+1

drivers/crypto/Kconfig

reviewed

··· 383 383 tristate "Support for Atmel AES hw accelerator" 384 384 depends on AT_XDMAC || AT_HDMAC || COMPILE_TEST 385 385 select CRYPTO_AES 386 386 + select CRYPTO_AEAD 386 387 select CRYPTO_BLKCIPHER 387 388 help 388 389 Some Atmel processors have AES hw accelerator.

+10

drivers/crypto/atmel-aes-regs.h

reviewed

··· 9 9 #define AES_MR 0x04 10 10 #define AES_MR_CYPHER_DEC (0 << 0) 11 11 #define AES_MR_CYPHER_ENC (1 << 0) 12 12 + #define AES_MR_GTAGEN (1 << 1) 12 13 #define AES_MR_DUALBUFF (1 << 3) 13 14 #define AES_MR_PROCDLY_MASK (0xF << 4) 14 15 #define AES_MR_PROCDLY_OFFSET 4 ··· 27 26 #define AES_MR_OPMOD_OFB (0x2 << 12) 28 27 #define AES_MR_OPMOD_CFB (0x3 << 12) 29 28 #define AES_MR_OPMOD_CTR (0x4 << 12) 29 29 + #define AES_MR_OPMOD_GCM (0x5 << 12) 30 30 #define AES_MR_LOD (0x1 << 15) 31 31 #define AES_MR_CFBS_MASK (0x7 << 16) 32 32 #define AES_MR_CFBS_128b (0x0 << 16) ··· 46 44 #define AES_ISR 0x1C 47 45 #define AES_INT_DATARDY (1 << 0) 48 46 #define AES_INT_URAD (1 << 8) 47 47 + #define AES_INT_TAGRDY (1 << 16) 49 48 #define AES_ISR_URAT_MASK (0xF << 12) 50 49 #define AES_ISR_URAT_IDR_WR_PROC (0x0 << 12) 51 50 #define AES_ISR_URAT_ODR_RD_PROC (0x1 << 12) ··· 59 56 #define AES_IDATAR(x) (0x40 + ((x) * 0x04)) 60 57 #define AES_ODATAR(x) (0x50 + ((x) * 0x04)) 61 58 #define AES_IVR(x) (0x60 + ((x) * 0x04)) 59 59 + 60 60 + #define AES_AADLENR 0x70 61 61 + #define AES_CLENR 0x74 62 62 + #define AES_GHASHR(x) (0x78 + ((x) * 0x04)) 63 63 + #define AES_TAGR(x) (0x88 + ((x) * 0x04)) 64 64 + #define AES_CTRR 0x98 65 65 + #define AES_GCMHR(x) (0x9c + ((x) * 0x04)) 62 66 63 67 #define AES_HW_VERSION 0xFC 64 68

+451 -2

drivers/crypto/atmel-aes.c

reviewed

··· 36 36 #include <crypto/scatterwalk.h> 37 37 #include <crypto/algapi.h> 38 38 #include <crypto/aes.h> 39 39 + #include <crypto/internal/aead.h> 39 40 #include <linux/platform_data/crypto-atmel.h> 40 41 #include <dt-bindings/dma/at91.h> 41 42 #include "atmel-aes-regs.h" ··· 54 53 #define SIZE_IN_WORDS(x) ((x) >> 2) 55 54 56 55 /* AES flags */ 57 57 - /* Reserve bits [18:16] [14:12] [0] for mode (same as for AES_MR) */ 56 56 + /* Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) */ 58 57 #define AES_FLAGS_ENCRYPT AES_MR_CYPHER_ENC 58 58 + #define AES_FLAGS_GTAGEN AES_MR_GTAGEN 59 59 #define AES_FLAGS_OPMODE_MASK (AES_MR_OPMOD_MASK | AES_MR_CFBS_MASK) 60 60 #define AES_FLAGS_ECB AES_MR_OPMOD_ECB 61 61 #define AES_FLAGS_CBC AES_MR_OPMOD_CBC ··· 67 65 #define AES_FLAGS_CFB16 (AES_MR_OPMOD_CFB | AES_MR_CFBS_16b) 68 66 #define AES_FLAGS_CFB8 (AES_MR_OPMOD_CFB | AES_MR_CFBS_8b) 69 67 #define AES_FLAGS_CTR AES_MR_OPMOD_CTR 68 68 + #define AES_FLAGS_GCM AES_MR_OPMOD_GCM 70 69 71 70 #define AES_FLAGS_MODE_MASK (AES_FLAGS_OPMODE_MASK | \ 72 72 - AES_FLAGS_ENCRYPT) 71 71 + AES_FLAGS_ENCRYPT | \ 72 72 + AES_FLAGS_GTAGEN) 73 73 74 74 #define AES_FLAGS_INIT BIT(2) 75 75 #define AES_FLAGS_BUSY BIT(3) ··· 87 83 bool has_dualbuff; 88 84 bool has_cfb64; 89 85 bool has_ctr32; 86 86 + bool has_gcm; 90 87 u32 max_burst_size; 91 88 }; 92 89 ··· 116 