsave(&dev->lock, flags); 206 - ret = crypto_enqueue_request(&dev->queue, &req->base); 207 - spin_unlock_irqrestore(&dev->lock, flags); 208 - 209 - tasklet_schedule(&dev->crypto_tasklet); 210 - 211 - /* 212 - * it will take some time to process date after last dma transmission. 213 - * 214 - * waiting time is relative with the last date len, 215 - * so cannot set a fixed time here. 216 - * 10-50 makes system not call here frequently wasting 217 - * efficiency, and make it response quickly when dma 218 - * complete. 219 - */ 220 - while (!CRYPTO_READ(dev, RK_CRYPTO_HASH_STS)) 221 - usleep_range(10, 50); 222 - 223 - memcpy_fromio(req->result, dev->reg + RK_CRYPTO_HASH_DOUT_0, 224 - crypto_ahash_digestsize(tfm)); 225 - 226 - return 0; 172 + else 173 + return dev->enqueue(dev, &req->base); 227 174 } 228 175 229 176 static void crypto_ahash_dma_start(struct rk_crypto_info *dev) ··· 195 244 196 245 static int rk_ahash_start(struct rk_crypto_info *dev) 197 246 { 247 + struct ahash_request *req = ahash_request_cast(dev->async_req); 248 + struct crypto_ahash *tfm; 249 + struct rk_ahash_rctx *rctx; 250 + 251 + dev->total = req->nbytes; 252 + dev->left_bytes = req->nbytes; 253 + dev->aligned = 0; 254 + dev->align_size = 4; 255 + dev->sg_dst = NULL; 256 + dev->sg_src = req->src; 257 + dev->first = req->src; 258 + dev->nents = sg_nents(req->src); 259 + rctx = ahash_request_ctx(req); 260 + rctx->mode = 0; 261 + 262 + tfm = crypto_ahash_reqtfm(req); 263 + switch (crypto_ahash_digestsize(tfm)) { 264 + case SHA1_DIGEST_SIZE: 265 + rctx->mode = RK_CRYPTO_HASH_SHA1; 266 + break; 267 + case SHA256_DIGEST_SIZE: 268 + rctx->mode = RK_CRYPTO_HASH_SHA256; 269 + break; 270 + case MD5_DIGEST_SIZE: 271 + rctx->mode = RK_CRYPTO_HASH_MD5; 272 + break; 273 + default: 274 + return -EINVAL; 275 + } 276 + 277 + rk_ahash_reg_init(dev); 198 278 return rk_ahash_set_data_start(dev); 199 279 } 200 280 201 281 static int rk_ahash_crypto_rx(struct rk_crypto_info *dev) 202 282 { 203 283 int err = 0; 284 + struct ahash_request *req = ahash_request_cast(dev->async_req); 285 + struct crypto_ahash *tfm; 204 286 205 287 dev->unload_data(dev); 206 288 if (dev->left_bytes) { ··· 248 264 } 249 265 err = rk_ahash_set_data_start(dev); 250 266 } else { 251 - dev->complete(dev, 0); 267 + /* 268 + * it will take some time to process date after last dma 269 + * transmission. 270 + * 271 + * waiting time is relative with the last date len, 272 + * so cannot set a fixed time here. 273 + * 10us makes system not call here frequently wasting 274 + * efficiency, and make it response quickly when dma 275 + * complete. 276 + */ 277 + while (!CRYPTO_READ(dev, RK_CRYPTO_HASH_STS)) 278 + udelay(10); 279 + 280 + tfm = crypto_ahash_reqtfm(req); 281 + memcpy_fromio(req->result, dev->reg + RK_CRYPTO_HASH_DOUT_0, 282 + crypto_ahash_digestsize(tfm)); 283 + dev->complete(dev->async_req, 0); 284 + tasklet_schedule(&dev->queue_task); 252 285 } 253 286 254 287 out_rx:

+6 -8

drivers/crypto/sahara.c

··· 202 202 struct completion dma_completion; 203 203 204 204 struct sahara_ctx *ctx; 205 - spinlock_t lock; 206 205 struct crypto_queue queue; 207 206 unsigned long flags; 208 207 ··· 542 543 543 544 unmap_out: 544 545 dma_unmap_sg(dev->device, dev->out_sg, dev->nb_out_sg, 545 - DMA_TO_DEVICE); 546 + DMA_FROM_DEVICE); 546 547 unmap_in: 547 548 dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 548 - DMA_FROM_DEVICE); 549 + DMA_TO_DEVICE); 549 550 550 551 return -EINVAL; 551 552 } ··· 593 594 } 594 595 595 596 dma_unmap_sg(dev->device, dev->out_sg, dev->nb_out_sg, 596 - DMA_TO_DEVICE); 597 - dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 598 597 DMA_FROM_DEVICE); 598 + dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 599 + DMA_TO_DEVICE); 599 600 600 601 return 0; 601 602 } ··· 1375 1376 crypto_unregister_ahash(&sha_v4_algs[i]); 1376 1377 } 1377 1378 1378 - static struct platform_device_id sahara_platform_ids[] = { 1379 + static const struct platform_device_id sahara_platform_ids[] = { 1379 1380 { .name = "sahara-imx27" }, 1380 1381 { /* sentinel */ } 1381 1382 }; 1382 1383 MODULE_DEVICE_TABLE(platform, sahara_platform_ids); 1383 1384 1384 - static struct of_device_id sahara_dt_ids[] = { 1385 + static const struct of_device_id sahara_dt_ids[] = { 1385 1386 { .compatible = "fsl,imx53-sahara" }, 1386 1387 { .compatible = "fsl,imx27-sahara" }, 1387 1388 { /* sentinel */ } ··· 1486 1487 1487 1488 crypto_init_queue(&dev->queue, SAHARA_QUEUE_LENGTH); 1488 1489 1489 - spin_lock_init(&dev->lock); 1490 1490 mutex_init(&dev->queue_mutex); 1491 1491 1492 1492 dev_ptr = dev;

+16 -3

drivers/crypto/stm32/Kconfig

··· 1 - config CRYPTO_DEV_STM32 2 - tristate "Support for STM32 crypto accelerators" 1 + config CRC_DEV_STM32 2 + tristate "Support for STM32 crc accelerators" 3 3 depends on ARCH_STM32 4 4 select CRYPTO_HASH 5 5 help 6 6 This enables support for the CRC32 hw accelerator which can be found 7 - on STMicroelectronis STM32 SOC. 7 + on STMicroelectronics STM32 SOC. 8 + 9 + config HASH_DEV_STM32 10 + tristate "Support for STM32 hash accelerators" 11 + depends on ARCH_STM32 12 + depends on HAS_DMA 13 + select CRYPTO_HASH 14 + select CRYPTO_MD5 15 + select CRYPTO_SHA1 16 + select CRYPTO_SHA256 17 + select CRYPTO_ENGINE 18 + help 19 + This enables support for the HASH hw accelerator which can be found 20 + on STMicroelectronics STM32 SOC.

+2 -2

drivers/crypto/stm32/Makefile

··· 1 - obj-$(CONFIG_CRYPTO_DEV_STM32) += stm32_cryp.o 2 - stm32_cryp-objs := stm32_crc32.o 1 + obj-$(CONFIG_CRC_DEV_STM32) += stm32_crc32.o 2 + obj-$(CONFIG_HASH_DEV_STM32) += stm32-hash.o

+1575

drivers/crypto/stm32/stm32-hash.c

··· 1 + /* 2 + * This file is part of STM32 Crypto driver for Linux. 3 + * 4 + * Copyright (C) 2017, STMicroelectronics - All Rights Reserved 5 + * Author(s): Lionel DEBIEVE <lionel.debieve@st.com> for STMicroelectronics. 6 + * 7 + * License terms: GPL V2.0. 8 + * 9 + * This program is free software; you can redistribute it and/or modify it 10 + * under the terms of the GNU General Public License version 2 as published by 11 + * the Free Software Foundation. 12 + * 13 + * This program is distributed in the hope that it will be useful, but 14 + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 15 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 16 + * details. 17 + * 18 + * You should have received a copy of the GNU General Public License along with 19 + * this program. If not, see <http://www.gnu.org/licenses/>. 20 + * 21 + */ 22 + 23 + #include <linux/clk.h> 24 + #include <linux/crypto.h> 25 + #include <linux/delay.h> 26 + #include <linux/dmaengine.h> 27 + #include <linux/interrupt.h> 28 + #include <linux/io.h> 29 + #include <linux/iopoll.h> 30 + #include <linux/kernel.h> 31 + #include <linux/module.h> 32 + #include <linux/of_device.h> 33 + #include <linux/platform_device.h> 34 + #include <linux/reset.h> 35 + 36 + #include <crypto/engine.h> 37 + #include <crypto/hash.h> 38 + #include <crypto/md5.h> 39 + #include <crypto/scatterwalk.h> 40 + #include <crypto/sha.h> 41 + #include <crypto/internal/hash.h> 42 + 43 + #define HASH_CR 0x00 44 + #define HASH_DIN 0x04 45 + #define HASH_STR 0x08 46 + #define HASH_IMR 0x20 47 + #define HASH_SR 0x24 48 + #define HASH_CSR(x) (0x0F8 + ((x) * 0x04)) 49 + #define HASH_HREG(x) (0x310 + ((x) * 0x04)) 50 + #define HASH_HWCFGR 0x3F0 51 + #define HASH_VER 0x3F4 52 + #define HASH_ID 0x3F8 53 + 54 + /* Control Register */ 55 + #define HASH_CR_INIT BIT(2) 56 + #define HASH_CR_DMAE BIT(3) 57 + #define HASH_CR_DATATYPE_POS 4 58 + #define HASH_CR_MODE BIT(6) 59 + #define HASH_CR_MDMAT BIT(13) 60 + #define HASH_CR_DMAA BIT(14) 61 + #define HASH_CR_LKEY BIT(16) 62 + 63 + #define HASH_CR_ALGO_SHA1 0x0 64 + #define HASH_CR_ALGO_MD5 0x80 65 + #define HASH_CR_ALGO_SHA224 0x40000 66 + #define HASH_CR_ALGO_SHA256 0x40080 67 + 68 + /* Interrupt */ 69 + #define HASH_DINIE BIT(0) 70 + #define HASH_DCIE BIT(1) 71 + 72 + /* Interrupt Mask */ 73 + #define HASH_MASK_CALC_COMPLETION BIT(0) 74 + #define HASH_MASK_DATA_INPUT BIT(1) 75 + 76 + /* Context swap register */ 77 + #define HASH_CSR_REGISTER_NUMBER 53 78 + 79 + /* Status Flags */ 80 + #define HASH_SR_DATA_INPUT_READY BIT(0) 81 + #define HASH_SR_OUTPUT_READY BIT(1) 82 + #define HASH_SR_DMA_ACTIVE BIT(2) 83 + #define HASH_SR_BUSY BIT(3) 84 + 85 + /* STR Register */ 86 + #define HASH_STR_NBLW_MASK GENMASK(4, 0) 87 + #define HASH_STR_DCAL BIT(8) 88 + 89 + #define HASH_FLAGS_INIT BIT(0) 90 + #define HASH_FLAGS_OUTPUT_READY BIT(1) 91 + #define HASH_FLAGS_CPU BIT(2) 92 + #define HASH_FLAGS_DMA_READY BIT(3) 93 + #define HASH_FLAGS_DMA_ACTIVE BIT(4) 94 + #define HASH_FLAGS_HMAC_INIT BIT(5) 95 + #define HASH_FLAGS_HMAC_FINAL BIT(6) 96 + #define HASH_FLAGS_HMAC_KEY BIT(7) 97 + 98 + #define HASH_FLAGS_FINAL BIT(15) 99 + #define HASH_FLAGS_FINUP BIT(16) 100 + #define HASH_FLAGS_ALGO_MASK GENMASK(21, 18) 101 + #define HASH_FLAGS_MD5 BIT(18) 102 + #define HASH_FLAGS_SHA1 BIT(19) 103 + #define HASH_FLAGS_SHA224 BIT(20) 104 + #define HASH_FLAGS_SHA256 BIT(21) 105 + #define HASH_FLAGS_ERRORS BIT(22) 106 + #define HASH_FLAGS_HMAC BIT(23) 107 + 108 + #define HASH_OP_UPDATE 1 109 + #define HASH_OP_FINAL 2 110 + 111 + enum stm32_hash_data_format { 112 + HASH_DATA_32_BITS = 0x0, 113 + HASH_DATA_16_BITS = 0x1, 114 + HASH_DATA_8_BITS = 0x2, 115 + HASH_DATA_1_BIT = 0x3 116 + }; 117 + 118 + #define HASH_BUFLEN 256 119 + #define HASH_LONG_KEY 64 120 + #define HASH_MAX_KEY_SIZE (SHA256_BLOCK_SIZE * 8) 121 + #define HASH_QUEUE_LENGTH 16 122 + #define HASH_DMA_THRESHOLD 50 123 + 124 + struct stm32_hash_ctx { 125 + struct stm32_hash_dev *hdev; 126 + unsigned long flags; 127 + 128 + u8 key[HASH_MAX_KEY_SIZE]; 129 + int keylen; 130 + }; 131 + 132 + struct stm32_hash_request_ctx { 133 + struct stm32_hash_dev *hdev; 134 + unsigned long flags; 135 + unsigned long op; 136 + 137 + u8 digest[SHA256_DIGEST_SIZE] __aligned(sizeof(u32)); 138 + size_t digcnt; 139 + size_t bufcnt; 140 + size_t buflen; 141 + 142 + /* DMA */ 143 + struct scatterlist *sg; 144 + unsigned int offset; 145 + unsigned int total; 146 + struct scatterlist sg_key; 147 + 148 + dma_addr_t dma_addr; 149 + size_t dma_ct; 150 + int nents; 151 + 152 + u8 data_type; 153 + 154 + u8 buffer[HASH_BUFLEN] __aligned(sizeof(u32)); 155 + 156 + /* Export Context */ 157 + u32 *hw_context; 158 + }; 159 + 160 + struct stm32_hash_algs_info { 161 + struct ahash_alg *algs_list; 162 + size_t size; 163 + }; 164 + 165 + struct stm32_hash_pdata { 166 + struct stm32_hash_algs_info *algs_info; 167 + size_t algs_info_size; 168 + }; 169 + 170 + struct stm32_hash_dev { 171 + struct list_head list; 172 + struct device *dev; 173 + struct clk *clk; 174 + struct reset_control *rst; 175 + void __iomem *io_base; 176 + phys_addr_t phys_base; 177 + u32 dma_mode; 178 + u32 dma_maxburst; 179 + 180 + spinlock_t lock; /* lock to protect queue */ 181 + 182 + struct ahash_request *req; 183 + struct crypto_engine *engine; 184 + 185 + int err; 186 + unsigned long flags; 187 + 188 + struct dma_chan *dma_lch; 189 + struct completion dma_completion; 190 + 191 + const struct stm32_hash_pdata *pdata; 192 + }; 193 + 194 + struct stm32_hash_drv { 195 + struct list_head dev_list; 196 + spinlock_t lock; /* List protection access */ 197 + }; 198 + 199 + static struct stm32_hash_drv stm32_hash = { 200 + .dev_list = LIST_HEAD_INIT(stm32_hash.dev_list), 201 + .lock = __SPIN_LOCK_UNLOCKED(stm32_hash.lock), 202 + }; 203 + 204 + static void stm32_hash_dma_callback(void *param); 205 + 206 + static inline u32 stm32_hash_read(struct stm32_hash_dev *hdev, u32 offset) 207 + { 208 + return readl_relaxed(hdev->io_base + offset); 209 + } 210 + 211 + static inline void stm32_hash_write(struct stm32_hash_dev *hdev, 212 + u32 offset, u32 value) 213 + { 214 + writel_relaxed(value, hdev->io_base + offset); 215 + } 216 + 217 + static inline int stm32_hash_wait_busy(struct stm32_hash_dev *hdev) 218 + { 219 + u32 status; 220 + 221 + return readl_relaxed_poll_timeout(hdev->io_base + HASH_SR, status, 222 + !(status & HASH_SR_BUSY), 10, 10000); 223 + } 224 + 225 + static void stm32_hash_set_nblw(struct stm32_hash_dev *hdev, int length) 226 + { 227 + u32 reg; 228 + 229 + reg = stm32_hash_read(hdev, HASH_STR); 230 + reg &= ~(HASH_STR_NBLW_MASK); 231 + reg |= (8U * ((length) % 4U)); 232 + stm32_hash_write(hdev, HASH_STR, reg); 233 + } 234 + 235 + static int stm32_hash_write_key(struct stm32_hash_dev *hdev) 236 + { 237 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(hdev->req); 238 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 239 + u32 reg; 240 + int keylen = ctx->keylen; 241 + void *key = ctx->key; 242 + 243 + if (keylen) { 244 + stm32_hash_set_nblw(hdev, keylen); 245 + 246 + while (keylen > 0) { 247 + stm32_hash_write(hdev, HASH_DIN, *(u32 *)key); 248 + keylen -= 4; 249 + key += 4; 250 + } 251 + 252 + reg = stm32_hash_read(hdev, HASH_STR); 253 + reg |= HASH_STR_DCAL; 254 + stm32_hash_write(hdev, HASH_STR, reg); 255 + 256 + return -EINPROGRESS; 257 + } 258 + 259 + return 0; 260 + } 261 + 262 + static void stm32_hash_write_ctrl(struct stm32_hash_dev *hdev) 263 + { 264 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 265 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(hdev->req); 266 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 267 + 268 + u32 reg = HASH_CR_INIT; 269 + 270 + if (!(hdev->flags & HASH_FLAGS_INIT)) { 271 + switch (rctx->flags & HASH_FLAGS_ALGO_MASK) { 272 + case HASH_FLAGS_MD5: 273 + reg |= HASH_CR_ALGO_MD5; 274 + break; 275 + case HASH_FLAGS_SHA1: 276 + reg |= HASH_CR_ALGO_SHA1; 277 + break; 278 + case HASH_FLAGS_SHA224: 279 + reg |= HASH_CR_ALGO_SHA224; 280 + break; 281 + case HASH_FLAGS_SHA256: 282 + reg |= HASH_CR_ALGO_SHA256; 283 + break; 284 + default: 285 + reg |= HASH_CR_ALGO_MD5; 286 + } 287 + 288 + reg |= (rctx->data_type << HASH_CR_DATATYPE_POS); 289 + 290 + if (rctx->flags & HASH_FLAGS_HMAC) { 291 + hdev->flags |= HASH_FLAGS_HMAC; 292 + reg |= HASH_CR_MODE; 293 + if (ctx->keylen > HASH_LONG_KEY) 294 + reg |= HASH_CR_LKEY; 295 + } 296 + 297 + stm32_hash_write(hdev, HASH_IMR, HASH_DCIE); 298 + 299 + stm32_hash_write(hdev, HASH_CR, reg); 300 + 301 + hdev->flags |= HASH_FLAGS_INIT; 302 + 303 + dev_dbg(hdev->dev, "Write Control %x\n", reg); 304 + } 305 + } 306 + 307 + static void stm32_hash_append_sg(struct stm32_hash_request_ctx *rctx) 308 + { 309 + size_t count; 310 + 311 + while ((rctx->bufcnt < rctx->buflen) && rctx->total) { 312 + count = min(rctx->sg->length - rctx->offset, rctx->total); 313 + count = min(count, rctx->buflen - rctx->bufcnt); 314 + 315 + if (count <= 0) { 316 + if ((rctx->sg->length == 0) && !sg_is_last(rctx->sg)) { 317 + rctx->sg = sg_next(rctx->sg); 318 + continue; 319 + } else { 320 + break; 321 + } 322 + } 323 + 324 + scatterwalk_map_and_copy(rctx->buffer + rctx->bufcnt, rctx->sg, 325 + rctx->offset, count, 0); 326 + 327 + rctx->bufcnt += count; 328 + rctx->offset += count; 329 + rctx->total -= count; 330 + 331 + if (rctx->offset == rctx->sg->length) { 332 + rctx->sg = sg_next(rctx->sg); 333 + if (rctx->sg) 334 + rctx->offset = 0; 335 + else 336 + rctx->total = 0; 337 + } 338 + } 339 + } 340 + 341 + static int stm32_hash_xmit_cpu(struct stm32_hash_dev *hdev, 342 + const u8 *buf, size_t length, int final) 343 + { 344 + unsigned int count, len32; 345 + const u32 *buffer = (const u32 *)buf; 346 + u32 reg; 347 + 348 + if (final) 349 + hdev->flags |= HASH_FLAGS_FINAL; 350 + 351 + len32 = DIV_ROUND_UP(length, sizeof(u32)); 352 + 353 + dev_dbg(hdev->dev, "%s: length: %d, final: %x len32 %i\n", 354 + __func__, length, final, len32); 355 + 356 + hdev->flags |= HASH_FLAGS_CPU; 357 + 358 + stm32_hash_write_ctrl(hdev); 359 + 360 + if (stm32_hash_wait_busy(hdev)) 361 + return -ETIMEDOUT; 362 + 363 + if ((hdev->flags & HASH_FLAGS_HMAC) && 364 + (hdev->flags & ~HASH_FLAGS_HMAC_KEY)) { 365 + hdev->flags |= HASH_FLAGS_HMAC_KEY; 366 + stm32_hash_write_key(hdev); 367 + if (stm32_hash_wait_busy(hdev)) 368 + return -ETIMEDOUT; 369 + } 370 + 371 + for (count = 0; count < len32; count++) 372 + stm32_hash_write(hdev, HASH_DIN, buffer[count]); 373 + 374 + if (final) { 375 + stm32_hash_set_nblw(hdev, length); 376 + reg = stm32_hash_read(hdev, HASH_STR); 377 + reg |= HASH_STR_DCAL; 378 + stm32_hash_write(hdev, HASH_STR, reg); 379 + if (hdev->flags & HASH_FLAGS_HMAC) { 380 + if (stm32_hash_wait_busy(hdev)) 381 + return -ETIMEDOUT; 382 + stm32_hash_write_key(hdev); 383 + } 384 + return -EINPROGRESS; 385 + } 386 + 387 + return 0; 388 + } 389 + 390 + static int stm32_hash_update_cpu(struct stm32_hash_dev *hdev) 391 + { 392 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 393 + int bufcnt, err = 0, final; 394 + 395 + dev_dbg(hdev->dev, "%s flags %lx\n", __func__, rctx->flags); 396 + 397 + final = (rctx->flags & HASH_FLAGS_FINUP); 398 + 399 + while ((rctx->total >= rctx->buflen) || 400 + (rctx->bufcnt + rctx->total >= rctx->buflen)) { 401 + stm32_hash_append_sg(rctx); 402 + bufcnt = rctx->bufcnt; 403 + rctx->bufcnt = 0; 404 + err = stm32_hash_xmit_cpu(hdev, rctx->buffer, bufcnt, 0); 405 + } 406 + 407 + stm32_hash_append_sg(rctx); 408 + 409 + if (final) { 410 + bufcnt = rctx->bufcnt; 411 + rctx->bufcnt = 0; 412 + err = stm32_hash_xmit_cpu(hdev, rctx->buffer, bufcnt, 413 + (rctx->flags & HASH_FLAGS_FINUP)); 414 + } 415 + 416 + return err; 417 + } 418 + 419 + static int stm32_hash_xmit_dma(struct stm32_hash_dev *hdev, 420 + struct scatterlist *sg, int length, int mdma) 421 + { 422 + struct dma_async_tx_descriptor *in_desc; 423 + dma_cookie_t cookie; 424 + u32 reg; 425 + int err; 426 + 427 + in_desc = dmaengine_prep_slave_sg(hdev->dma_lch, sg, 1, 428 + DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT | 429 + DMA_CTRL_ACK); 430 + if (!in_desc) { 431 + dev_err(hdev->dev, "dmaengine_prep_slave error\n"); 432 + return -ENOMEM; 433 + } 434 + 435 + reinit_completion(&hdev->dma_completion); 436 + in_desc->callback = stm32_hash_dma_callback; 437 + in_desc->callback_param = hdev; 438 + 439 + hdev->flags |= HASH_FLAGS_FINAL; 440 + hdev->flags |= HASH_FLAGS_DMA_ACTIVE; 441 + 442 + reg = stm32_hash_read(hdev, HASH_CR); 443 + 444 + if (mdma) 445 + reg |= HASH_CR_MDMAT; 446 + else 447 + reg &= ~HASH_CR_MDMAT; 448 + 449 + reg |= HASH_CR_DMAE; 450 + 451 + stm32_hash_write(hdev, HASH_CR, reg); 452 + 453 + stm32_hash_set_nblw(hdev, length); 454 + 455 + cookie = dmaengine_submit(in_desc); 456 + err = dma_submit_error(cookie); 457 + if (err) 458 + return -ENOMEM; 459 + 460 + dma_async_issue_pending(hdev->dma_lch); 461 + 462 + if (!wait_for_completion_interruptible_timeout(&hdev->dma_completion, 463 + msecs_to_jiffies(100))) 464 + err = -ETIMEDOUT; 465 + 466 + if (dma_async_is_tx_complete(hdev->dma_lch, cookie, 467 + NULL, NULL) != DMA_COMPLETE) 468 + err = -ETIMEDOUT; 469 + 470 + if (err) { 471 + dev_err(hdev->dev, "DMA Error %i\n", err); 472 + dmaengine_terminate_all(hdev->dma_lch); 473 + return err; 474 + } 475 + 476 + return -EINPROGRESS; 477 + } 478 + 479 + static void stm32_hash_dma_callback(void *param) 480 + { 481 + struct stm32_hash_dev *hdev = param; 482 + 483 + complete(&hdev->dma_completion); 484 + 485 + hdev->flags |= HASH_FLAGS_DMA_READY; 486 + } 487 + 488 + static int stm32_hash_hmac_dma_send(struct stm32_hash_dev *hdev) 489 + { 490 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 491 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(hdev->req); 492 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 493 + int err; 494 + 495 + if (ctx->keylen < HASH_DMA_THRESHOLD || (hdev->dma_mode == 1)) { 496 + err = stm32_hash_write_key(hdev); 497 + if (stm32_hash_wait_busy(hdev)) 498 + return -ETIMEDOUT; 499 + } else { 500 + if (!(hdev->flags & HASH_FLAGS_HMAC_KEY)) 501 + sg_init_one(&rctx->sg_key, ctx->key, 502 + ALIGN(ctx->keylen, sizeof(u32))); 503 + 504 + rctx->dma_ct = dma_map_sg(hdev->dev, &rctx->sg_key, 1, 505 + DMA_TO_DEVICE); 506 + if (rctx->dma_ct == 0) { 507 + dev_err(hdev->dev, "dma_map_sg error\n"); 508 + return -ENOMEM; 509 + } 510 + 511 + err = stm32_hash_xmit_dma(hdev, &rctx->sg_key, ctx->keylen, 0); 512 + 513 + dma_unmap_sg(hdev->dev, &rctx->sg_key, 1, DMA_TO_DEVICE); 514 + } 515 + 516 + return err; 517 + } 518 + 519 + static int stm32_hash_dma_init(struct stm32_hash_dev *hdev) 520 + { 521 + struct dma_slave_config dma_conf; 522 + int err; 523 + 524 + memset(&dma_conf, 0, sizeof(dma_conf)); 525 + 526 + dma_conf.direction = DMA_MEM_TO_DEV; 527 + dma_conf.dst_addr = hdev->phys_base + HASH_DIN; 528 + dma_conf.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 529 + dma_conf.src_maxburst = hdev->dma_maxburst; 530 + dma_conf.dst_maxburst = hdev->dma_maxburst; 531 + dma_conf.device_fc = false; 532 + 533 + hdev->dma_lch = dma_request_slave_channel(hdev->dev, "in"); 534 + if (!hdev->dma_lch) { 535 + dev_err(hdev->dev, "Couldn't acquire a slave DMA channel.\n"); 536 + return -EBUSY; 537 + } 538 + 539 + err = dmaengine_slave_config(hdev->dma_lch, &dma_conf); 540 + if (err) { 541 + dma_release_channel(hdev->dma_lch); 542 + hdev->dma_lch = NULL; 543 + dev_err(hdev->dev, "Couldn't configure DMA slave.\n"); 544 + return err; 545 + } 546 + 547 + init_completion(&hdev->dma_completion); 548 + 549 + return 0; 550 + } 551 + 552 + static int stm32_hash_dma_send(struct stm32_hash_dev *hdev) 553 + { 554 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 555 + struct scatterlist sg[1], *tsg; 556 + int err = 0, len = 0, reg, ncp; 557 + unsigned int i; 558 + const u32 *buffer = (const u32 *)rctx->buffer; 559 + 560 + rctx->sg = hdev->req->src; 561 + rctx->total = hdev->req->nbytes; 562 + 563 + rctx->nents = sg_nents(rctx->sg); 564 + 565 + if (rctx->nents < 0) 566 + return -EINVAL; 567 + 568 + stm32_hash_write_ctrl(hdev); 569 + 570 + if (hdev->flags & HASH_FLAGS_HMAC) { 571 + err = stm32_hash_hmac_dma_send(hdev); 572 + if (err != -EINPROGRESS) 573 + return err; 574 + } 575 + 576 + for_each_sg(rctx->sg, tsg, rctx->nents, i) { 577 + len = sg->length; 578 + 579 + sg[0] = *tsg; 580 + if (sg_is_last(sg)) { 581 + if (hdev->dma_mode == 1) { 582 + len = (ALIGN(sg->length, 16) - 16); 583 + 584 + ncp = sg_pcopy_to_buffer( 585 + rctx->sg, rctx->nents, 586 + rctx->buffer, sg->length - len, 587 + rctx->total - sg->length + len); 588 + 589 + sg->length = len; 590 + } else { 591 + if (!(IS_ALIGNED(sg->length, sizeof(u32)))) { 592 + len = sg->length; 593 + sg->length = ALIGN(sg->length, 594 + sizeof(u32)); 595 + } 596 + } 597 + } 598 + 599 + rctx->dma_ct = dma_map_sg(hdev->dev, sg, 1, 600 + DMA_TO_DEVICE); 601 + if (rctx->dma_ct == 0) { 602 + dev_err(hdev->dev, "dma_map_sg error\n"); 603 + return -ENOMEM; 604 + } 605 + 606 + err = stm32_hash_xmit_dma(hdev, sg, len, 607 + !sg_is_last(sg)); 608 + 609 + dma_unmap_sg(hdev->dev, sg, 1, DMA_TO_DEVICE); 610 + 611 + if (err == -ENOMEM) 612 + return err; 613 + } 614 + 615 + if (hdev->dma_mode == 1) { 616 + if (stm32_hash_wait_busy(hdev)) 617 + return -ETIMEDOUT; 618 + reg = stm32_hash_read(hdev, HASH_CR); 619 + reg &= ~HASH_CR_DMAE; 620 + reg |= HASH_CR_DMAA; 621 + stm32_hash_write(hdev, HASH_CR, reg); 622 + 623 + for (i = 0; i < DIV_ROUND_UP(ncp, sizeof(u32)); i++) 624 + stm32_hash_write(hdev, HASH_DIN, buffer[i]); 625 + 626 + stm32_hash_set_nblw(hdev, ncp); 627 + reg = stm32_hash_read(hdev, HASH_STR); 628 + reg |= HASH_STR_DCAL; 629 + stm32_hash_write(hdev, HASH_STR, reg); 630 + err = -EINPROGRESS; 631 + } 632 + 633 + if (hdev->flags & HASH_FLAGS_HMAC) { 634 + if (stm32_hash_wait_busy(hdev)) 635 + return -ETIMEDOUT; 636 + err = stm32_hash_hmac_dma_send(hdev); 637 + } 638 + 639 + return err; 640 + } 641 + 642 + static struct stm32_hash_dev *stm32_hash_find_dev(struct stm32_hash_ctx *ctx) 643 + { 644 + struct stm32_hash_dev *hdev = NULL, *tmp; 645 + 646 + spin_lock_bh(&stm32_hash.lock); 647 + if (!ctx->hdev) { 648 + list_for_each_entry(tmp, &stm32_hash.dev_list, list) { 649 + hdev = tmp; 650 + break; 651 + } 652 + ctx->hdev = hdev; 653 + } else { 654 + hdev = ctx->hdev; 655 + } 656 + 657 + spin_unlock_bh(&stm32_hash.lock); 658 + 659 + return hdev; 660 + } 661 + 662 + static bool stm32_hash_dma_aligned_data(struct ahash_request *req) 663 + { 664 + struct scatterlist *sg; 665 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 666 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 667 + int i; 668 + 669 + if (req->nbytes <= HASH_DMA_THRESHOLD) 670 + return false; 671 + 672 + if (sg_nents(req->src) > 1) { 673 + if (hdev->dma_mode == 1) 674 + return false; 675 + for_each_sg(req->src, sg, sg_nents(req->src), i) { 676 + if ((!IS_ALIGNED(sg->length, sizeof(u32))) && 677 + (!sg_is_last(sg))) 678 + return false; 679 + } 680 + } 681 + 682 + if (req->src->offset % 4) 683 + return false; 684 + 685 + return true; 686 + } 687 + 688 + static int stm32_hash_init(struct ahash_request *req) 689 + { 690 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 691 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 692 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 693 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 694 + 695 + rctx->hdev = hdev; 696 + 697 + rctx->flags = HASH_FLAGS_CPU; 698 + 699 + rctx->digcnt = crypto_ahash_digestsize(tfm); 700 + switch (rctx->digcnt) { 701 + case MD5_DIGEST_SIZE: 702 + rctx->flags |= HASH_FLAGS_MD5; 703 + break; 704 + case SHA1_DIGEST_SIZE: 705 + rctx->flags |= HASH_FLAGS_SHA1; 706 + break; 707 + case SHA224_DIGEST_SIZE: 708 + rctx->flags |= HASH_FLAGS_SHA224; 709 + break; 710 + case SHA256_DIGEST_SIZE: 711 + rctx->flags |= HASH_FLAGS_SHA256; 712 + break; 713 + default: 714 + return -EINVAL; 715 + } 716 + 717 + rctx->bufcnt = 0; 718 + rctx->buflen = HASH_BUFLEN; 719 + rctx->total = 0; 720 + rctx->offset = 0; 721 + rctx->data_type = HASH_DATA_8_BITS; 722 + 723 + memset(rctx->buffer, 0, HASH_BUFLEN); 724 + 725 + if (ctx->flags & HASH_FLAGS_HMAC) 726 + rctx->flags |= HASH_FLAGS_HMAC; 727 + 728 + dev_dbg(hdev->dev, "%s Flags %lx\n", __func__, rctx->flags); 729 + 730 + return 0; 731 + } 732 + 733 + static int stm32_hash_update_req(struct stm32_hash_dev *hdev) 734 + { 735 + return stm32_hash_update_cpu(hdev); 736 + } 737 + 738 + static int stm32_hash_final_req(struct stm32_hash_dev *hdev) 739 + { 740 + struct ahash_request *req = hdev->req; 741 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 742 + int err; 743 + 744 + if (!(rctx->flags & HASH_FLAGS_CPU)) 745 + err = stm32_hash_dma_send(hdev); 746 + else 747 + err = stm32_hash_xmit_cpu(hdev, rctx->buffer, rctx->bufcnt, 1); 748 + 749 + rctx->bufcnt = 0; 750 + 751 + return err; 752 + } 753 + 754 + static void stm32_hash_copy_hash(struct ahash_request *req) 755 + { 756 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 757 + u32 *hash = (u32 *)rctx->digest; 758 + unsigned int i, hashsize; 759 + 760 + switch (rctx->flags & HASH_FLAGS_ALGO_MASK) { 761 + case HASH_FLAGS_MD5: 762 + hashsize = MD5_DIGEST_SIZE; 763 + break; 764 + case HASH_FLAGS_SHA1: 765 + hashsize = SHA1_DIGEST_SIZE; 766 + break; 767 + case HASH_FLAGS_SHA224: 768 + hashsize = SHA224_DIGEST_SIZE; 769 + break; 770 + case HASH_FLAGS_SHA256: 771 + hashsize = SHA256_DIGEST_SIZE; 772 + break; 773 + default: 774 + return; 775 + } 776 + 777 + for (i = 0; i < hashsize / sizeof(u32); i++) 778 + hash[i] = be32_to_cpu(stm32_hash_read(rctx->hdev, 779 + HASH_HREG(i))); 780 + } 781 + 782 + static int stm32_hash_finish(struct ahash_request *req) 783 + { 784 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 785 + 786 + if (!req->result) 787 + return -EINVAL; 788 + 789 + memcpy(req->result, rctx->digest, rctx->digcnt); 790 + 791 + return 0; 792 + } 793 + 794 + static void stm32_hash_finish_req(struct ahash_request *req, int err) 795 + { 796 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 797 + struct stm32_hash_dev *hdev = rctx->hdev; 798 + 799 + if (!err && (HASH_FLAGS_FINAL & hdev->flags)) { 800 + stm32_hash_copy_hash(req); 801 + err = stm32_hash_finish(req); 802 + hdev->flags &= ~(HASH_FLAGS_FINAL | HASH_FLAGS_CPU | 803 + HASH_FLAGS_INIT | HASH_FLAGS_DMA_READY | 804 + HASH_FLAGS_OUTPUT_READY | HASH_FLAGS_HMAC | 805 + HASH_FLAGS_HMAC_INIT | HASH_FLAGS_HMAC_FINAL | 806 + HASH_FLAGS_HMAC_KEY); 807 + } else { 808 + rctx->flags |= HASH_FLAGS_ERRORS; 809 + } 810 + 811 + crypto_finalize_hash_request(hdev->engine, req, err); 812 + } 813 + 814 + static int stm32_hash_hw_init(struct stm32_hash_dev *hdev, 815 + struct stm32_hash_request_ctx *rctx) 816 + { 817 + if (!