111 size_t offset; 117 112 struct scatterlist src[2]; 118 113 struct scatterlist dst[2]; 114 114 + }; 115 115 + 116 116 + struct atmel_aes_gcm_ctx { 117 117 + struct atmel_aes_base_ctx base; 118 118 + 119 119 + struct scatterlist src[2]; 120 120 + struct scatterlist dst[2]; 121 121 + 122 122 + u32 j0[AES_BLOCK_SIZE / sizeof(u32)]; 123 123 + u32 tag[AES_BLOCK_SIZE / sizeof(u32)]; 124 124 + u32 ghash[AES_BLOCK_SIZE / sizeof(u32)]; 125 125 + size_t textlen; 126 126 + 127 127 + const u32 *ghash_in; 128 128 + u32 *ghash_out; 129 129 + atmel_aes_fn_t ghash_resume; 119 130 }; 120 131 121 132 struct atmel_aes_reqctx { ··· 255 234 return len ? block_size - len : 0; 256 235 } 257 236 237 237 + static inline struct aead_request * 238 238 + aead_request_cast(struct crypto_async_request *req) 239 239 + { 240 240 + return container_of(req, struct aead_request, base); 241 241 + } 242 242 + 258 243 static struct atmel_aes_dev *atmel_aes_find_dev(struct atmel_aes_base_ctx *ctx) 259 244 { 260 245 struct atmel_aes_dev *aes_dd = NULL; ··· 325 298 { 326 299 /* Clear all but persistent flags and set request flags. */ 327 300 dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) | rctx->mode; 301 301 + } 302 302 + 303 303 + static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd) 304 304 + { 305 305 + return (dd->flags & AES_FLAGS_ENCRYPT); 328 306 } 329 307 330 308 static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) ··· 1258 1226 }; 1259 1227 1260 1228 1229 1229 + /* gcm aead functions */ 1230 1230 + 1231 1231 + static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, 1232 1232 + const u32 *data, size_t datalen, 1233 1233 + const u32 *ghash_in, u32 *ghash_out, 1234 1234 + atmel_aes_fn_t resume); 1235 1235 + static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd); 1236 1236 + static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd); 1237 1237 + 1238 1238 + static int atmel_aes_gcm_start(struct atmel_aes_dev *dd); 1239 1239 + static int atmel_aes_gcm_process(struct atmel_aes_dev *dd); 1240 1240 + static int atmel_aes_gcm_length(struct atmel_aes_dev *dd); 1241 1241 + static int atmel_aes_gcm_data(struct atmel_aes_dev *dd); 1242 1242 + static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd); 1243 1243 + static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd); 1244 1244 + static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd); 1245 1245 + 1246 1246 + static inline struct atmel_aes_gcm_ctx * 1247 1247 + atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx) 1248 1248 + { 1249 1249 + return container_of(ctx, struct atmel_aes_gcm_ctx, base); 1250 1250 + } 1251 1251 + 1252 1252 + static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, 1253 1253 + const u32 *data, size_t datalen, 1254 1254 + const u32 *ghash_in, u32 *ghash_out, 1255 1255 + atmel_aes_fn_t resume) 1256 1256 + { 1257 1257 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1258 1258 + 1259 1259 + dd->data = (u32 *)data; 1260 1260 + dd->datalen = datalen; 1261 1261 + ctx->ghash_in = ghash_in; 1262 1262 + ctx->ghash_out = ghash_out; 1263 