(HASH_FLAGS_INIT & hdev->flags)) { 818 + stm32_hash_write(hdev, HASH_CR, HASH_CR_INIT); 819 + stm32_hash_write(hdev, HASH_STR, 0); 820 + stm32_hash_write(hdev, HASH_DIN, 0); 821 + stm32_hash_write(hdev, HASH_IMR, 0); 822 + hdev->err = 0; 823 + } 824 + 825 + return 0; 826 + } 827 + 828 + static int stm32_hash_handle_queue(struct stm32_hash_dev *hdev, 829 + struct ahash_request *req) 830 + { 831 + return crypto_transfer_hash_request_to_engine(hdev->engine, req); 832 + } 833 + 834 + static int stm32_hash_prepare_req(struct crypto_engine *engine, 835 + struct ahash_request *req) 836 + { 837 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 838 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 839 + struct stm32_hash_request_ctx *rctx; 840 + 841 + if (!hdev) 842 + return -ENODEV; 843 + 844 + hdev->req = req; 845 + 846 + rctx = ahash_request_ctx(req); 847 + 848 + dev_dbg(hdev->dev, "processing new req, op: %lu, nbytes %d\n", 849 + rctx->op, req->nbytes); 850 + 851 + return stm32_hash_hw_init(hdev, rctx); 852 + } 853 + 854 + static int stm32_hash_one_request(struct crypto_engine *engine, 855 + struct ahash_request *req) 856 + { 857 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 858 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 859 + struct stm32_hash_request_ctx *rctx; 860 + int err = 0; 861 + 862 + if (!hdev) 863 + return -ENODEV; 864 + 865 + hdev->req = req; 866 + 867 + rctx = ahash_request_ctx(req); 868 + 869 + if (rctx->op == HASH_OP_UPDATE) 870 + err = stm32_hash_update_req(hdev); 871 + else if (rctx->op == HASH_OP_FINAL) 872 + err = stm32_hash_final_req(hdev); 873 + 874 + if (err != -EINPROGRESS) 875 + /* done task will not finish it, so do it here */ 876 + stm32_hash_finish_req(req, err); 877 + 878 + return 0; 879 + } 880 + 881 + static int stm32_hash_enqueue(struct ahash_request *req, unsigned int op) 882 + { 883 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 884 + struct stm32_hash_ctx *ctx = crypto_tfm_ctx(req->base.tfm); 885 + struct stm32_hash_dev *hdev = ctx->hdev; 886 + 887 + rctx->op = op; 888 + 889 + return stm32_hash_handle_queue(hdev, req); 890 + } 891 + 892 + static int stm32_hash_update(struct ahash_request *req) 893 + { 894 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 895 + int ret; 896 + 897 + if (!req->nbytes || !(rctx->flags & HASH_FLAGS_CPU)) 898 + return 0; 899 + 900 + rctx->total = req->nbytes; 901 + rctx->sg = req->src; 902 + rctx->offset = 0; 903 + 904 + if ((rctx->bufcnt + rctx->total < rctx->buflen)) { 905 + stm32_hash_append_sg(rctx); 906 + return 0; 907 + } 908 + 909 + ret = stm32_hash_enqueue(req, HASH_OP_UPDATE); 910 + 911 + if (rctx->flags & HASH_FLAGS_FINUP) 912 + return ret; 913 + 914 + return 0; 915 + } 916 + 917 + static int stm32_hash_final(struct ahash_request *req) 918 + { 919 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 920 + 921 + rctx->flags |= HASH_FLAGS_FINUP; 922 + 923 + return stm32_hash_enqueue(req, HASH_OP_FINAL); 924 + } 925 + 926 + static int stm32_hash_finup(struct ahash_request *req) 927 + { 928 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 929 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 930 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 931 + int err1, err2; 932 + 933 + rctx->flags |= HASH_FLAGS_FINUP; 934 + 935 + if (hdev->dma_lch && stm32_hash_dma_aligned_data(req)) 936 + rctx->flags &= ~HASH_FLAGS_CPU; 937 + 938 + err1 = stm32_hash_update(req); 939 + 940 + if (err1 == -EINPROGRESS || err1 == -EBUSY) 941 + return err1; 942 + 943 + /* 944 + * final() has to be always called to cleanup resources 945 + * even if update() failed, except EINPROGRESS 946 + */ 947 + err2 = stm32_hash_final(req); 948 + 949 + return err1 ?: err2; 950 + } 951 + 952 + static int stm32_hash_digest(struct ahash_request *req) 953 + { 954 + return stm32_hash_init(req) ?: stm32_hash_finup(req); 955 + } 956 + 957 + static int stm32_hash_export(struct ahash_request *req, void *out) 958 + { 959 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 960 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 961 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 962 + u32 *preg; 963 + unsigned int i; 964 + 965 + while (!(stm32_hash_read(hdev, HASH_SR) & HASH_SR_DATA_INPUT_READY)) 966 + cpu_relax(); 967 + 968 + rctx->hw_context = kmalloc(sizeof(u32) * (3 + HASH_CSR_REGISTER_NUMBER), 969 + GFP_KERNEL); 970 + 971 + preg = rctx->hw_context; 972 + 973 + *preg++ = stm32_hash_read(hdev, HASH_IMR); 974 + *preg++ = stm32_hash_read(hdev, HASH_STR); 975 + *preg++ = stm32_hash_read(hdev, HASH_CR); 976 + for (i = 0; i < HASH_CSR_REGISTER_NUMBER; i++) 977 + *preg++ = stm32_hash_read(hdev, HASH_CSR(i)); 978 + 979 + memcpy(out, rctx, sizeof(*rctx)); 980 + 981 + return 0; 982 + } 983 + 984 + static int stm32_hash_import(struct ahash_request *req, const void *in) 985 + { 986 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 987 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 988 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 989 + const u32 *preg = in; 990 + u32 reg; 991 + unsigned int i; 992 + 993 + memcpy(rctx, in, sizeof(*rctx)); 994 + 995 + preg = rctx->hw_context; 996 + 997 + stm32_hash_write(hdev, HASH_IMR, *preg++); 998 + stm32_hash_write(hdev, HASH_STR, *preg++); 999 + stm32_hash_write(hdev, HASH_CR, *preg); 1000 + reg = *preg++ | HASH_CR_INIT; 1001 + stm32_hash_write(hdev, HASH_CR, reg); 1002 + 1003 + for (i = 0; i < HASH_CSR_REGISTER_NUMBER; i++) 1004 + stm32_hash_write(hdev, HASH_CSR(i), *preg++); 1005 + 1006 + kfree(rctx->hw_context); 1007 + 1008 + return 0; 1009 + } 1010 + 1011 + static int stm32_hash_setkey(struct crypto_ahash *tfm, 1012 + const u8 *key, unsigned int keylen) 1013 + { 1014 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 1015 + 1016 + if (keylen <= HASH_MAX_KEY_SIZE) { 1017 + memcpy(ctx->key, key, keylen); 1018 + ctx->keylen = keylen; 1019 + } else { 1020 + return -ENOMEM; 1021 + } 1022 + 1023 + return 0; 1024 + } 1025 + 1026 + static int stm32_hash_cra_init_algs(struct crypto_tfm *tfm, 1027 + const char *algs_hmac_name) 1028 + { 1029 + struct stm32_hash_ctx *ctx = crypto_tfm_ctx(tfm); 1030 + 1031 + crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), 1032 + sizeof(struct stm32_hash_request_ctx)); 1033 + 1034 + ctx->keylen = 0; 1035 + 1036 + if (algs_hmac_name) 1037 + ctx->flags |= HASH_FLAGS_HMAC; 1038 + 1039 + return 0; 1040 + } 1041 + 1042 + static int stm32_hash_cra_init(struct crypto_tfm *tfm) 1043 + { 1044 + return stm32_hash_cra_init_algs(tfm, NULL); 1045 + } 1046 + 1047 + static int stm32_hash_cra_md5_init(struct crypto_tfm *tfm) 1048 + { 1049 + return stm32_hash_cra_init_algs(tfm, "md5"); 1050 + } 1051 + 1052 + static int stm32_hash_cra_sha1_init(struct crypto_tfm *tfm) 1053 + { 1054 + return stm32_hash_cra_init_algs(tfm, "sha1"); 1055 + } 1056 + 1057 + static int stm32_hash_cra_sha224_init(struct crypto_tfm *tfm) 1058 + { 1059 + return stm32_hash_cra_init_algs(tfm, "sha224"); 1060 + } 1061 + 1062 + static int stm32_hash_cra_sha256_init(struct crypto_tfm *tfm) 1063 + { 1064 + return stm32_hash_cra_init_algs(tfm, "sha256"); 1065 + } 1066 + 1067 + static irqreturn_t stm32_hash_irq_thread(int irq, void *dev_id) 1068 + { 1069 + struct stm32_hash_dev *hdev = dev_id; 1070 + int err; 1071 + 1072 + if (HASH_FLAGS_CPU & hdev->flags) { 1073 + if (HASH_FLAGS_OUTPUT_READY & hdev->flags) { 1074 + hdev->flags &= ~HASH_FLAGS_OUTPUT_READY; 1075 + goto finish; 1076 + } 1077 + } else if (HASH_FLAGS_DMA_READY & hdev->flags) { 1078 + if (HASH_FLAGS_DMA_ACTIVE & hdev->flags) { 1079 + hdev->flags &= ~HASH_FLAGS_DMA_ACTIVE; 1080 + goto finish; 1081 + } 1082 + } 1083 + 1084 + return IRQ_HANDLED; 1085 + 1086 + finish: 1087 + /*Finish current request */ 1088 + stm32_hash_finish_req(hdev->req, err); 1089 + 1090 + return IRQ_HANDLED; 1091 + } 1092 + 1093 + static irqreturn_t stm32_hash_irq_handler(int irq, void *dev_id) 1094 + { 1095 + struct stm32_hash_dev *hdev = dev_id; 1096 + u32 reg; 1097 + 1098 + reg = stm32_hash_read(hdev, HASH_SR); 1099 + if (reg & HASH_SR_OUTPUT_READY) { 1100 + reg &= ~HASH_SR_OUTPUT_READY; 1101 + stm32_hash_write(hdev, HASH_SR, reg); 1102 + hdev->flags |= HASH_FLAGS_OUTPUT_READY; 1103 + return IRQ_WAKE_THREAD; 1104 + } 1105 + 1106 + return IRQ_NONE; 1107 + } 1108 + 1109 + static struct ahash_alg algs_md5_sha1[] = { 1110 + { 1111 + .init = stm32_hash_init, 1112 + .update = stm32_hash_update, 1113 + .final = stm32_hash_final, 1114 + .finup = stm32_hash_finup, 1115 + .digest = stm32_hash_digest, 1116 + .export = stm32_hash_export, 1117 + .import = stm32_hash_import, 1118 + .halg = { 1119 + .digestsize = MD5_DIGEST_SIZE, 1120 + .statesize = sizeof(struct stm32_hash_request_ctx), 1121 + .base = { 1122 + .cra_name = "md5", 1123 + .cra_driver_name = "stm32-md5", 1124 + .cra_priority = 200, 1125 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1126 + CRYPTO_ALG_ASYNC | 1127 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1128 + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, 1129 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1130 + .cra_alignmask = 3, 1131 + .cra_init = stm32_hash_cra_init, 1132 + .cra_module = THIS_MODULE, 1133 + } 1134 + } 1135 + }, 1136 + { 1137 + .init = stm32_hash_init, 1138 + .update = stm32_hash_update, 1139 + .final = stm32_hash_final, 1140 + .finup = stm32_hash_finup, 1141 + .digest = stm32_hash_digest, 1142 + .export = stm32_hash_export, 1143 + .import = stm32_hash_import, 1144 + .setkey = stm32_hash_setkey, 1145 + .halg = { 1146 + .digestsize = MD5_DIGEST_SIZE, 1147 + .statesize = sizeof(struct stm32_hash_request_ctx), 1148 + .base = { 1149 + .cra_name = "hmac(md5)", 1150 + .cra_driver_name = "stm32-hmac-md5", 1151 + .cra_priority = 200, 1152 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1153 + CRYPTO_ALG_ASYNC | 1154 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1155 + .cra_blocksize = MD5_HMAC_BLOCK_SIZE, 1156 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1157 + .cra_alignmask = 3, 1158 + .cra_init = stm32_hash_cra_md5_init, 1159 + .cra_module = THIS_MODULE, 1160 + } 1161 + } 1162 + }, 1163 + { 1164 + .init = stm32_hash_init, 1165 + .update = stm32_hash_update, 1166 + .final = stm32_hash_final, 1167 + .finup = stm32_hash_finup, 1168 + .digest = stm32_hash_digest, 1169 + .export = stm32_hash_export, 1170 + .import = stm32_hash_import, 1171 + .halg = { 1172 + .digestsize = SHA1_DIGEST_SIZE, 1173 + .statesize = sizeof(struct stm32_hash_request_ctx), 1174 + .base = { 1175 + .cra_name = "sha1", 1176 + .cra_driver_name = "stm32-sha1", 1177 + .cra_priority = 200, 1178 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1179 + CRYPTO_ALG_ASYNC | 1180 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1181 + .cra_blocksize = SHA1_BLOCK_SIZE, 1182 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1183 + .cra_alignmask = 3, 1184 + .cra_init = stm32_hash_cra_init, 1185 + .cra_module = THIS_MODULE, 1186 + } 1187 + } 1188 + }, 1189 + { 1190 + .init = stm32_hash_init, 1191 + .update = stm32_hash_update, 1192 + .final = stm32_hash_final, 1193 + .finup = stm32_hash_finup, 1194 + .digest = stm32_hash_digest, 1195 + .export = stm32_hash_export, 1196 + .import = stm32_hash_import, 1197 + .setkey = stm32_hash_setkey, 1198 + .halg = { 1199 + .digestsize = SHA1_DIGEST_SIZE, 1200 + .statesize = sizeof(struct stm32_hash_request_ctx), 1201 + .base = { 1202 + .cra_name = "hmac(sha1)", 1203 + .cra_driver_name = "stm32-hmac-sha1", 1204 + .cra_priority = 200, 1205 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1206 + CRYPTO_ALG_ASYNC | 1207 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1208 + .cra_blocksize = SHA1_BLOCK_SIZE, 1209 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1210 + .cra_alignmask = 3, 1211 + .cra_init = stm32_hash_cra_sha1_init, 1212 + .cra_module = THIS_MODULE, 1213 + } 1214 + } 1215 + }, 1216 + }; 1217 + 1218 + static struct ahash_alg algs_sha224_sha256[] = { 1219 + { 1220 + .init = stm32_hash_init, 1221 + .update = stm32_hash_update, 1222 + .final = stm32_hash_final, 1223 + .finup = stm32_hash_finup, 1224 + .digest = stm32_hash_digest, 1225 + .export = stm32_hash_export, 1226 + .import = stm32_hash_import, 1227 + .halg = { 1228 + .digestsize = SHA224_DIGEST_SIZE, 1229 + .statesize = sizeof(struct stm32_hash_request_ctx), 1230 + .base = { 1231 + .cra_name = "sha224", 1232 + .cra_driver_name = "stm32-sha224", 1233 + .cra_priority = 200, 1234 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1235 + CRYPTO_ALG_ASYNC | 1236 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1237 + .cra_blocksize = SHA224_BLOCK_SIZE, 1238 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1239 + .cra_alignmask = 3, 1240 + .cra_init = stm32_hash_cra_init, 1241 + .cra_module = THIS_MODULE, 1242 + } 1243 + } 1244 + }, 1245 + { 1246 + .init = stm32_hash_init, 1247 + .update = stm32_hash_update, 1248 + .final = stm32_hash_final, 1249 + .finup = stm32_hash_finup, 1250 + .digest = stm32_hash_digest, 1251 + .setkey = stm32_hash_setkey, 1252 + .export = stm32_hash_export, 1253 + .import = stm32_hash_import, 1254 + .halg = { 1255 + .digestsize = SHA224_DIGEST_SIZE, 1256 + .statesize = sizeof(struct stm32_hash_request_ctx), 1257 + .base = { 1258 + .cra_name = "hmac(sha224)", 1259 + .cra_driver_name = "stm32-hmac-sha224", 1260 + .cra_priority = 200, 1261 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1262 + CRYPTO_ALG_ASYNC | 1263 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1264 + .cra_blocksize = SHA224_BLOCK_SIZE, 1265 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1266 + .cra_alignmask = 3, 1267 + .cra_init = stm32_hash_cra_sha224_init, 1268 + .cra_module = THIS_MODULE, 1269 + } 1270 + } 1271 + }, 1272 + { 1273 + .init = stm32_hash_init, 1274 + .update = stm32_hash_update, 1275 + .final = stm32_hash_final, 1276 + .finup = stm32_hash_finup, 1277 + .digest = stm32_hash_digest, 1278 + .export = stm32_hash_export, 1279 + .import = stm32_hash_import, 1280 + .halg = { 1281 + .digestsize = SHA256_DIGEST_SIZE, 1282 + .statesize = sizeof(struct stm32_hash_request_ctx), 1283 + .base = { 1284 + .cra_name = "sha256", 1285 + .cra_driver_name = "stm32-sha256", 1286 + .cra_priority = 200, 1287 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1288 + CRYPTO_ALG_ASYNC | 1289 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1290 + .cra_blocksize = SHA256_BLOCK_SIZE, 1291 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1292 + .cra_alignmask = 3, 1293 + .cra_init = stm32_hash_cra_init, 1294 + .cra_module = THIS_MODULE, 1295 + } 1296 + } 1297 + }, 1298 + { 1299 + .init = stm32_hash_init, 1300 + .update = stm32_hash_update, 1301 + .final = stm32_hash_final, 1302 + .finup = stm32_hash_finup, 1303 + .digest = stm32_hash_digest, 1304 + .export = stm32_hash_export, 1305 + .import = stm32_hash_import, 1306 + .setkey = stm32_hash_setkey, 1307 + .halg = { 1308 + .digestsize = SHA256_DIGEST_SIZE, 1309 + .statesize = sizeof(struct stm32_hash_request_ctx), 1310 + .base = { 1311 + .cra_name = "hmac(sha256)", 1312 + .cra_driver_name = "stm32-hmac-sha256", 1313 + .cra_priority = 200, 1314 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | 1315 + CRYPTO_ALG_ASYNC | 1316 + CRYPTO_ALG_KERN_DRIVER_ONLY, 1317 + .cra_blocksize = SHA256_BLOCK_SIZE, 1318 + .cra_ctxsize = sizeof(struct stm32_hash_ctx), 1319 + .cra_alignmask = 3, 1320 + .cra_init = stm32_hash_cra_sha256_init, 1321 + .cra_module = THIS_MODULE, 1322 + } 1323 + } 1324 + }, 1325 + }; 1326 + 1327 + static int stm32_hash_register_algs(struct stm32_hash_dev *hdev) 1328 + { 1329 + unsigned int i, j; 1330 + int err; 1331 + 1332 + for (i = 0; i < hdev->pdata->algs_info_size; i++) { 1333 + for (j = 0; j < hdev->pdata->algs_info[i].size; j++) { 1334 + err = crypto_register_ahash( 1335 + &hdev->pdata->algs_info[i].algs_list[j]); 1336 + if (err) 1337 + goto err_algs; 1338 + } 1339 + } 1340 + 1341 + return 0; 1342 + err_algs: 1343 + dev_err(hdev->dev, "Algo %d : %d failed\n", i, j); 1344 + for (; i--; ) { 1345 + for (; j--;) 1346 + crypto_unregister_ahash( 1347 + &hdev->pdata->algs_info[i].algs_list[j]); 1348 + } 1349 + 1350 + return err; 1351 + } 1352 + 1353 + static int stm32_hash_unregister_algs(struct stm32_hash_dev *hdev) 1354 + { 1355 + unsigned int i, j; 1356 + 1357 + for (i = 0; i < hdev->pdata->algs_info_size; i++) { 1358 + for (j = 0; j < hdev->pdata->algs_info[i].size; j++) 1359 + crypto_unregister_ahash( 1360 + &hdev->pdata->algs_info[i].algs_list[j]); 1361 + } 1362 + 1363 + return 0; 1364 + } 1365 + 1366 + static struct stm32_hash_algs_info stm32_hash_algs_info_stm32f4[] = { 1367 + { 1368 + .algs_list = algs_md5_sha1, 1369 + .size = ARRAY_SIZE(algs_md5_sha1), 1370 + }, 1371 + }; 1372 + 1373 + static const struct stm32_hash_pdata stm32_hash_pdata_stm32f4 = { 1374 + .algs_info = stm32_hash_algs_info_stm32f4, 1375 + .algs_info_size = ARRAY_SIZE(stm32_hash_algs_info_stm32f4), 1376 + }; 1377 + 1378 + static struct stm32_hash_algs_info stm32_hash_algs_info_stm32f7[] = { 1379 + { 1380 + .algs_list = algs_md5_sha1, 1381 + .size = ARRAY_SIZE(algs_md5_sha1), 1382 + }, 1383 + { 1384 + .algs_list = algs_sha224_sha256, 1385 + .size = ARRAY_SIZE(algs_sha224_sha256), 1386 + }, 1387 + }; 1388 + 1389 + static const struct stm32_hash_pdata stm32_hash_pdata_stm32f7 = { 1390 + .algs_info = stm32_hash_algs_info_stm32f7, 1391 + .algs_info_size = ARRAY_SIZE(stm32_hash_algs_info_stm32f7), 1392 + }; 1393 + 1394 + static const struct of_device_id stm32_hash_of_match[] = { 1395 + { 1396 + .compatible = "st,stm32f456-hash", 1397 + .data = &stm32_hash_pdata_stm32f4, 1398 + }, 1399 + { 1400 + .compatible = "st,stm32f756-hash", 1401 + .data = &stm32_hash_pdata_stm32f7, 1402 + }, 1403 + {}, 1404 + }; 1405 + 1406 + MODULE_DEVICE_TABLE(of, stm32_hash_of_match); 1407 + 1408 + static int stm32_hash_get_of_match(struct stm32_hash_dev *hdev, 1409 + struct device *dev) 1410 + { 1411 + const struct of_device_id *match; 1412 + int err; 1413 + 1414 + match = of_match_device(stm32_hash_of_match, dev); 1415 + if (!match) { 1416 + dev_err(dev, "no compatible OF match\n"); 1417 + return -EINVAL; 1418 + } 1419 + 1420 + err = of_property_read_u32(dev->of_node, "dma-maxburst", 1421 + &hdev->dma_maxburst); 1422 + 1423 + hdev->pdata = match->data; 1424 + 1425 + return err; 1426 + } 1427 + 1428 + static int stm32_hash_probe(struct platform_device *pdev) 1429 + { 1430 + struct stm32_hash_dev *hdev; 1431 + struct device *dev = &pdev->dev; 1432 + struct resource *res; 1433 + int ret, irq; 1434 + 1435 + hdev = devm_kzalloc(dev, sizeof(*hdev), GFP_KERNEL); 1436 + if (!hdev) 1437 + return -ENOMEM; 1438 + 1439 + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); 1440 + hdev->io_base = devm_ioremap_resource(dev, res); 1441 + if (IS_ERR(hdev->io_base)) 1442 + return PTR_ERR(hdev->io_base); 1443 + 1444 + hdev->phys_base = res->start; 1445 + 1446 + ret = stm32_hash_get_of_match(hdev, dev); 1447 + if (ret) 1448 + return ret; 1449 + 1450 + irq = platform_get_irq(pdev, 0); 1451 + if (irq < 0) { 1452 + dev_err(dev, "Cannot get IRQ resource\n"); 1453 + return irq; 1454 + } 1455 + 1456 + ret = devm_request_threaded_irq(dev, irq, stm32_hash_irq_handler, 1457 + stm32_hash_irq_thread, IRQF_ONESHOT, 1458 + dev_name(dev), hdev); 1459 + if (ret) { 1460 + dev_err(dev, "Cannot grab IRQ\n"); 1461 + return ret; 1462 + } 1463 + 1464 + hdev->clk = devm_clk_get(&pdev->dev, NULL); 1465 + if (IS_ERR(hdev->clk)) { 1466 + dev_err(dev, "failed to get clock for hash (%lu)\n", 1467 + PTR_ERR(hdev->clk)); 1468 + return PTR_ERR(hdev->clk); 1469 + } 1470 + 1471 + ret = clk_prepare_enable(hdev->clk); 1472 + if (ret) { 1473 + dev_err(dev, "failed to enable hash clock (%d)\n", ret); 1474 + return ret; 1475 + } 1476 + 1477 + hdev->rst = devm_reset_control_get(&pdev->dev, NULL); 1478 + if (!IS_ERR(hdev->rst)) { 1479 + reset_control_assert(hdev->rst); 1480 + udelay(2); 1481 + reset_control_deassert(hdev->rst); 1482 + } 1483 + 1484 + hdev->dev = dev; 1485 + 1486 + platform_set_drvdata(pdev, hdev); 1487 + 1488 + ret = stm32_hash_dma_init(hdev); 1489 + if (ret) 1490 + dev_dbg(dev, "DMA mode not available\n"); 1491 + 1492 + spin_lock(&stm32_hash.lock); 1493 + list_add_tail(&hdev->list, &stm32_hash.dev_list); 1494 + spin_unlock(&stm32_hash.lock); 1495 + 1496 + /* Initialize crypto engine */ 1497 + hdev->engine = crypto_engine_alloc_init(dev, 1); 1498 + if (!hdev->engine) { 1499 + ret = -ENOMEM; 1500 + goto err_engine; 1501 + } 1502 + 1503 + hdev->engine->prepare_hash_request = stm32_hash_prepare_req; 1504 + hdev->engine->hash_one_request = stm32_hash_one_request; 1505 + 1506 + ret = crypto_engine_start(hdev->engine); 1507 + if (ret) 1508 + goto err_engine_start; 1509 + 1510 + hdev->dma_mode = stm32_hash_read(hdev, HASH_HWCFGR); 1511 + 1512 + /* Register algos */ 1513 + ret = stm32_hash_register_algs(hdev); 1514 + if (ret) 1515 + goto err_algs; 1516 + 1517 + dev_info(dev, "Init HASH done HW ver %x DMA mode %u\n", 1518 + stm32_hash_read(hdev, HASH_VER), hdev->dma_mode); 1519 + 1520 + return 0; 1521 + 1522 + err_algs: 1523 + err_engine_start: 1524 + crypto_engine_exit(hdev->engine); 1525 + err_engine: 1526 + spin_lock(&stm32_hash.lock); 1527 + list_del(&hdev->list); 1528 + spin_unlock(&stm32_hash.lock); 1529 + 1530 + if (hdev->dma_lch) 1531 + dma_release_channel(hdev->dma_lch); 1532 + 1533 + clk_disable_unprepare(hdev->clk); 1534 + 1535 + return ret; 1536 + } 1537 + 1538 + static int stm32_hash_remove(struct platform_device *pdev) 1539 + { 1540 + static struct stm32_hash_dev *hdev; 1541 + 1542 + hdev = platform_get_drvdata(pdev); 1543 + if (!hdev) 1544 + return -ENODEV; 1545 + 1546 + stm32_hash_unregister_algs(hdev); 1547 + 1548 + crypto_engine_exit(hdev->engine); 1549 + 1550 + spin_lock(&stm32_hash.lock); 1551 + list_del(&hdev->list); 1552 + spin_unlock(&stm32_hash.lock); 1553 + 1554 + if (hdev->dma_lch) 1555 + dma_release_channel(hdev->dma_lch); 1556 + 1557 + clk_disable_unprepare(hdev->clk); 1558 + 1559 + return 0; 1560 + } 1561 + 1562 + static struct platform_driver stm32_hash_driver = { 1563 + .probe = stm32_hash_probe, 1564 + .remove = stm32_hash_remove, 1565 + .driver = { 1566 + .name = "stm32-hash", 1567 + .of_match_table = stm32_hash_of_match, 1568 + } 1569 + }; 1570 + 1571 + module_platform_driver(stm32_hash_driver); 1572 + 1573 + MODULE_DESCRIPTION("STM32 SHA1/224/256 & MD5 (HMAC) hw accelerator driver"); 1574 + MODULE_AUTHOR("Lionel Debieve <lionel.debieve@st.com>"); 1575 + MODULE_LICENSE("GPL v2");

+9 -8

drivers/crypto/stm32/stm32_crc32.c

··· 107 107 spin_unlock_bh(&crc_list.lock); 108 108 109 109 /* Reset, set key, poly and configure in bit reverse mode */ 110 - writel(bitrev32(mctx->key), ctx->crc->regs + CRC_INIT); 111 - writel(bitrev32(mctx->poly), ctx->crc->regs + CRC_POL); 112 - writel(CRC_CR_RESET | CRC_CR_REVERSE, ctx->crc->regs + CRC_CR); 110 + writel_relaxed(bitrev32(mctx->key), ctx->crc->regs + CRC_INIT); 111 + writel_relaxed(bitrev32(mctx->poly), ctx->crc->regs + CRC_POL); 112 + writel_relaxed(CRC_CR_RESET | CRC_CR_REVERSE, ctx->crc->regs + CRC_CR); 113 113 114 114 /* Store partial result */ 115 - ctx->partial = readl(ctx->crc->regs + CRC_DR); 115 + ctx->partial = readl_relaxed(ctx->crc->regs + CRC_DR); 116 116 ctx->crc->nb_pending_bytes = 0; 117 117 118 118 return 0; ··· 135 135 136 136 if (crc->nb_pending_bytes == sizeof(u32)) { 137 137 /* Process completed pending data */ 138 - writel(*(u32 *)crc->pending_data, crc->regs + CRC_DR); 138 + writel_relaxed(*(u32 *)crc->pending_data, 139 + crc->regs + CRC_DR); 139 140 crc->nb_pending_bytes = 0; 140 141 } 141 142 } ··· 144 143 d32 = (u32 *)d8; 145 144 for (i = 0; i < length >> 2; i++) 146 145 /* Process 32 bits data */ 147 - writel(*(d32++), crc->regs + CRC_DR); 146 + writel_relaxed(*(d32++), crc->regs + CRC_DR); 148 147 149 148 /* Store partial result */ 150 - ctx->partial = readl(crc->regs + CRC_DR); 149 + ctx->partial = readl_relaxed(crc->regs + CRC_DR); 151 150 152 151 /* Check for pending data (non 32 bits) */ 153 152 length &= 3; ··· 296 295 list_del(&crc->list); 297 296 spin_unlock(&crc_list.lock); 298 297 299 - crypto_unregister_shash(algs); 298 + crypto_unregister_shashes(algs, ARRAY_SIZE(algs)); 300 299 301 300 clk_disable_unprepare(crc->clk); 302 301

+1

drivers/crypto/sunxi-ss/Makefile

··· 1 1 obj-$(CONFIG_CRYPTO_DEV_SUN4I_SS) += sun4i-ss.o 2 2 sun4i-ss-y += sun4i-ss-core.o sun4i-ss-hash.o sun4i-ss-cipher.o 3 + sun4i-ss-$(CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG) += sun4i-ss-prng.o

+30

drivers/crypto/sunxi-ss/sun4i-ss-core.c

··· 213 213 } 214 214 } 215 215 }, 216 + #ifdef CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG 217 + { 218 + .type = CRYPTO_ALG_TYPE_RNG, 219 + .alg.rng = { 220 + .base = { 221 + .cra_name = "stdrng", 222 + .cra_driver_name = "sun4i_ss_rng", 223 + .cra_priority = 300, 224 + .cra_ctxsize = 0, 225 + .cra_module = THIS_MODULE, 226 + }, 227 + .generate = sun4i_ss_prng_generate, 228 + .seed = sun4i_ss_prng_seed, 229 + .seedsize = SS_SEED_LEN / BITS_PER_BYTE, 230 + } 231 + }, 232 + #endif 216 233 }; 217 234 218 235 static int sun4i_ss_probe(struct platform_device *pdev) ··· 372 355 goto error_alg; 373 356 } 374 357 break; 358 + case CRYPTO_ALG_TYPE_RNG: 359 + err = crypto_register_rng(&ss_algs[i].alg.rng); 360 + if (err) { 361 + dev_err(ss->dev, "Fail to register %s\n", 362 + ss_algs[i].alg.rng.base.cra_name); 363 + } 364 + break; 375 365 } 376 366 } 377 367 platform_set_drvdata(pdev, ss); ··· 392 368 break; 393 369 case CRYPTO_ALG_TYPE_AHASH: 394 370 crypto_unregister_ahash(&ss_algs[i].alg.hash); 371 + break; 372 + case CRYPTO_ALG_TYPE_RNG: 373 + crypto_unregister_rng(&ss_algs[i].alg.rng); 395 374 break; 396 375 } 397 376 } ··· 419 392 break; 420 393 case CRYPTO_ALG_TYPE_AHASH: 421 394 crypto_unregister_ahash(&ss_algs[i].alg.hash); 395 + break; 396 + case CRYPTO_ALG_TYPE_RNG: 397 + crypto_unregister_rng(&ss_algs[i].alg.rng); 422 398 break; 423 399 } 424 400 }

+56

drivers/crypto/sunxi-ss/sun4i-ss-prng.c

··· 1 + #include "sun4i-ss.h" 2 + 3 + int sun4i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed, 4 + unsigned int slen) 5 + { 6 + struct sun4i_ss_alg_template *algt; 7 + struct rng_alg *alg = crypto_rng_alg(tfm); 8 + 9 + algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng); 10 + memcpy(algt->ss->seed, seed, slen); 11 + 12 + return 0; 13 + } 14 + 15 + int sun4i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src, 16 + unsigned int slen, u8 *dst, unsigned int dlen) 17 + { 18 + struct sun4i_ss_alg_template *algt; 19 + struct rng_alg *alg = crypto_rng_alg(tfm); 20 + int i; 21 + u32 v; 22 + u32 *data = (u32 *)dst; 23 + const u32 mode = SS_OP_PRNG | SS_PRNG_CONTINUE | SS_ENABLED; 24 + size_t len; 25 + struct sun4i_ss_ctx *ss; 26 + unsigned int todo = (dlen / 4) * 4; 27 + 28 + algt = container_of(alg, struct sun4i_ss_alg_template, alg.rng); 29 + ss = algt->ss; 30 + 31 + spin_lock(&ss->slock); 32 + 33 + writel(mode, ss->base + SS_CTL); 34 + 35 + while (todo > 0) { 36 + /* write the seed */ 37 + for (i = 0; i < SS_SEED_LEN / BITS_PER_LONG; i++) 38 + writel(ss->seed[i], ss->base + SS_KEY0 + i * 4); 39 + 40 + /* Read the random data */ 41 + len = min_t(size_t, SS_DATA_LEN / BITS_PER_BYTE, todo); 42 + readsl(ss->base + SS_TXFIFO, data, len / 4); 43 + data += len / 4; 44 + todo -= len; 45 + 46 + /* Update the seed */ 47 + for (i = 0; i < SS_SEED_LEN / BITS_PER_LONG; i++) { 48 + v = readl(ss->base + SS_KEY0 + i * 4); 49 + ss->seed[i] = v; 50 + } 51 + } 52 + 53 + writel(0, ss->base + SS_CTL); 54 + spin_unlock(&ss->slock); 55 + return dlen; 56 + }

+11

drivers/crypto/sunxi-ss/sun4i-ss.h

··· 32 32 #include <crypto/aes.h> 33 33 #include <crypto/des.h> 34 34 #include <crypto/internal/rng.h> 35 + #include <crypto/rng.h> 35 36 36 37 #define SS_CTL 0x00 37 38 #define SS_KEY0 0x04 ··· 128 127 #define SS_RXFIFO_EMP_INT_ENABLE (1 << 2) 129 128 #define SS_TXFIFO_AVA_INT_ENABLE (1 << 0) 130 129 130 + #define SS_SEED_LEN 192 131 + #define SS_DATA_LEN 160 132 + 131 133 struct sun4i_ss_ctx { 132 134 void __iomem *base; 133 135 int irq; ··· 140 136 struct device *dev; 141 137 struct resource *res; 142 138 spinlock_t slock; /* control the use of the device */ 139 + #ifdef CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG 140 + u32 seed[SS_SEED_LEN / BITS_PER_LONG]; 141 + #endif 143 142 }; 144 143 145 144 struct sun4i_ss_alg_template { ··· 151 144 union { 152 145 struct skcipher_alg crypto; 153 146 struct ahash_alg hash; 147 + struct rng_alg rng; 154 148 } alg; 155 149 struct sun4i_ss_ctx *ss; 156 150 }; ··· 209 201 unsigned int keylen); 210 202 int sun4i_ss_des3_setkey(struct crypto_skcipher *tfm, const u8 *key, 211 203 unsigned int keylen); 204 + int sun4i_ss_prng_generate(struct crypto_rng *tfm, const u8 *src, 205 + unsigned int slen, u8 *dst, unsigned int dlen); 206 + int sun4i_ss_prng_seed(struct crypto_rng *tfm, const u8 *seed, unsigned int slen);