1263 + ctx->ghash_resume = resume; 1264 1264 + 1265 1265 + atmel_aes_write_ctrl(dd, false, NULL); 1266 1266 + return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_ghash_init); 1267 1267 + } 1268 1268 + 1269 1269 + static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd) 1270 1270 + { 1271 1271 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1272 1272 + 1273 1273 + /* Set the data length. */ 1274 1274 + atmel_aes_write(dd, AES_AADLENR, dd->total); 1275 1275 + atmel_aes_write(dd, AES_CLENR, 0); 1276 1276 + 1277 1277 + /* If needed, overwrite the GCM Intermediate Hash Word Registers */ 1278 1278 + if (ctx->ghash_in) 1279 1279 + atmel_aes_write_block(dd, AES_GHASHR(0), ctx->ghash_in); 1280 1280 + 1281 1281 + return atmel_aes_gcm_ghash_finalize(dd); 1282 1282 + } 1283 1283 + 1284 1284 + static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd) 1285 1285 + { 1286 1286 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1287 1287 + u32 isr; 1288 1288 + 1289 1289 + /* Write data into the Input Data Registers. */ 1290 1290 + while (dd->datalen > 0) { 1291 1291 + atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 1292 1292 + dd->data += 4; 1293 1293 + dd->datalen -= AES_BLOCK_SIZE; 1294 1294 + 1295 1295 + isr = atmel_aes_read(dd, AES_ISR); 1296 1296 + if (!(isr & AES_INT_DATARDY)) { 1297 1297 + dd->resume = atmel_aes_gcm_ghash_finalize; 1298 1298 + atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 1299 1299 + return -EINPROGRESS; 1300 1300 + } 1301 1301 + } 1302 1302 + 1303 1303 + /* Read the computed hash from GHASHRx. */ 1304 1304 + atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash_out); 1305 1305 + 1306 1306 + return ctx->ghash_resume(dd); 1307 1307 + } 1308 1308 + 1309 1309 + 1310 1310 + static int atmel_aes_gcm_start(struct atmel_aes_dev *dd) 1311 1311 + { 1312 1312 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1313 1313 + struct aead_request *req = aead_request_cast(dd->areq); 1314 1314 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1315 1315 + struct atmel_aes_reqctx *rctx = aead_request_ctx(req); 1316 1316 + size_t ivsize = crypto_aead_ivsize(tfm); 1317 1317 + size_t datalen, padlen; 1318 1318 + const void *iv = req->iv; 1319 1319 + u8 *data = dd->buf; 1320 1320 + int err; 1321 1321 + 1322 1322 + atmel_aes_set_mode(dd, rctx); 1323 1323 + 1324 1324 + err = atmel_aes_hw_init(dd); 1325 1325 + if (err) 1326 1326 + return atmel_aes_complete(dd, err); 1327 1327 + 1328 1328 + if (likely(ivsize == 12)) { 1329 1329 + memcpy(ctx->j0, iv, ivsize); 1330 1330 + ctx->j0[3] = cpu_to_be32(1); 1331 1331 + return atmel_aes_gcm_process(dd); 1332 1332 + } 1333 1333 + 1334 1334 + padlen = atmel_aes_padlen(ivsize, AES_BLOCK_SIZE); 1335 1335 + datalen = ivsize + padlen + AES_BLOCK_SIZE; 1336 1336 + if (datalen > dd->buflen) 1337 1337 + return atmel_aes_complete(dd, -EINVAL); 1338 1338 + 1339 1339 + memcpy(data, iv, ivsize); 1340 1340 + memset(data + ivsize, 0, padlen + sizeof(u64)); 1341 1341 + ((u64 *)(data + datalen))[-1] = cpu_to_be64(ivsize * 8); 1342 1342 + 1343 1343 + return atmel_aes_gcm_ghash(dd, (const u32 *)data, datalen, 1344 1344 + NULL, ctx->j0, atmel_aes_gcm_process); 1345 1345 + } 1346 1346 + 1347 1347 + static int atmel_aes_gcm_process(struct atmel_aes_dev *dd) 1348 1348 + { 1349 1349 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1350 1350 + struct aead_request *req = aead_request_cast(dd->areq); 1351 1351 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1352 1352 + bool enc = atmel_aes_is_encrypt(dd); 1353 1353 + u32 authsize; 1354 1354 + 1355 1355 + /* Compute text length. */ 1356 1356 + authsize = crypto_aead_authsize(tfm); 1357 1357 + ctx->textlen = req->cryptlen - (enc ? 0 : authsize); 1358 1358 + 1359 1359 + /* 1360 1360 + * According to tcrypt test suite, the GCM Automatic Tag Generation 1361 1361 + * fails when both the message and its associated data are empty. 1362 1362 + */ 1363 1363 + if (likely(req->assoclen != 0 || ctx->textlen != 0)) 1364 1364 + dd->flags |= AES_FLAGS_GTAGEN; 1365 1365 + 1366 1366 + atmel_aes_write_ctrl(dd, false, NULL); 1367 1367 + return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_length); 1368 1368 + } 1369 1369 + 1370 1370 + static int atmel_aes_gcm_length(struct atmel_aes_dev *dd) 1371 1371 + { 1372 1372 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1373 1373 + struct aead_request *req = aead_request_cast(dd->areq); 1374 1374 + u32 j0_lsw, *j0 = ctx->j0; 1375 1375 + size_t padlen; 1376 1376 + 1377 1377 + /* Write incr32(J0) into IV. */ 1378 1378 + j0_lsw = j0[3]; 1379 1379 + j0[3] = cpu_to_be32(be32_to_cpu(j0[3]) + 1); 1380 1380 + atmel_aes_write_block(dd, AES_IVR(0), j0); 1381 1381 + j0[3] = j0_lsw; 1382 1382 + 1383 1383 + /* Set aad and text lengths. */ 1384 1384 + atmel_aes_write(dd, AES_AADLENR, req->assoclen); 1385 1385 + atmel_aes_write(dd, AES_CLENR, ctx->textlen); 1386 1386 + 1387 1387 + /* Check whether AAD are present. */ 1388 1388 + if (unlikely(req->assoclen == 0)) { 1389 1389 + dd->datalen = 0; 1390 1390 + return atmel_aes_gcm_data(dd); 1391 1391 + } 1392 1392 + 1393 1393 + /* Copy assoc data and add padding. */ 1394 1394 + padlen = atmel_aes_padlen(req->assoclen, AES_BLOCK_SIZE); 1395 1395 + if (unlikely(req->assoclen + padlen > dd->buflen)) 1396 1396 + return atmel_aes_complete(dd, -EINVAL); 1397 1397 + sg_copy_to_buffer(req->src, sg_nents(req->src), dd->buf, req->assoclen); 1398 1398 + 1399 1399 + /* Write assoc data into the Input Data register. */ 1400 1400 + dd->data = (u32 *)dd->buf; 1401 1401 + dd->datalen = req->assoclen + padlen; 1402 1402 + return atmel_aes_gcm_data(dd); 1403 1403 + } 1404 1404 + 1405 1405 + static int atmel_aes_gcm_data(struct atmel_aes_dev *dd) 1406 1406 + { 1407 1407 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1408 1408 + struct aead_request *req = aead_request_cast(dd->areq); 1409 1409 + bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD); 1410 1410 + struct scatterlist *src, *dst; 1411 1411 + u32 isr, mr; 1412 1412 + 1413 1413 + /* Write AAD first. */ 1414 1414 + while (dd->datalen > 0) { 1415 1415 + atmel_aes_write_block(dd, AES_IDATAR(0), dd->data); 1416 1416 + dd->data += 4; 1417 1417 + dd->datalen -= AES_BLOCK_SIZE; 1418 1418 + 1419 1419 + isr = atmel_aes_read(dd, AES_ISR); 1420 1420 + if (!