+87 -22

drivers/crypto/virtio/virtio_crypto_algs.c

··· 27 27 #include <uapi/linux/virtio_crypto.h> 28 28 #include "virtio_crypto_common.h" 29 29 30 + 31 + struct virtio_crypto_ablkcipher_ctx { 32 + struct virtio_crypto *vcrypto; 33 + struct crypto_tfm *tfm; 34 + 35 + struct virtio_crypto_sym_session_info enc_sess_info; 36 + struct virtio_crypto_sym_session_info dec_sess_info; 37 + }; 38 + 39 + struct virtio_crypto_sym_request { 40 + struct virtio_crypto_request base; 41 + 42 + /* Cipher or aead */ 43 + uint32_t type; 44 + struct virtio_crypto_ablkcipher_ctx *ablkcipher_ctx; 45 + struct ablkcipher_request *ablkcipher_req; 46 + uint8_t *iv; 47 + /* Encryption? */ 48 + bool encrypt; 49 + }; 50 + 30 51 /* 31 52 * The algs_lock protects the below global virtio_crypto_active_devs 32 53 * and crypto algorithms registion. 33 54 */ 34 55 static DEFINE_MUTEX(algs_lock); 35 56 static unsigned int virtio_crypto_active_devs; 57 + static void virtio_crypto_ablkcipher_finalize_req( 58 + struct virtio_crypto_sym_request *vc_sym_req, 59 + struct ablkcipher_request *req, 60 + int err); 61 + 62 + static void virtio_crypto_dataq_sym_callback 63 + (struct virtio_crypto_request *vc_req, int len) 64 + { 65 + struct virtio_crypto_sym_request *vc_sym_req = 66 + container_of(vc_req, struct virtio_crypto_sym_request, base); 67 + struct ablkcipher_request *ablk_req; 68 + int error; 69 + 70 + /* Finish the encrypt or decrypt process */ 71 + if (vc_sym_req->type == VIRTIO_CRYPTO_SYM_OP_CIPHER) { 72 + switch (vc_req->status) { 73 + case VIRTIO_CRYPTO_OK: 74 + error = 0; 75 + break; 76 + case VIRTIO_CRYPTO_INVSESS: 77 + case VIRTIO_CRYPTO_ERR: 78 + error = -EINVAL; 79 + break; 80 + case VIRTIO_CRYPTO_BADMSG: 81 + error = -EBADMSG; 82 + break; 83 + default: 84 + error = -EIO; 85 + break; 86 + } 87 + ablk_req = vc_sym_req->ablkcipher_req; 88 + virtio_crypto_ablkcipher_finalize_req(vc_sym_req, 89 + ablk_req, error); 90 + } 91 + } 36 92 37 93 static u64 virtio_crypto_alg_sg_nents_length(struct scatterlist *sg) 38 94 { ··· 342 286 } 343 287 344 288 static int 345 - __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_request *vc_req, 289 + __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req, 346 290 struct ablkcipher_request *req, 347 291 struct data_queue *data_vq) 348 292 { 349 293 struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); 294 + struct virtio_crypto_ablkcipher_ctx *ctx = vc_sym_req->ablkcipher_ctx; 295 + struct virtio_crypto_request *vc_req = &vc_sym_req->base; 350 296 unsigned int ivsize = crypto_ablkcipher_ivsize(tfm); 351 - struct virtio_crypto_ablkcipher_ctx *ctx = vc_req->ablkcipher_ctx; 352 297 struct virtio_crypto *vcrypto = ctx->vcrypto; 353 298 struct virtio_crypto_op_data_req *req_data; 354 299 int src_nents, dst_nents; ··· 383 326 } 384 327 385 328 vc_req->req_data = req_data; 386 - vc_req->type = VIRTIO_CRYPTO_SYM_OP_CIPHER; 329 + vc_sym_req->type = VIRTIO_CRYPTO_SYM_OP_CIPHER; 387 330 /* Head of operation */ 388 - if (vc_req->encrypt) { 331 + if (vc_sym_req->encrypt) { 389 332 req_data->header.session_id = 390 333 cpu_to_le64(ctx->enc_sess_info.session_id); 391 334 req_data->header.opcode = ··· 440 383 memcpy(iv, req->info, ivsize); 441 384 sg_init_one(&iv_sg, iv, ivsize); 442 385 sgs[num_out++] = &iv_sg; 443 - vc_req->iv = iv; 386 + vc_sym_req->iv = iv; 444 387 445 388 /* Source data */ 446 389 for (i = 0; i < src_nents; i++) ··· 478 421 { 479 422 struct crypto_ablkcipher *atfm = crypto_ablkcipher_reqtfm(req); 480 423 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(atfm); 481 - struct virtio_crypto_request *vc_req = ablkcipher_request_ctx(req); 424 + struct virtio_crypto_sym_request *vc_sym_req = 425 + ablkcipher_request_ctx(req); 426 + struct virtio_crypto_request *vc_req = &vc_sym_req->base; 482 427 struct virtio_crypto *vcrypto = ctx->vcrypto; 483 428 /* Use the first data virtqueue as default */ 484 429 struct data_queue *data_vq = &vcrypto->data_vq[0]; 485 430 486 - vc_req->ablkcipher_ctx = ctx; 487 - vc_req->ablkcipher_req = req; 488 - vc_req->encrypt = true; 489 431 vc_req->dataq = data_vq; 432 + vc_req->alg_cb = virtio_crypto_dataq_sym_callback; 433 + vc_sym_req->ablkcipher_ctx = ctx; 434 + vc_sym_req->ablkcipher_req = req; 435 + vc_sym_req->encrypt = true; 490 436 491 437 return crypto_transfer_cipher_request_to_engine(data_vq->engine, req); 492 438 } ··· 498 438 { 499 439 struct crypto_ablkcipher *atfm = crypto_ablkcipher_reqtfm(req); 500 440 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_ablkcipher_ctx(atfm); 501 - struct virtio_crypto_request *vc_req = ablkcipher_request_ctx(req); 441 + struct virtio_crypto_sym_request *vc_sym_req = 442 + ablkcipher_request_ctx(req); 443 + struct virtio_crypto_request *vc_req = &vc_sym_req->base; 502 444 struct virtio_crypto *vcrypto = ctx->vcrypto; 503 445 /* Use the first data virtqueue as default */ 504 446 struct data_queue *data_vq = &vcrypto->data_vq[0]; 505 447 506 - vc_req->ablkcipher_ctx = ctx; 507 - vc_req->ablkcipher_req = req; 508 - 509 - vc_req->encrypt = false; 510 448 vc_req->dataq = data_vq; 449 + vc_req->alg_cb = virtio_crypto_dataq_sym_callback; 450 + vc_sym_req->ablkcipher_ctx = ctx; 451 + vc_sym_req->ablkcipher_req = req; 452 + vc_sym_req->encrypt = false; 511 453 512 454 return crypto_transfer_cipher_request_to_engine(data_vq->engine, req); 513 455 } ··· 518 456 { 519 457 struct virtio_crypto_ablkcipher_ctx *ctx = crypto_tfm_ctx(tfm); 520 458 521 - tfm->crt_ablkcipher.reqsize = sizeof(struct virtio_crypto_request); 459 + tfm->crt_ablkcipher.reqsize = sizeof(struct virtio_crypto_sym_request); 522 460 ctx->tfm = tfm; 523 461 524 462 return 0; ··· 541 479 struct crypto_engine *engine, 542 480 struct ablkcipher_request *req) 543 481 { 544 - struct virtio_crypto_request *vc_req = ablkcipher_request_ctx(req); 482 + struct virtio_crypto_sym_request *vc_sym_req = 483 + ablkcipher_request_ctx(req); 484 + struct virtio_crypto_request *vc_req = &vc_sym_req->base; 545 485 struct data_queue *data_vq = vc_req->dataq; 546 486 int ret; 547 487 548 - ret = __virtio_crypto_ablkcipher_do_req(vc_req, req, data_vq); 488 + ret = __virtio_crypto_ablkcipher_do_req(vc_sym_req, req, data_vq); 549 489 if (ret < 0) 550 490 return ret; 551 491 ··· 556 492 return 0; 557 493 } 558 494 559 - void virtio_crypto_ablkcipher_finalize_req( 560 - struct virtio_crypto_request *vc_req, 495 + static void virtio_crypto_ablkcipher_finalize_req( 496 + struct virtio_crypto_sym_request *vc_sym_req, 561 497 struct ablkcipher_request *req, 562 498 int err) 563 499 { 564 - crypto_finalize_cipher_request(vc_req->dataq->engine, req, err); 565 - 566 - virtcrypto_clear_request(vc_req); 500 + crypto_finalize_cipher_request(vc_sym_req->base.dataq->engine, 501 + req, err); 502 + kzfree(vc_sym_req->iv); 503 + virtcrypto_clear_request(&vc_sym_req->base); 567 504 } 568 505 569 506 static struct crypto_alg virtio_crypto_algs[] = { {

+4 -18

drivers/crypto/virtio/virtio_crypto_common.h

··· 83 83 __u64 session_id; 84 84 }; 85 85 86 - struct virtio_crypto_ablkcipher_ctx { 87 - struct virtio_crypto *vcrypto; 88 - struct crypto_tfm *tfm; 89 - 90 - struct virtio_crypto_sym_session_info enc_sess_info; 91 - struct virtio_crypto_sym_session_info dec_sess_info; 92 - }; 86 + struct virtio_crypto_request; 87 + typedef void (*virtio_crypto_data_callback) 88 + (struct virtio_crypto_request *vc_req, int len); 93 89 94 90 struct virtio_crypto_request { 95 - /* Cipher or aead */ 96 - uint32_t type; 97 91 uint8_t status; 98 - struct virtio_crypto_ablkcipher_ctx *ablkcipher_ctx; 99 - struct ablkcipher_request *ablkcipher_req; 100 92 struct virtio_crypto_op_data_req *req_data; 101 93 struct scatterlist **sgs; 102 - uint8_t *iv; 103 - /* Encryption? */ 104 - bool encrypt; 105 94 struct data_queue *dataq; 95 + virtio_crypto_data_callback alg_cb; 106 96 }; 107 97 108 98 int virtcrypto_devmgr_add_dev(struct virtio_crypto *vcrypto_dev); ··· 109 119 int virtio_crypto_ablkcipher_crypt_req( 110 120 struct crypto_engine *engine, 111 121 struct ablkcipher_request *req); 112 - void virtio_crypto_ablkcipher_finalize_req( 113 - struct virtio_crypto_request *vc_req, 114 - struct ablkcipher_request *req, 115 - int err); 116 122 117 123 void 118 124 virtcrypto_clear_request(struct virtio_crypto_request *vc_req);

+7 -30

drivers/crypto/virtio/virtio_crypto_core.c

··· 29 29 virtcrypto_clear_request(struct virtio_crypto_request *vc_req) 30 30 { 31 31 if (vc_req) { 32 - kzfree(vc_req->iv); 33 32 kzfree(vc_req->req_data); 34 33 kfree(vc_req->sgs); 35 34 } ··· 40 41 struct virtio_crypto_request *vc_req; 41 42 unsigned long flags; 42 43 unsigned int len; 43 - struct ablkcipher_request *ablk_req; 44 - int error; 45 44 unsigned int qid = vq->index; 46 45 47 46 spin_lock_irqsave(&vcrypto->data_vq[qid].lock, flags); 48 47 do { 49 48 virtqueue_disable_cb(vq); 50 49 while ((vc_req = virtqueue_get_buf(vq, &len)) != NULL) { 51 - if (vc_req->type == VIRTIO_CRYPTO_SYM_OP_CIPHER) { 52 - switch (vc_req->status) { 53 - case VIRTIO_CRYPTO_OK: 54 - error = 0; 55 - break; 56 - case VIRTIO_CRYPTO_INVSESS: 57 - case VIRTIO_CRYPTO_ERR: 58 - error = -EINVAL; 59 - break; 60 - case VIRTIO_CRYPTO_BADMSG: 61 - error = -EBADMSG; 62 - break; 63 - default: 64 - error = -EIO; 65 - break; 66 - } 67 - ablk_req = vc_req->ablkcipher_req; 68 - 69 - spin_unlock_irqrestore( 70 - &vcrypto->data_vq[qid].lock, flags); 71 - /* Finish the encrypt or decrypt process */ 72 - virtio_crypto_ablkcipher_finalize_req(vc_req, 73 - ablk_req, error); 74 - spin_lock_irqsave( 75 - &vcrypto->data_vq[qid].lock, flags); 76 - } 50 + spin_unlock_irqrestore( 51 + &vcrypto->data_vq[qid].lock, flags); 52 + if (vc_req->alg_cb) 53 + vc_req->alg_cb(vc_req, len); 54 + spin_lock_irqsave( 55 + &vcrypto->data_vq[qid].lock, flags); 77 56 } 78 57 } while (!virtqueue_enable_cb(vq)); 79 58 spin_unlock_irqrestore(&vcrypto->data_vq[qid].lock, flags); ··· 247 270 248 271 return -EPERM; 249 272 } 250 - dev_info(&vcrypto->vdev->dev, "Accelerator is ready\n"); 273 + dev_info(&vcrypto->vdev->dev, "Accelerator device is ready\n"); 251 274 } else { 252 275 virtcrypto_dev_stop(vcrypto); 253 276 dev_info(&vcrypto->vdev->dev, "Accelerator is not ready\n");

+1 -2

drivers/crypto/vmx/aes_ctr.c

··· 104 104 pagefault_enable(); 105 105 preempt_enable(); 106 106 107 - crypto_xor(keystream, src, nbytes); 108 - memcpy(dst, keystream, nbytes); 107 + crypto_xor_cpy(dst, keystream, src, nbytes); 109 108 crypto_inc(ctrblk, AES_BLOCK_SIZE); 110 109 } 111 110

+5 -6

drivers/md/dm-crypt.c

··· 758 758 int i, r; 759 759 760 760 /* xor whitening with sector number */ 761 - memcpy(buf, tcw->whitening, TCW_WHITENING_SIZE); 762 - crypto_xor(buf, (u8 *)&sector, 8); 763 - crypto_xor(&buf[8], (u8 *)&sector, 8); 761 + crypto_xor_cpy(buf, tcw->whitening, (u8 *)&sector, 8); 762 + crypto_xor_cpy(&buf[8], tcw->whitening + 8, (u8 *)&sector, 8); 764 763 765 764 /* calculate crc32 for every 32bit part and xor it */ 766 765 desc->tfm = tcw->crc32_tfm; ··· 804 805 } 805 806 806 807 /* Calculate IV */ 807 - memcpy(iv, tcw->iv_seed, cc->iv_size); 808 - crypto_xor(iv, (u8 *)&sector, 8); 808 + crypto_xor_cpy(iv, tcw->iv_seed, (u8 *)&sector, 8); 809 809 if (cc->iv_size > 8) 810 - crypto_xor(&iv[8], (u8 *)&sector, cc->iv_size - 8); 810 + crypto_xor_cpy(&iv[8], tcw->iv_seed + 8, (u8 *)&sector, 811 + cc->iv_size - 8); 811 812 812 813 return r; 813 814 }

+21 -2

include/crypto/algapi.h

··· 192 192 } 193 193 194 194 void crypto_inc(u8 *a, unsigned int size); 195 - void __crypto_xor(u8 *dst, const u8 *src, unsigned int size); 195 + void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int size); 196 196 197 197 static inline void crypto_xor(u8 *dst, const u8 *src, unsigned int size) 198 198 { ··· 207 207 size -= sizeof(unsigned long); 208 208 } 209 209 } else { 210 - __crypto_xor(dst, src, size); 210 + __crypto_xor(dst, dst, src, size); 211 + } 212 + } 213 + 214 + static inline void crypto_xor_cpy(u8 *dst, const u8 *src1, const u8 *src2, 215 + unsigned int size) 216 + { 217 + if (IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && 218 + __builtin_constant_p(size) && 219 + (size % sizeof(unsigned long)) == 0) { 220 + unsigned long *d = (unsigned long *)dst; 221 + unsigned long *s1 = (unsigned long *)src1; 222 + unsigned long *s2 = (unsigned long *)src2; 223 + 224 + while (size > 0) { 225 + *d++ = *s1++ ^ *s2++; 226 + size -= sizeof(unsigned long); 227 + } 228 + } else { 229 + __crypto_xor(dst, src1, src2, size); 211 230 } 212 231 } 213 232

+170

include/crypto/if_alg.h

··· 20 20 #include <linux/types.h> 21 21 #include <net/sock.h> 22 22 23 + #include <crypto/aead.h> 24 + #include <crypto/skcipher.h> 25 + 23 26 #define ALG_MAX_PAGES 16 24 27 25 28 struct crypto_async_request; ··· 71 68 unsigned int npages; 72 69 }; 73 70 71 + /* TX SGL entry */ 72 + struct af_alg_tsgl { 73 + struct list_head list; 74 + unsigned int cur; /* Last processed SG entry */ 75 + struct scatterlist sg[0]; /* Array of SGs forming the SGL */ 76 + }; 77 + 78 + #define MAX_SGL_ENTS ((4096 - sizeof(struct af_alg_tsgl)) / \ 79 + sizeof(struct scatterlist) - 1) 80 + 81 + /* RX SGL entry */ 82 + struct af_alg_rsgl { 83 + struct af_alg_sgl sgl; 84 + struct list_head list; 85 + size_t sg_num_bytes; /* Bytes of data in that SGL */ 86 + }; 87 + 88 + /** 89 + * struct af_alg_async_req - definition of crypto request 90 + * @iocb: IOCB for AIO operations 91 + * @sk: Socket the request is associated with 92 + * @first_rsgl: First RX SG 93 + * @last_rsgl: Pointer to last RX SG 94 + * @rsgl_list: Track RX SGs 95 + * @tsgl: Private, per request TX SGL of buffers to process 96 + * @tsgl_entries: Number of entries in priv. TX SGL 97 + * @outlen: Number of output bytes generated by crypto op 98 + * @areqlen: Length of this data structure 99 + * @cra_u: Cipher request 100 + */ 101 + struct af_alg_async_req { 102 + struct kiocb *iocb; 103 + struct sock *sk; 104 + 105 + struct af_alg_rsgl first_rsgl; 106 + struct af_alg_rsgl *last_rsgl; 107 + struct list_head rsgl_list; 108 + 109 + struct scatterlist *tsgl; 110 + unsigned int tsgl_entries; 111 + 112 + unsigned int outlen; 113 + unsigned int areqlen; 114 + 115 + union { 116 + struct aead_request aead_req; 117 + struct skcipher_request skcipher_req; 118 + } cra_u; 119 + 120 + /* req ctx trails this struct */ 121 + }; 122 + 123 + /** 124 + * struct af_alg_ctx - definition of the crypto context 125 + * 126 + * The crypto context tracks the input data during the lifetime of an AF_ALG 127 + * socket. 128 + * 129 + * @tsgl_list: Link to TX SGL 130 + * @iv: IV for cipher operation 131 + * @aead_assoclen: Length of AAD for AEAD cipher operations 132 + * @completion: Work queue for synchronous operation 133 + * @used: TX bytes sent to kernel. This variable is used to 134 + * ensure that user space cannot cause the kernel 135 + * to allocate too much memory in sendmsg operation. 136 + * @rcvused: Total RX bytes to be filled by kernel. This variable 137 + * is used to ensure user space cannot cause the kernel 138 + * to allocate too much memory in a recvmsg operation. 139 + * @more: More data to be expected from user space? 140 + * @merge: Shall new data from user space be merged into existing 141 + * SG? 142 + * @enc: Cryptographic operation to be performed when 143 + * recvmsg is invoked. 144 + * @len: Length of memory allocated for this data structure. 145 + */ 146 + struct af_alg_ctx { 147 + struct list_head tsgl_list; 148 + 149 + void *iv; 150 + size_t aead_assoclen; 151 + 152 + struct af_alg_completion completion; 153 + 154 + size_t used; 155 + size_t rcvused; 156 + 157 + bool more; 158 + bool merge; 159 + bool enc; 160 + 161 + unsigned int len; 162 + }; 163 + 74 164 int af_alg_register_type(const struct af_alg_type *type); 75 165 int af_alg_unregister_type(const struct af_alg_type *type); 76 166 ··· 189 93 { 190 94 init_completion(&completion->completion); 191 95 } 96 + 97 + /** 98 + * Size of available buffer for sending data from user space to kernel. 99 + * 100 + * @sk socket of connection to user space 101 + * @return number of bytes still available 102 + */ 103 + static inline int af_alg_sndbuf(struct sock *sk) 104 + { 105 + struct alg_sock *ask = alg_sk(sk); 106 + struct af_alg_ctx *ctx = ask->private; 107 + 108 + return max_t(int, max_t(int, sk->sk_sndbuf & PAGE_MASK, PAGE_SIZE) - 109 + ctx->used, 0); 110 + } 111 + 112 + /** 113 + * Can the send buffer still be written to? 114 + * 115 + * @sk socket of connection to user space 116 + * @return true => writable, false => not writable 117 + */ 118 + static inline bool af_alg_writable(struct sock *sk) 119 + { 120 + return PAGE_SIZE <= af_alg_sndbuf(sk); 121 + } 122 + 123 + /** 124 + * Size of available buffer used by kernel for the RX user space operation. 125 + * 126 + * @sk socket of connection to user space 127 + * @return number of bytes still available 128 + */ 129 + static inline int af_alg_rcvbuf(struct sock *sk) 130 + { 131 + struct alg_sock *ask = alg_sk(sk); 132 + struct af_alg_ctx *ctx = ask->private; 133 + 134 + return max_t(int, max_t(int, sk->sk_rcvbuf & PAGE_MASK, PAGE_SIZE) - 135 + ctx->rcvused, 0); 136 + } 137 + 138 + /** 139 + * Can the RX buffer still be written to? 140 + * 141 + * @sk socket of connection to user space 142 + * @return true => writable, false => not writable 143 + */ 144 + static inline bool af_alg_readable(struct sock *sk) 145 + { 146 + return PAGE_SIZE <= af_alg_rcvbuf(sk); 147 + } 148 + 149 + int af_alg_alloc_tsgl(struct sock *sk); 150 + unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset); 151 + void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, 152 + size_t dst_offset); 153 + void af_alg_free_areq_sgls(struct af_alg_async_req *areq); 154 + int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags); 155 + void af_alg_wmem_wakeup(struct sock *sk); 156 + int af_alg_wait_for_data(struct sock *sk, unsigned flags); 157 + void af_alg_data_wakeup(struct sock *sk); 158 + int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, 159 + unsigned int ivsize); 160 + ssize_t af_alg_sendpage(struct socket *sock, struct page *page, 161 + int offset, size_t size, int flags); 162 + void af_alg_async_cb(struct crypto_async_request *_req, int err); 163 + unsigned int af_alg_poll(struct file *file, struct socket *sock, 164 + poll_table *wait); 165 + struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, 166 + unsigned int areqlen); 167 + int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, 168 + struct af_alg_async_req *areq, size_t maxsize, 169 + size_t *outlen); 192 170 193 171 #endif /* _CRYPTO_IF_ALG_H */

+6

include/crypto/internal/akcipher.h

··· 38 38 return req->__ctx; 39 39 } 40 40 41 + static inline void akcipher_set_reqsize(struct crypto_akcipher *akcipher, 42 + unsigned int reqsize) 43 + { 44 + crypto_akcipher_alg(akcipher)->reqsize = reqsize; 45 + } 46 + 41 47 static inline void *akcipher_tfm_ctx(struct crypto_akcipher *tfm) 42 48 { 43 49 return tfm->base.__crt_ctx;

+2

include/crypto/internal/hash.h

··· 76 76 77 77 int crypto_register_ahash(struct ahash_alg *alg); 78 78 int crypto_unregister_ahash(struct ahash_alg *alg); 79 + int crypto_register_ahashes(struct ahash_alg *algs, int count); 80 + void crypto_unregister_ahashes(struct ahash_alg *algs, int count); 79 81 int ahash_register_instance(struct crypto_template *tmpl, 80 82 struct ahash_instance *inst); 81 83 void ahash_free_instance(struct crypto_instance *inst);

+10

include/crypto/kpp.h

··· 145 145 return __crypto_kpp_tfm(req->base.tfm); 146 146 } 147 147 148 + static inline u32 crypto_kpp_get_flags(struct crypto_kpp *tfm) 149 + { 150 + return crypto_tfm_get_flags(crypto_kpp_tfm(tfm)); 151 + } 152 + 153 + static inline void crypto_kpp_set_flags(struct crypto_kpp *tfm, u32 flags) 154 + { 155 + crypto_tfm_set_flags(crypto_kpp_tfm(tfm), flags); 156 + } 157 + 148 158 /** 149 159 * crypto_free_kpp() - free KPP tfm handle 150 160 *

+5 -6

include/linux/ccp.h

··· 1 1 /* 2 2 * AMD Cryptographic Coprocessor (CCP) driver 3 3 * 4 - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. 4 + * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. 5 5 * 6 6 * Author: Tom Lendacky <thomas.lendacky@amd.com> 7 7 * Author: Gary R Hook <gary.hook@amd.com> ··· 20 20 #include <crypto/aes.h> 21 21 #include <crypto/sha.h> 22 22 23 - 24 23 struct ccp_device; 25 24 struct ccp_cmd; 26 25 27 - #if defined(CONFIG_CRYPTO_DEV_CCP_DD) || \ 28 - defined(CONFIG_CRYPTO_DEV_CCP_DD_MODULE) 26 + #if defined(CONFIG_CRYPTO_DEV_SP_CCP) 29 27 30 28 /** 31 29 * ccp_present - check if a CCP device is present ··· 69 71 */ 70 72 int ccp_enqueue_cmd(struct ccp_cmd *cmd); 71 73 72 - #else /* CONFIG_CRYPTO_DEV_CCP_DD is not enabled */ 74 + #else /* CONFIG_CRYPTO_DEV_CCP_SP_DEV is not enabled */ 73 75 74 76 static inline int ccp_present(void) 75 77 { ··· 86 88 return -ENODEV; 87 89 } 88 90 89 - #endif /* CONFIG_CRYPTO_DEV_CCP_DD */ 91 + #endif /* CONFIG_CRYPTO_DEV_SP_CCP */ 90 92 91 93 92 94 /***** AES engine *****/ ··· 229 231 * AES operation the new IV overwrites the old IV. 230 232 */ 231 233 struct ccp_xts_aes_engine { 234 + enum ccp_aes_type type; 232 235 enum ccp_aes_action action; 233 236 enum ccp_xts_aes_unit_size unit_size; 234 237

+12 -12

lib/mpi/longlong.h

··· 176 176 #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ 177 177 __asm__ ("adds %1, %4, %5\n" \ 178 178 "adc %0, %2, %3" \ 179 - : "=r" ((USItype)(sh)), \ 180 - "=&r" ((USItype)(sl)) \ 179 + : "=r" (sh), \ 180 + "=&r" (sl) \ 181 181 : "%r" ((USItype)(ah)), \ 182 182 "rI" ((USItype)(bh)), \ 183 183 "%r" ((USItype)(al)), \ ··· 185 185 #define sub_ddmmss(sh, sl, ah, al, bh, bl) \ 186 186 __asm__ ("subs %1, %4, %5\n" \ 187 187 "sbc %0, %2, %3" \ 188 - : "=r" ((USItype)(sh)), \ 189 - "=&r" ((USItype)(sl)) \ 188 + : "=r" (sh), \ 189 + "=&r" (sl) \ 190 190 : "r" ((USItype)(ah)), \ 191 191 "rI" ((USItype)(bh)), \ 192 192 "r" ((USItype)(al)), \ 193 193 "rI" ((USItype)(bl))) 194 194 #if defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__ 195 195 #define umul_ppmm(xh, xl, a, b) \ 196 - __asm__ ("%@ Inlined umul_ppmm\n" \ 196 + __asm__ ("@ Inlined umul_ppmm\n" \ 197 197 "mov %|r0, %2, lsr #16 @ AAAA\n" \ 198 198 "mov %|r2, %3, lsr #16 @ BBBB\n" \ 199 199 "bic %|r1, %2, %|r0, lsl #16 @ aaaa\n" \ ··· 206 206 "addcs %|r2, %|r2, #65536\n" \ 207 207 "adds %1, %|r1, %|r0, lsl #16\n" \ 208 208 "adc %0, %|r2, %|r0, lsr #16" \ 209 - : "=&r" ((USItype)(xh)), \ 210 - "=r" ((USItype)(xl)) \ 209 + : "=&r" (xh), \ 210 + "=r" (xl) \ 211 211 : "r" ((USItype)(a)), \ 212 212 "r" ((USItype)(b)) \ 213 213 : "r0", "r1", "r2") 214 214 #else 215 215 #define umul_ppmm(xh, xl, a, b) \ 216 - __asm__ ("%@ Inlined umul_ppmm\n" \ 217 - "umull %r1, %r0, %r2, %r3" \ 218 - : "=&r" ((USItype)(xh)), \ 219 - "=&r" ((USItype)(xl)) \ 216 + __asm__ ("@ Inlined umul_ppmm\n" \ 217 + "umull %1, %0, %2, %3" \ 218 + : "=&r" (xh), \ 219 + "=&r" (xl) \ 220 220 : "r" ((USItype)(a)), \ 221 - "r" ((USItype)(b)) \ 221 + "r" ((USItype)(b)) \ 222 222 : "r0", "r1") 223 223 #endif 224 224 #define UMUL_TIME 20