(isr & AES_INT_DATARDY)) { 1421 1421 + dd->resume = atmel_aes_gcm_data; 1422 1422 + atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); 1423 1423 + return -EINPROGRESS; 1424 1424 + } 1425 1425 + } 1426 1426 + 1427 1427 + /* GMAC only. */ 1428 1428 + if (unlikely(ctx->textlen == 0)) 1429 1429 + return atmel_aes_gcm_tag_init(dd); 1430 1430 + 1431 1431 + /* Prepare src and dst scatter lists to transfer cipher/plain texts */ 1432 1432 + src = scatterwalk_ffwd(ctx->src, req->src, req->assoclen); 1433 1433 + dst = ((req->src == req->dst) ? src : 1434 1434 + scatterwalk_ffwd(ctx->dst, req->dst, req->assoclen)); 1435 1435 + 1436 1436 + if (use_dma) { 1437 1437 + /* Update the Mode Register for DMA transfers. */ 1438 1438 + mr = atmel_aes_read(dd, AES_MR); 1439 1439 + mr &= ~(AES_MR_SMOD_MASK | AES_MR_DUALBUFF); 1440 1440 + mr |= AES_MR_SMOD_IDATAR0; 1441 1441 + if (dd->caps.has_dualbuff) 1442 1442 + mr |= AES_MR_DUALBUFF; 1443 1443 + atmel_aes_write(dd, AES_MR, mr); 1444 1444 + 1445 1445 + return atmel_aes_dma_start(dd, src, dst, ctx->textlen, 1446 1446 + atmel_aes_gcm_tag_init); 1447 1447 + } 1448 1448 + 1449 1449 + return atmel_aes_cpu_start(dd, src, dst, ctx->textlen, 1450 1450 + atmel_aes_gcm_tag_init); 1451 1451 + } 1452 1452 + 1453 1453 + static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd) 1454 1454 + { 1455 1455 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1456 1456 + struct aead_request *req = aead_request_cast(dd->areq); 1457 1457 + u64 *data = dd->buf; 1458 1458 + 1459 1459 + if (likely(dd->flags & AES_FLAGS_GTAGEN)) { 1460 1460 + if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) { 1461 1461 + dd->resume = atmel_aes_gcm_tag_init; 1462 1462 + atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY); 1463 1463 + return -EINPROGRESS; 1464 1464 + } 1465 1465 + 1466 1466 + return atmel_aes_gcm_finalize(dd); 1467 1467 + } 1468 1468 + 1469 1469 + /* Read the GCM Intermediate Hash Word Registers. */ 1470 1470 + atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash); 1471 1471 + 1472 1472 + data[0] = cpu_to_be64(req->assoclen * 8); 1473 1473 + data[1] = cpu_to_be64(ctx->textlen * 8); 1474 1474 + 1475 1475 + return atmel_aes_gcm_ghash(dd, (const u32 *)data, AES_BLOCK_SIZE, 1476 1476 + ctx->ghash, ctx->ghash, atmel_aes_gcm_tag); 1477 1477 + } 1478 1478 + 1479 1479 + static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd) 1480 1480 + { 1481 1481 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1482 1482 + unsigned long flags; 1483 1483 + 1484 1484 + /* 1485 1485 + * Change mode to CTR to complete the tag generation. 1486 1486 + * Use J0 as Initialization Vector. 1487 1487 + */ 1488 1488 + flags = dd->flags; 1489 1489 + dd->flags &= ~(AES_FLAGS_OPMODE_MASK | AES_FLAGS_GTAGEN); 1490 1490 + dd->flags |= AES_FLAGS_CTR; 1491 1491 + atmel_aes_write_ctrl(dd, false, ctx->j0); 1492 1492 + dd->flags = flags; 1493 1493 + 1494 1494 + atmel_aes_write_block(dd, AES_IDATAR(0), ctx->ghash); 1495 1495 + return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_finalize); 1496 1496 + } 1497 1497 + 1498 1498 + static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd) 1499 1499 + { 1500 1500 + struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx); 1501 1501 + struct aead_request *req = aead_request_cast(dd->areq); 1502 1502 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1503 1503 + bool enc = atmel_aes_is_encrypt(dd); 1504 1504 + u32 offset, authsize, itag[4], *otag = ctx->tag; 1505 1505 + int err; 1506 1506 + 1507 1507 + /* Read the computed tag. */ 1508 1508 + if (likely(dd->flags & AES_FLAGS_GTAGEN)) 1509 1509 + atmel_aes_read_block(dd, AES_TAGR(0), ctx->tag); 1510 1510 + else 1511 1511 + atmel_aes_read_block(dd, AES_ODATAR(0), ctx->tag); 1512 1512 + 1513 1513 + offset = req->assoclen + ctx->textlen; 1514 1514 + authsize = crypto_aead_authsize(tfm); 1515 1515 + if (enc) { 1516 1516 + scatterwalk_map_and_copy(otag, req->dst, offset, authsize, 1); 1517 1517 + err = 0; 1518 1518 + } else { 1519 1519 + scatterwalk_map_and_copy(itag, req->src, offset, authsize, 0); 1520 1520 + err = crypto_memneq(itag, otag, authsize) ? -EBADMSG : 0; 1521 1521 + } 1522 1522 + 1523 1523 + return atmel_aes_complete(dd, err); 1524 1524 + } 1525 1525 + 1526 1526 + static int atmel_aes_gcm_crypt(struct aead_request *req, 1527 1527 + unsigned long mode) 1528 1528 + { 1529 1529 + struct atmel_aes_base_ctx *ctx; 1530 1530 + struct atmel_aes_reqctx *rctx; 1531 1531 + struct atmel_aes_dev *dd; 1532 1532 + 1533 1533 + ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 1534 1534 + ctx->block_size = AES_BLOCK_SIZE; 1535 1535 + 1536 1536 + dd = atmel_aes_find_dev(ctx); 1537 1537 + if (!dd) 1538 1538 + return -ENODEV; 1539 1539 + 1540 1540 + rctx = aead_request_ctx(req); 1541 1541 + rctx->mode = AES_FLAGS_GCM | mode; 1542 1542 + 1543 1543 + return atmel_aes_handle_queue(dd, &req->base); 1544 1544 + } 1545 1545 + 1546 1546 + static int atmel_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 1547 1547 + unsigned int keylen) 1548 1548 + { 1549 1549 + struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm); 1550 1550 + 1551 1551 + if (keylen != AES_KEYSIZE_256 && 1552 1552 + keylen != AES_KEYSIZE_192 && 1553 1553 + keylen != AES_KEYSIZE_128) { 1554 1554 + crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); 1555 1555 + return -EINVAL; 1556 1556 + } 1557 1557 + 1558 1558 + memcpy(ctx->key, key, keylen); 1559 1559 + ctx->keylen = keylen; 1560 1560 + 1561 1561 + return 0; 1562 1562 + } 1563 1563 + 1564 1564 + static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm, 1565 1565 + unsigned int authsize) 1566 1566 + { 1567 1567 + /* Same as crypto_gcm_authsize() from crypto/gcm.c */ 1568 1568 + switch (authsize) { 1569 1569 + case 4: 1570 1570 + case 8: 1571 1571 + case 12: 1572 1572 + case 13: 1573 1573 + case 14: 1574 1574 + case 15: 1575 1575 + case 16: 1576 1576 + break; 1577 1577 + default: 1578 1578 + return -EINVAL; 1579 1579 + } 1580 1580 + 1581 1581 + return 0; 1582 1582 + } 1583 1583 + 1584 1584 + static int atmel_aes_gcm_encrypt(struct aead_request *req) 1585 1585 + { 1586 1586 + return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT); 1587 1587 + } 1588 1588 + 1589 1589 + static int atmel_aes_gcm_decrypt(struct aead_request *req) 1590 1590 + { 1591 1591 + return atmel_aes_gcm_crypt(req, 0); 1592 1592 + } 1593 1593 + 1594 1594 + static int atmel_aes_gcm_init(struct crypto_aead *tfm) 1595 1595 + { 1596 1596 + struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm); 1597 1597 + 1598 1598 + crypto_aead_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx)); 1599 1599 + ctx->base.start = atmel_aes_gcm_start; 1600 1600 + 1601 1601 + return 0; 1602 1602 + } 1603 1603 + 1604 1604 + static void atmel_aes_gcm_exit(struct crypto_aead *tfm) 1605 1605 + { 1606 1606 + 1607 1607 + } 1608 1608 + 1609 1609 + static struct aead_alg aes_gcm_alg = { 1610 1610 + .setkey = atmel_aes_gcm_setkey, 1611 1611 + .setauthsize = atmel_aes_gcm_setauthsize, 1612 1612 + .encrypt = atmel_aes_gcm_encrypt, 1613 1613 + .decrypt = atmel_aes_gcm_decrypt, 1614 1614 + .init = atmel_aes_gcm_init, 1615 1615 + .exit = atmel_aes_gcm_exit, 1616 1616 + .ivsize = 12, 1617 1617 + .maxauthsize = AES_BLOCK_SIZE, 1618 1618 + 1619 1619 + .base = { 1620 1620 + .cra_name = "gcm(aes)", 1621 1621 + .cra_driver_name = "atmel-gcm-aes", 1622 1622 + .cra_priority = ATMEL_AES_PRIORITY, 1623 1623 + .cra_flags = CRYPTO_ALG_ASYNC, 1624 1624 + .cra_blocksize = 1, 1625 1625 + .cra_ctxsize = sizeof(struct atmel_aes_gcm_ctx), 1626 1626 + .cra_alignmask = 0xf, 1627 1627 + .cra_module = THIS_MODULE, 1628 1628 + }, 1629 1629 + }; 1630 1630 + 1631 1631 + 1261 1632 /* Probe functions */ 1262 1633 1263 1634 static int atmel_aes_buff_init(struct atmel_aes_dev *dd) ··· 1769 1334 { 1770 1335 int i; 1771 1336 1337 1337 + if (dd->caps.has_gcm) 1338 1338 + crypto_unregister_aead(&aes_gcm_alg); 1339 1339 + 1772 1340 if (dd->caps.has_cfb64) 1773 1341 crypto_unregister_alg(&aes_cfb64_alg); 1774 1342 ··· 1795 1357 goto err_aes_cfb64_alg; 1796 1358 } 1797 1359 1360 1360 + if (dd->caps.has_gcm) { 1361 1361 + err = crypto_register_aead(&aes_gcm_alg); 1362 1362 + if (err) 1363 1363 + goto err_aes_gcm_alg; 1364 1364 + } 1365 1365 + 1798 1366 return 0; 1799 1367 1368 1368 + err_aes_gcm_alg: 1369 1369 + crypto_unregister_alg(&aes_cfb64_alg); 1800 1370 err_aes_cfb64_alg: 1801 1371 i = ARRAY_SIZE(aes_algs); 1802 1372 err_aes_algs: ··· 1819 1373 dd->caps.has_dualbuff = 0; 1820 1374 dd->caps.has_cfb64 = 0; 1821 1375 dd->caps.has_ctr32 = 0; 1376 1376 + dd->caps.has_gcm = 0; 1822 1377 dd->caps.max_burst_size = 1; 1823 1378 1824 1379 /* keep only major version number */ ··· 1828 1381 dd->caps.has_dualbuff = 1; 1829 1382 dd->caps.has_cfb64 = 1; 1830 1383 dd->caps.has_ctr32 = 1; 1384 1384 + dd->caps.has_gcm = 1; 1831 1385 dd->caps.max_burst_size = 4; 1832 1386 break; 1833 1387 case 0x200: 1834 1388 dd->caps.has_dualbuff = 1; 1835 1389 dd->caps.has_cfb64 = 1; 1836 1390 dd->caps.has_ctr32 = 1; 1391 1391 + dd->caps.has_gcm = 1; 1837 1392 dd->caps.max_burst_size = 4; 1838 1393 break; 1839 1394 case 0x130: