atmel-aes.c source code [linux/drivers/crypto/atmel-aes.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Cryptographic API.
4	*
5	* Support for ATMEL AES HW acceleration.
6	*
7	* Copyright (c) 2012 Eukréa Electromatique - ATMEL
8	* Author: Nicolas Royer <nicolas@eukrea.com>
9	*
10	* Some ideas are from omap-aes.c driver.
11	*/
12
13
14	#include <linux/kernel.h>
15	#include <linux/module.h>
16	#include <linux/slab.h>
17	#include <linux/err.h>
18	#include <linux/clk.h>
19	#include <linux/io.h>
20	#include <linux/hw_random.h>
21	#include <linux/platform_device.h>
22
23	#include <linux/device.h>
24	#include <linux/dmaengine.h>
25	#include <linux/init.h>
26	#include <linux/errno.h>
27	#include <linux/interrupt.h>
28	#include <linux/irq.h>
29	#include <linux/scatterlist.h>
30	#include <linux/dma-mapping.h>
31	#include <linux/mod_devicetable.h>
32	#include <linux/delay.h>
33	#include <linux/crypto.h>
34	#include <crypto/scatterwalk.h>
35	#include <crypto/algapi.h>
36	#include <crypto/aes.h>
37	#include <crypto/gcm.h>
38	#include <crypto/xts.h>
39	#include <crypto/internal/aead.h>
40	#include <crypto/internal/skcipher.h>
41	#include "atmel-aes-regs.h"
42	#include "atmel-authenc.h"
43
44	#define ATMEL_AES_PRIORITY 300
45
46	#define ATMEL_AES_BUFFER_ORDER 2
47	#define ATMEL_AES_BUFFER_SIZE (PAGE_SIZE << ATMEL_AES_BUFFER_ORDER)
48
49	#define SIZE_IN_WORDS(x) ((x) >> 2)
50
51	/ AES flags /
52	/ Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) /
53	#define AES_FLAGS_ENCRYPT AES_MR_CYPHER_ENC
54	#define AES_FLAGS_GTAGEN AES_MR_GTAGEN
55	#define AES_FLAGS_OPMODE_MASK (AES_MR_OPMOD_MASK \| AES_MR_CFBS_MASK)
56	#define AES_FLAGS_ECB AES_MR_OPMOD_ECB
57	#define AES_FLAGS_CBC AES_MR_OPMOD_CBC
58	#define AES_FLAGS_CTR AES_MR_OPMOD_CTR
59	#define AES_FLAGS_GCM AES_MR_OPMOD_GCM
60	#define AES_FLAGS_XTS AES_MR_OPMOD_XTS
61
62	#define AES_FLAGS_MODE_MASK (AES_FLAGS_OPMODE_MASK \| \
63	AES_FLAGS_ENCRYPT \| \
64	AES_FLAGS_GTAGEN)
65
66	#define AES_FLAGS_BUSY BIT(3)
67	#define AES_FLAGS_DUMP_REG BIT(4)
68	#define AES_FLAGS_OWN_SHA BIT(5)
69
70	#define AES_FLAGS_PERSISTENT AES_FLAGS_BUSY
71
72	#define ATMEL_AES_QUEUE_LENGTH 50
73
74	#define ATMEL_AES_DMA_THRESHOLD 256
75
76
77	struct atmel_aes_caps {
78	bool has_dualbuff;
79	bool has_gcm;
80	bool has_xts;
81	bool has_authenc;
82	u32 max_burst_size;
83	};
84
85	struct atmel_aes_dev;
86
87
88	typedef int (atmel_aes_fn_t)(struct* atmel_aes_dev *);
89
90
91	struct atmel_aes_base_ctx {
92	struct atmel_aes_dev *dd;
93	atmel_aes_fn_t start;
94	int keylen;
95	u32 key[AES_KEYSIZE_256 / sizeof(u32)];
96	u16 block_size;
97	bool is_aead;
98	};
99
100	struct atmel_aes_ctx {
101	struct atmel_aes_base_ctx base;
102	};
103
104	struct atmel_aes_ctr_ctx {
105	struct atmel_aes_base_ctx base;
106
107	__be32 iv[AES_BLOCK_SIZE / sizeof(u32)];
108	size_t offset;
109	struct scatterlist src[`2`];
110	struct scatterlist dst[`2`];
111	u32 blocks;
112	};
113
114	struct atmel_aes_gcm_ctx {
115	struct atmel_aes_base_ctx base;
116
117	struct scatterlist src[`2`];
118	struct scatterlist dst[`2`];
119
120	__be32 j0[AES_BLOCK_SIZE / sizeof(u32)];
121	u32 tag[AES_BLOCK_SIZE / sizeof(u32)];
122	__be32 ghash[AES_BLOCK_SIZE / sizeof(u32)];
123	size_t textlen;
124
125	const __be32 *ghash_in;
126	__be32 *ghash_out;
127	atmel_aes_fn_t ghash_resume;
128	};
129
130	struct atmel_aes_xts_ctx {
131	struct atmel_aes_base_ctx base;
132
133	u32 key2[AES_KEYSIZE_256 / sizeof(u32)];
134	struct crypto_skcipher *fallback_tfm;
135	};
136
137	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
138	struct atmel_aes_authenc_ctx {
139	struct atmel_aes_base_ctx base;
140	struct atmel_sha_authenc_ctx *auth;
141	};
142	#endif
143
144	struct atmel_aes_reqctx {
145	unsigned long mode;
146	u8 lastc[AES_BLOCK_SIZE];
147	struct skcipher_request fallback_req;
148	};
149
150	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
151	struct atmel_aes_authenc_reqctx {
152	struct atmel_aes_reqctx base;
153
154	struct scatterlist src[`2`];
155	struct scatterlist dst[`2`];
156	size_t textlen;
157	u32 digest[SHA512_DIGEST_SIZE / sizeof(u32)];
158
159	/ auth_req MUST be place last. /
160	struct ahash_request auth_req;
161	};
162	#endif
163
164	struct atmel_aes_dma {
165	struct dma_chan *chan;
166	struct scatterlist *sg;
167	int nents;
168	unsigned int remainder;
169	unsigned int sg_len;
170	};
171
172	struct atmel_aes_dev {
173	struct list_head list;
174	unsigned long phys_base;
175	void __iomem *io_base;
176
177	struct crypto_async_request *areq;
178	struct atmel_aes_base_ctx *ctx;
179
180	bool is_async;
181	atmel_aes_fn_t resume;
182	atmel_aes_fn_t cpu_transfer_complete;
183
184	struct device *dev;
185	struct clk *iclk;
186	int irq;
187
188	unsigned long flags;
189
190	spinlock_t lock;
191	struct crypto_queue queue;
192
193	struct tasklet_struct done_task;
194	struct tasklet_struct queue_task;
195
196	size_t total;
197	size_t datalen;
198	u32 *data;
199
200	struct atmel_aes_dma src;
201	struct atmel_aes_dma dst;
202
203	size_t buflen;
204	void *buf;
205	struct scatterlist aligned_sg;
206	struct scatterlist *real_dst;
207
208	struct atmel_aes_caps caps;
209
210	u32 hw_version;
211	};
212
213	struct atmel_aes_drv {
214	struct list_head dev_list;
215	spinlock_t lock;
216	};
217
218	static struct atmel_aes_drv atmel_aes = {
219	.dev_list = LIST_HEAD_INIT(atmel_aes.dev_list),
220	.lock = __SPIN_LOCK_UNLOCKED(atmel_aes.lock),
221	};
222
223	#ifdef VERBOSE_DEBUG
224	static const char atmel_aes_reg_name(u32 offset, char* *tmp, size_t sz)
225	{
226	switch (offset) {
227	case AES_CR:
228	return "CR";
229
230	case AES_MR:
231	return "MR";
232
233	case AES_ISR:
234	return "ISR";
235
236	case AES_IMR:
237	return "IMR";
238
239	case AES_IER:
240	return "IER";
241
242	case AES_IDR:
243	return "IDR";
244
245	case AES_KEYWR(`0`):
246	case AES_KEYWR(`1`):
247	case AES_KEYWR(`2`):
248	case AES_KEYWR(`3`):
249	case AES_KEYWR(`4`):
250	case AES_KEYWR(`5`):
251	case AES_KEYWR(`6`):
252	case AES_KEYWR(`7`):
253	snprintf(tmp, sz, "KEYWR[%u]", (offset - AES_KEYWR(`0`)) >> `2`);
254	break;
255
256	case AES_IDATAR(`0`):
257	case AES_IDATAR(`1`):
258	case AES_IDATAR(`2`):
259	case AES_IDATAR(`3`):
260	snprintf(tmp, sz, "IDATAR[%u]", (offset - AES_IDATAR(`0`)) >> `2`);
261	break;
262
263	case AES_ODATAR(`0`):
264	case AES_ODATAR(`1`):
265	case AES_ODATAR(`2`):
266	case AES_ODATAR(`3`):
267	snprintf(tmp, sz, "ODATAR[%u]", (offset - AES_ODATAR(`0`)) >> `2`);
268	break;
269
270	case AES_IVR(`0`):
271	case AES_IVR(`1`):
272	case AES_IVR(`2`):
273	case AES_IVR(`3`):
274	snprintf(tmp, sz, "IVR[%u]", (offset - AES_IVR(`0`)) >> `2`);
275	break;
276
277	case AES_AADLENR:
278	return "AADLENR";
279
280	case AES_CLENR:
281	return "CLENR";
282
283	case AES_GHASHR(`0`):
284	case AES_GHASHR(`1`):
285	case AES_GHASHR(`2`):
286	case AES_GHASHR(`3`):
287	snprintf(tmp, sz, "GHASHR[%u]", (offset - AES_GHASHR(`0`)) >> `2`);
288	break;
289
290	case AES_TAGR(`0`):
291	case AES_TAGR(`1`):
292	case AES_TAGR(`2`):
293	case AES_TAGR(`3`):
294	snprintf(tmp, sz, "TAGR[%u]", (offset - AES_TAGR(`0`)) >> `2`);
295	break;
296
297	case AES_CTRR:
298	return "CTRR";
299
300	case AES_GCMHR(`0`):
301	case AES_GCMHR(`1`):
302	case AES_GCMHR(`2`):
303	case AES_GCMHR(`3`):
304	snprintf(tmp, sz, "GCMHR[%u]", (offset - AES_GCMHR(`0`)) >> `2`);
305	break;
306
307	case AES_EMR:
308	return "EMR";
309
310	case AES_TWR(`0`):
311	case AES_TWR(`1`):
312	case AES_TWR(`2`):
313	case AES_TWR(`3`):
314	snprintf(tmp, sz, "TWR[%u]", (offset - AES_TWR(`0`)) >> `2`);
315	break;
316
317	case AES_ALPHAR(`0`):
318	case AES_ALPHAR(`1`):
319	case AES_ALPHAR(`2`):
320	case AES_ALPHAR(`3`):
321	snprintf(tmp, sz, "ALPHAR[%u]", (offset - AES_ALPHAR(`0`)) >> `2`);
322	break;
323
324	default:
325	snprintf(tmp, sz, "0x%02x", offset);
326	break;
327	}
328
329	return tmp;
330	}
331	#endif /* VERBOSE_DEBUG */
332
333	/ Shared functions /
334
335	static inline u32 atmel_aes_read(struct atmel_aes_dev *dd, u32 offset)
336	{
337	u32 value = readl_relaxed(dd->io_base + offset);
338
339	#ifdef VERBOSE_DEBUG
340	if (dd->flags & AES_FLAGS_DUMP_REG) {
341	char tmp[`16`];
342
343	dev_vdbg(dd->dev, "read 0x%08x from %s\n", value,
344	atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
345	}
346	#endif /* VERBOSE_DEBUG */
347
348	return value;
349	}
350
351	static inline void atmel_aes_write(struct atmel_aes_dev *dd,
352	u32 offset, u32 value)
353	{
354	#ifdef VERBOSE_DEBUG
355	if (dd->flags & AES_FLAGS_DUMP_REG) {
356	char tmp[`16`];
357
358	dev_vdbg(dd->dev, "write 0x%08x into %s\n", value,
359	atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
360	}
361	#endif /* VERBOSE_DEBUG */
362
363	writel_relaxed(value, dd->io_base + offset);
364	}
365
366	static void atmel_aes_read_n(struct atmel_aes_dev *dd, u32 offset,
367	u32 value, int* count)
368	{
369	for (; count--; value++, offset += `4`)
370	*value = atmel_aes_read(dd, offset);
371	}
372
373	static void atmel_aes_write_n(struct atmel_aes_dev *dd, u32 offset,
374	const u32 value, int* count)
375	{
376	for (; count--; value++, offset += `4`)
377	atmel_aes_write(dd, offset, value: *value);
378	}
379
380	static inline void atmel_aes_read_block(struct atmel_aes_dev *dd, u32 offset,
381	void *value)
382	{
383	atmel_aes_read_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
384	}
385
386	static inline void atmel_aes_write_block(struct atmel_aes_dev *dd, u32 offset,
387	const void *value)
388	{
389	atmel_aes_write_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
390	}
391
392	static inline int atmel_aes_wait_for_data_ready(struct atmel_aes_dev *dd,
393	atmel_aes_fn_t resume)
394	{
395	u32 isr = atmel_aes_read(dd, AES_ISR);
396
397	if (unlikely(isr & AES_INT_DATARDY))
398	return resume(dd);
399
400	dd->resume = resume;
401	atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
402	return -EINPROGRESS;
403	}
404
405	static inline size_t atmel_aes_padlen(size_t len, size_t block_size)
406	{
407	len &= block_size - `1`;
408	return len ? block_size - len : `0`;
409	}
410
411	static struct atmel_aes_dev atmel_aes_dev_alloc(struct* atmel_aes_base_ctx *ctx)
412	{
413	struct atmel_aes_dev *aes_dd;
414
415	spin_lock_bh(lock: &atmel_aes.lock);
416	/ One AES IP per SoC. /
417	aes_dd = list_first_entry_or_null(&atmel_aes.dev_list,
418	struct atmel_aes_dev, list);
419	spin_unlock_bh(lock: &atmel_aes.lock);
420	return aes_dd;
421	}
422
423	static int atmel_aes_hw_init(struct atmel_aes_dev *dd)
424	{
425	int err;
426
427	err = clk_enable(clk: dd->iclk);
428	if (err)
429	return err;
430
431	atmel_aes_write(dd, AES_CR, AES_CR_SWRST);
432	atmel_aes_write(dd, AES_MR, value: `0xE` << AES_MR_CKEY_OFFSET);
433
434	return `0`;
435	}
436
437	static inline unsigned int atmel_aes_get_version(struct atmel_aes_dev *dd)
438	{
439	return atmel_aes_read(dd, AES_HW_VERSION) & `0x00000fff`;
440	}
441
442	static int atmel_aes_hw_version_init(struct atmel_aes_dev *dd)
443	{
444	int err;
445
446	err = atmel_aes_hw_init(dd);
447	if (err)
448	return err;
449
450	dd->hw_version = atmel_aes_get_version(dd);
451
452	dev_info(dd->dev, "version: 0x%x\n", dd->hw_version);
453
454	clk_disable(clk: dd->iclk);
455	return `0`;
456	}
457
458	static inline void atmel_aes_set_mode(struct atmel_aes_dev *dd,
459	const struct atmel_aes_reqctx *rctx)
460	{
461	/ Clear all but persistent flags and set request flags. /
462	dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) \| rctx->mode;
463	}
464
465	static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd)
466	{
467	return (dd->flags & AES_FLAGS_ENCRYPT);
468	}
469
470	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
471	static void atmel_aes_authenc_complete(struct atmel_aes_dev dd, int* err);
472	#endif
473
474	static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd)
475	{
476	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
477	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
478	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
479	unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher);
480
481	if (req->cryptlen < ivsize)
482	return;
483
484	if (rctx->mode & AES_FLAGS_ENCRYPT)
485	scatterwalk_map_and_copy(buf: req->iv, sg: req->dst,
486	start: req->cryptlen - ivsize, nbytes: ivsize, out: `0`);
487	else
488	memcpy(req->iv, rctx->lastc, ivsize);
489	}
490
491	static inline struct atmel_aes_ctr_ctx *
492	atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx)
493	{
494	return container_of(ctx, struct atmel_aes_ctr_ctx, base);
495	}
496
497	static void atmel_aes_ctr_update_req_iv(struct atmel_aes_dev *dd)
498	{
499	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx);
500	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
501	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
502	unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher);
503	int i;
504
505	/*
506	* The CTR transfer works in fragments of data of maximum 1 MByte
507	* because of the 16 bit CTR counter embedded in the IP. When reaching
508	* here, ctx->blocks contains the number of blocks of the last fragment
509	* processed, there is no need to explicit cast it to u16.
510	*/
511	for (i = `0`; i < ctx->blocks; i++)
512	crypto_inc(a: (u8 *)ctx->iv, AES_BLOCK_SIZE);
513
514	memcpy(req->iv, ctx->iv, ivsize);
515	}
516
517	static inline int atmel_aes_complete(struct atmel_aes_dev dd, int* err)
518	{
519	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
520	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
521
522	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
523	if (dd->ctx->is_aead)
524	atmel_aes_authenc_complete(dd, err);
525	#endif
526
527	clk_disable(clk: dd->iclk);
528	dd->flags &= ~AES_FLAGS_BUSY;
529
530	if (!err && !dd->ctx->is_aead &&
531	(rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB) {
532	if ((rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_CTR)
533	atmel_aes_set_iv_as_last_ciphertext_block(dd);
534	else
535	atmel_aes_ctr_update_req_iv(dd);
536	}
537
538	if (dd->is_async)
539	crypto_request_complete(req: dd->areq, err);
540
541	tasklet_schedule(t: &dd->queue_task);
542
543	return err;
544	}
545
546	static void atmel_aes_write_ctrl_key(struct atmel_aes_dev *dd, bool use_dma,
547	const __be32 iv, const* u32 key, int* keylen)
548	{
549	u32 valmr = `0`;
550
551	/ MR register must be set before IV registers /
552	if (keylen == AES_KEYSIZE_128)
553	valmr \|= AES_MR_KEYSIZE_128;
554	else if (keylen == AES_KEYSIZE_192)
555	valmr \|= AES_MR_KEYSIZE_192;
556	else
557	valmr \|= AES_MR_KEYSIZE_256;
558
559	valmr \|= dd->flags & AES_FLAGS_MODE_MASK;
560
561	if (use_dma) {
562	valmr \|= AES_MR_SMOD_IDATAR0;
563	if (dd->caps.has_dualbuff)
564	valmr \|= AES_MR_DUALBUFF;
565	} else {
566	valmr \|= AES_MR_SMOD_AUTO;
567	}
568
569	atmel_aes_write(dd, AES_MR, value: valmr);
570
571	atmel_aes_write_n(dd, AES_KEYWR(`0`), value: key, SIZE_IN_WORDS(keylen));
572
573	if (iv && (valmr & AES_MR_OPMOD_MASK) != AES_MR_OPMOD_ECB)
574	atmel_aes_write_block(dd, AES_IVR(`0`), value: iv);
575	}
576
577	static inline void atmel_aes_write_ctrl(struct atmel_aes_dev *dd, bool use_dma,
578	const __be32 *iv)
579
580	{
581	atmel_aes_write_ctrl_key(dd, use_dma, iv,
582	key: dd->ctx->key, keylen: dd->ctx->keylen);
583	}
584
585	/ CPU transfer /
586
587	static int atmel_aes_cpu_transfer(struct atmel_aes_dev *dd)
588	{
589	int err = `0`;
590	u32 isr;
591
592	for (;;) {
593	atmel_aes_read_block(dd, AES_ODATAR(`0`), value: dd->data);
594	dd->data += `4`;
595	dd->datalen -= AES_BLOCK_SIZE;
596
597	if (dd->datalen < AES_BLOCK_SIZE)
598	break;
599
600	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: dd->data);
601
602	isr = atmel_aes_read(dd, AES_ISR);
603	if (!(isr & AES_INT_DATARDY)) {
604	dd->resume = atmel_aes_cpu_transfer;
605	atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
606	return -EINPROGRESS;
607	}
608	}
609
610	if (!sg_copy_from_buffer(sgl: dd->real_dst, nents: sg_nents(sg: dd->real_dst),
611	buf: dd->buf, buflen: dd->total))
612	err = -EINVAL;
613
614	if (err)
615	return atmel_aes_complete(dd, err);
616
617	return dd->cpu_transfer_complete(dd);
618	}
619
620	static int atmel_aes_cpu_start(struct atmel_aes_dev *dd,
621	struct scatterlist *src,
622	struct scatterlist *dst,
623	size_t len,
624	atmel_aes_fn_t resume)
625	{
626	size_t padlen = atmel_aes_padlen(len, AES_BLOCK_SIZE);
627
628	if (unlikely(len == `0`))
629	return -EINVAL;
630
631	sg_copy_to_buffer(sgl: src, nents: sg_nents(sg: src), buf: dd->buf, buflen: len);
632
633	dd->total = len;
634	dd->real_dst = dst;
635	dd->cpu_transfer_complete = resume;
636	dd->datalen = len + padlen;
637	dd->data = (u32 *)dd->buf;
638	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: dd->data);
639	return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_cpu_transfer);
640	}
641
642
643	/ DMA transfer /
644
645	static void atmel_aes_dma_callback(void *data);
646
647	static bool atmel_aes_check_aligned(struct atmel_aes_dev *dd,
648	struct scatterlist *sg,
649	size_t len,
650	struct atmel_aes_dma *dma)
651	{
652	int nents;
653
654	if (!IS_ALIGNED(len, dd->ctx->block_size))
655	return false;
656
657	for (nents = `0`; sg; sg = sg_next(sg), ++nents) {
658	if (!IS_ALIGNED(sg->offset, sizeof(u32)))
659	return false;
660
661	if (len <= sg->length) {
662	if (!IS_ALIGNED(len, dd->ctx->block_size))
663	return false;
664
665	dma->nents = nents+`1`;
666	dma->remainder = sg->length - len;
667	sg->length = len;
668	return true;
669	}
670
671	if (!IS_ALIGNED(sg->length, dd->ctx->block_size))
672	return false;
673
674	len -= sg->length;
675	}
676
677	return false;
678	}
679
680	static inline void atmel_aes_restore_sg(const struct atmel_aes_dma *dma)
681	{
682	struct scatterlist *sg = dma->sg;
683	int nents = dma->nents;
684
685	if (!dma->remainder)
686	return;
687
688	while (--nents > `0` && sg)
689	sg = sg_next(sg);
690
691	if (!sg)
692	return;
693
694	sg->length += dma->remainder;
695	}
696
697	static int atmel_aes_map(struct atmel_aes_dev *dd,
698	struct scatterlist *src,
699	struct scatterlist *dst,
700	size_t len)
701	{
702	bool src_aligned, dst_aligned;
703	size_t padlen;
704
705	dd->total = len;
706	dd->src.sg = src;
707	dd->dst.sg = dst;
708	dd->real_dst = dst;
709
710	src_aligned = atmel_aes_check_aligned(dd, sg: src, len, dma: &dd->src);
711	if (src == dst)
712	dst_aligned = src_aligned;
713	else
714	dst_aligned = atmel_aes_check_aligned(dd, sg: dst, len, dma: &dd->dst);
715	if (!src_aligned \|\| !dst_aligned) {
716	padlen = atmel_aes_padlen(len, block_size: dd->ctx->block_size);
717
718	if (dd->buflen < len + padlen)
719	return -ENOMEM;
720
721	if (!src_aligned) {
722	sg_copy_to_buffer(sgl: src, nents: sg_nents(sg: src), buf: dd->buf, buflen: len);
723	dd->src.sg = &dd->aligned_sg;
724	dd->src.nents = `1`;
725	dd->src.remainder = `0`;
726	}
727
728	if (!dst_aligned) {
729	dd->dst.sg = &dd->aligned_sg;
730	dd->dst.nents = `1`;
731	dd->dst.remainder = `0`;
732	}
733
734	sg_init_table(&dd->aligned_sg, `1`);
735	sg_set_buf(sg: &dd->aligned_sg, buf: dd->buf, buflen: len + padlen);
736	}
737
738	if (dd->src.sg == dd->dst.sg) {
739	dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
740	DMA_BIDIRECTIONAL);
741	dd->dst.sg_len = dd->src.sg_len;
742	if (!dd->src.sg_len)
743	return -EFAULT;
744	} else {
745	dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
746	DMA_TO_DEVICE);
747	if (!dd->src.sg_len)
748	return -EFAULT;
749
750	dd->dst.sg_len = dma_map_sg(dd->dev, dd->dst.sg, dd->dst.nents,
751	DMA_FROM_DEVICE);
752	if (!dd->dst.sg_len) {
753	dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
754	DMA_TO_DEVICE);
755	return -EFAULT;
756	}
757	}
758
759	return `0`;
760	}
761
762	static void atmel_aes_unmap(struct atmel_aes_dev *dd)
763	{
764	if (dd->src.sg == dd->dst.sg) {
765	dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
766	DMA_BIDIRECTIONAL);
767
768	if (dd->src.sg != &dd->aligned_sg)
769	atmel_aes_restore_sg(dma: &dd->src);
770	} else {
771	dma_unmap_sg(dd->dev, dd->dst.sg, dd->dst.nents,
772	DMA_FROM_DEVICE);
773
774	if (dd->dst.sg != &dd->aligned_sg)
775	atmel_aes_restore_sg(dma: &dd->dst);
776
777	dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
778	DMA_TO_DEVICE);
779
780	if (dd->src.sg != &dd->aligned_sg)
781	atmel_aes_restore_sg(dma: &dd->src);
782	}
783
784	if (dd->dst.sg == &dd->aligned_sg)
785	sg_copy_from_buffer(sgl: dd->real_dst, nents: sg_nents(sg: dd->real_dst),
786	buf: dd->buf, buflen: dd->total);
787	}
788
789	static int atmel_aes_dma_transfer_start(struct atmel_aes_dev *dd,
790	enum dma_slave_buswidth addr_width,
791	enum dma_transfer_direction dir,
792	u32 maxburst)
793	{
794	struct dma_async_tx_descriptor *desc;
795	struct dma_slave_config config;
796	dma_async_tx_callback callback;
797	struct atmel_aes_dma *dma;
798	int err;
799
800	memset(&config, `0`, sizeof(config));
801	config.src_addr_width = addr_width;
802	config.dst_addr_width = addr_width;
803	config.src_maxburst = maxburst;
804	config.dst_maxburst = maxburst;
805
806	switch (dir) {
807	case DMA_MEM_TO_DEV:
808	dma = &dd->src;
809	callback = NULL;
810	config.dst_addr = dd->phys_base + AES_IDATAR(`0`);
811	break;
812
813	case DMA_DEV_TO_MEM:
814	dma = &dd->dst;
815	callback = atmel_aes_dma_callback;
816	config.src_addr = dd->phys_base + AES_ODATAR(`0`);
817	break;
818
819	default:
820	return -EINVAL;
821	}
822
823	err = dmaengine_slave_config(chan: dma->chan, config: &config);
824	if (err)
825	return err;
826
827	desc = dmaengine_prep_slave_sg(chan: dma->chan, sgl: dma->sg, sg_len: dma->sg_len, dir,
828	flags: DMA_PREP_INTERRUPT \| DMA_CTRL_ACK);
829	if (!desc)
830	return -ENOMEM;
831
832	desc->callback = callback;
833	desc->callback_param = dd;
834	dmaengine_submit(desc);
835	dma_async_issue_pending(chan: dma->chan);
836
837	return `0`;
838	}
839
840	static int atmel_aes_dma_start(struct atmel_aes_dev *dd,
841	struct scatterlist *src,
842	struct scatterlist *dst,
843	size_t len,
844	atmel_aes_fn_t resume)
845	{
846	enum dma_slave_buswidth addr_width;
847	u32 maxburst;
848	int err;
849
850	switch (dd->ctx->block_size) {
851	case AES_BLOCK_SIZE:
852	addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
853	maxburst = dd->caps.max_burst_size;
854	break;
855
856	default:
857	err = -EINVAL;
858	goto exit;
859	}
860
861	err = atmel_aes_map(dd, src, dst, len);
862	if (err)
863	goto exit;
864
865	dd->resume = resume;
866
867	/ Set output DMA transfer first /
868	err = atmel_aes_dma_transfer_start(dd, addr_width, dir: DMA_DEV_TO_MEM,
869	maxburst);
870	if (err)
871	goto unmap;
872
873	/ Then set input DMA transfer /
874	err = atmel_aes_dma_transfer_start(dd, addr_width, dir: DMA_MEM_TO_DEV,
875	maxburst);
876	if (err)
877	goto output_transfer_stop;
878
879	return -EINPROGRESS;
880
881	output_transfer_stop:
882	dmaengine_terminate_sync(chan: dd->dst.chan);
883	unmap:
884	atmel_aes_unmap(dd);
885	exit:
886	return atmel_aes_complete(dd, err);
887	}
888
889	static void atmel_aes_dma_callback(void *data)
890	{
891	struct atmel_aes_dev *dd = data;
892
893	atmel_aes_unmap(dd);
894	dd->is_async = true;
895	(void)dd->resume(dd);
896	}
897
898	static int atmel_aes_handle_queue(struct atmel_aes_dev *dd,
899	struct crypto_async_request *new_areq)
900	{
901	struct crypto_async_request areq, backlog;
902	struct atmel_aes_base_ctx *ctx;
903	unsigned long flags;
904	bool start_async;
905	int err, ret = `0`;
906
907	spin_lock_irqsave(&dd->lock, flags);
908	if (new_areq)
909	ret = crypto_enqueue_request(queue: &dd->queue, request: new_areq);
910	if (dd->flags & AES_FLAGS_BUSY) {
911	spin_unlock_irqrestore(lock: &dd->lock, flags);
912	return ret;
913	}
914	backlog = crypto_get_backlog(queue: &dd->queue);
915	areq = crypto_dequeue_request(queue: &dd->queue);
916	if (areq)
917	dd->flags \|= AES_FLAGS_BUSY;
918	spin_unlock_irqrestore(lock: &dd->lock, flags);
919
920	if (!areq)
921	return ret;
922
923	if (backlog)
924	crypto_request_complete(req: backlog, err: -EINPROGRESS);
925
926	ctx = crypto_tfm_ctx(tfm: areq->tfm);
927
928	dd->areq = areq;
929	dd->ctx = ctx;
930	start_async = (areq != new_areq);
931	dd->is_async = start_async;
932
933	/ WARNING: ctx->start() MAY change dd->is_async. /
934	err = ctx->start(dd);
935	return (start_async) ? ret : err;
936	}
937
938
939	/ AES async block ciphers /
940
941	static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd)
942	{
943	return atmel_aes_complete(dd, err: `0`);
944	}
945
946	static int atmel_aes_start(struct atmel_aes_dev *dd)
947	{
948	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
949	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
950	bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD \|\|
951	dd->ctx->block_size != AES_BLOCK_SIZE);
952	int err;
953
954	atmel_aes_set_mode(dd, rctx);
955
956	err = atmel_aes_hw_init(dd);
957	if (err)
958	return atmel_aes_complete(dd, err);
959
960	atmel_aes_write_ctrl(dd, use_dma, iv: (void *)req->iv);
961	if (use_dma)
962	return atmel_aes_dma_start(dd, src: req->src, dst: req->dst,
963	len: req->cryptlen,
964	resume: atmel_aes_transfer_complete);
965
966	return atmel_aes_cpu_start(dd, src: req->src, dst: req->dst, len: req->cryptlen,
967	resume: atmel_aes_transfer_complete);
968	}
969
970	static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
971	{
972	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx);
973	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
974	struct scatterlist src, dst;
975	size_t datalen;
976	u32 ctr;
977	u16 start, end;
978	bool use_dma, fragmented = false;
979
980	/ Check for transfer completion. /
981	ctx->offset += dd->total;
982	if (ctx->offset >= req->cryptlen)
983	return atmel_aes_transfer_complete(dd);
984
985	/ Compute data length. /
986	datalen = req->cryptlen - ctx->offset;
987	ctx->blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
988	ctr = be32_to_cpu(ctx->iv[`3`]);
989
990	/ Check 16bit counter overflow. /
991	start = ctr & `0xffff`;
992	end = start + ctx->blocks - `1`;
993
994	if (ctx->blocks >> `16` \|\| end < start) {
995	ctr \|= `0xffff`;
996	datalen = AES_BLOCK_SIZE * (`0x10000` - start);
997	fragmented = true;
998	}
999
1000	use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
1001
1002	/ Jump to offset. /
1003	src = scatterwalk_ffwd(dst: ctx->src, src: req->src, len: ctx->offset);
1004	dst = ((req->src == req->dst) ? src :
1005	scatterwalk_ffwd(dst: ctx->dst, src: req->dst, len: ctx->offset));
1006
1007	/ Configure hardware. /
1008	atmel_aes_write_ctrl(dd, use_dma, iv: ctx->iv);
1009	if (unlikely(fragmented)) {
1010	/*
1011	* Increment the counter manually to cope with the hardware
1012	* counter overflow.
1013	*/
1014	ctx->iv[`3`] = cpu_to_be32(ctr);
1015	crypto_inc(a: (u8 *)ctx->iv, AES_BLOCK_SIZE);
1016	}
1017
1018	if (use_dma)
1019	return atmel_aes_dma_start(dd, src, dst, len: datalen,
1020	resume: atmel_aes_ctr_transfer);
1021
1022	return atmel_aes_cpu_start(dd, src, dst, len: datalen,
1023	resume: atmel_aes_ctr_transfer);
1024	}
1025
1026	static int atmel_aes_ctr_start(struct atmel_aes_dev *dd)
1027	{
1028	struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx);
1029	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
1030	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1031	int err;
1032
1033	atmel_aes_set_mode(dd, rctx);
1034
1035	err = atmel_aes_hw_init(dd);
1036	if (err)
1037	return atmel_aes_complete(dd, err);
1038
1039	memcpy(ctx->iv, req->iv, AES_BLOCK_SIZE);
1040	ctx->offset = `0`;
1041	dd->total = `0`;
1042	return atmel_aes_ctr_transfer(dd);
1043	}
1044
1045	static int atmel_aes_xts_fallback(struct skcipher_request *req, bool enc)
1046	{
1047	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1048	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(
1049	tfm: crypto_skcipher_reqtfm(req));
1050
1051	skcipher_request_set_tfm(req: &rctx->fallback_req, tfm: ctx->fallback_tfm);
1052	skcipher_request_set_callback(req: &rctx->fallback_req, flags: req->base.flags,
1053	compl: req->base.complete, data: req->base.data);
1054	skcipher_request_set_crypt(req: &rctx->fallback_req, src: req->src, dst: req->dst,
1055	cryptlen: req->cryptlen, iv: req->iv);
1056
1057	return enc ? crypto_skcipher_encrypt(req: &rctx->fallback_req) :
1058	crypto_skcipher_decrypt(req: &rctx->fallback_req);
1059	}
1060
1061	static int atmel_aes_crypt(struct skcipher_request req, unsigned* long mode)
1062	{
1063	struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1064	struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm: skcipher);
1065	struct atmel_aes_reqctx *rctx;
1066	u32 opmode = mode & AES_FLAGS_OPMODE_MASK;
1067
1068	if (opmode == AES_FLAGS_XTS) {
1069	if (req->cryptlen < XTS_BLOCK_SIZE)
1070	return -EINVAL;
1071
1072	if (!IS_ALIGNED(req->cryptlen, XTS_BLOCK_SIZE))
1073	return atmel_aes_xts_fallback(req,
1074	enc: mode & AES_FLAGS_ENCRYPT);
1075	}
1076
1077	/*
1078	* ECB, CBC or CTR mode require the plaintext and ciphertext
1079	* to have a positve integer length.
1080	*/
1081	if (!req->cryptlen && opmode != AES_FLAGS_XTS)
1082	return `0`;
1083
1084	if ((opmode == AES_FLAGS_ECB \|\| opmode == AES_FLAGS_CBC) &&
1085	!IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(skcipher)))
1086	return -EINVAL;
1087
1088	ctx->block_size = AES_BLOCK_SIZE;
1089	ctx->is_aead = false;
1090
1091	rctx = skcipher_request_ctx(req);
1092	rctx->mode = mode;
1093
1094	if (opmode != AES_FLAGS_ECB &&
1095	!(mode & AES_FLAGS_ENCRYPT)) {
1096	unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher);
1097
1098	if (req->cryptlen >= ivsize)
1099	scatterwalk_map_and_copy(buf: rctx->lastc, sg: req->src,
1100	start: req->cryptlen - ivsize,
1101	nbytes: ivsize, out: `0`);
1102	}
1103
1104	return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base);
1105	}
1106
1107	static int atmel_aes_setkey(struct crypto_skcipher tfm, const* u8 *key,
1108	unsigned int keylen)
1109	{
1110	struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm);
1111
1112	if (keylen != AES_KEYSIZE_128 &&
1113	keylen != AES_KEYSIZE_192 &&
1114	keylen != AES_KEYSIZE_256)
1115	return -EINVAL;
1116
1117	memcpy(ctx->key, key, keylen);
1118	ctx->keylen = keylen;
1119
1120	return `0`;
1121	}
1122
1123	static int atmel_aes_ecb_encrypt(struct skcipher_request *req)
1124	{
1125	return atmel_aes_crypt(req, AES_FLAGS_ECB \| AES_FLAGS_ENCRYPT);
1126	}
1127
1128	static int atmel_aes_ecb_decrypt(struct skcipher_request *req)
1129	{
1130	return atmel_aes_crypt(req, AES_FLAGS_ECB);
1131	}
1132
1133	static int atmel_aes_cbc_encrypt(struct skcipher_request *req)
1134	{
1135	return atmel_aes_crypt(req, AES_FLAGS_CBC \| AES_FLAGS_ENCRYPT);
1136	}
1137
1138	static int atmel_aes_cbc_decrypt(struct skcipher_request *req)
1139	{
1140	return atmel_aes_crypt(req, AES_FLAGS_CBC);
1141	}
1142
1143	static int atmel_aes_ctr_encrypt(struct skcipher_request *req)
1144	{
1145	return atmel_aes_crypt(req, AES_FLAGS_CTR \| AES_FLAGS_ENCRYPT);
1146	}
1147
1148	static int atmel_aes_ctr_decrypt(struct skcipher_request *req)
1149	{
1150	return atmel_aes_crypt(req, AES_FLAGS_CTR);
1151	}
1152
1153	static int atmel_aes_init_tfm(struct crypto_skcipher *tfm)
1154	{
1155	struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
1156	struct atmel_aes_dev *dd;
1157
1158	dd = atmel_aes_dev_alloc(ctx: &ctx->base);
1159	if (!dd)
1160	return -ENODEV;
1161
1162	crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx));
1163	ctx->base.dd = dd;
1164	ctx->base.start = atmel_aes_start;
1165
1166	return `0`;
1167	}
1168
1169	static int atmel_aes_ctr_init_tfm(struct crypto_skcipher *tfm)
1170	{
1171	struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm);
1172	struct atmel_aes_dev *dd;
1173
1174	dd = atmel_aes_dev_alloc(ctx: &ctx->base);
1175	if (!dd)
1176	return -ENODEV;
1177
1178	crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx));
1179	ctx->base.dd = dd;
1180	ctx->base.start = atmel_aes_ctr_start;
1181
1182	return `0`;
1183	}
1184
1185	static struct skcipher_alg aes_algs[] = {
1186	{
1187	.base.cra_name = "ecb(aes)",
1188	.base.cra_driver_name = "atmel-ecb-aes",
1189	.base.cra_blocksize = AES_BLOCK_SIZE,
1190	.base.cra_ctxsize = sizeof(struct atmel_aes_ctx),
1191
1192	.init = atmel_aes_init_tfm,
1193	.min_keysize = AES_MIN_KEY_SIZE,
1194	.max_keysize = AES_MAX_KEY_SIZE,
1195	.setkey = atmel_aes_setkey,
1196	.encrypt = atmel_aes_ecb_encrypt,
1197	.decrypt = atmel_aes_ecb_decrypt,
1198	},
1199	{
1200	.base.cra_name = "cbc(aes)",
1201	.base.cra_driver_name = "atmel-cbc-aes",
1202	.base.cra_blocksize = AES_BLOCK_SIZE,
1203	.base.cra_ctxsize = sizeof(struct atmel_aes_ctx),
1204
1205	.init = atmel_aes_init_tfm,
1206	.min_keysize = AES_MIN_KEY_SIZE,
1207	.max_keysize = AES_MAX_KEY_SIZE,
1208	.setkey = atmel_aes_setkey,
1209	.encrypt = atmel_aes_cbc_encrypt,
1210	.decrypt = atmel_aes_cbc_decrypt,
1211	.ivsize = AES_BLOCK_SIZE,
1212	},
1213	{
1214	.base.cra_name = "ctr(aes)",
1215	.base.cra_driver_name = "atmel-ctr-aes",
1216	.base.cra_blocksize = `1`,
1217	.base.cra_ctxsize = sizeof(struct atmel_aes_ctr_ctx),
1218
1219	.init = atmel_aes_ctr_init_tfm,
1220	.min_keysize = AES_MIN_KEY_SIZE,
1221	.max_keysize = AES_MAX_KEY_SIZE,
1222	.setkey = atmel_aes_setkey,
1223	.encrypt = atmel_aes_ctr_encrypt,
1224	.decrypt = atmel_aes_ctr_decrypt,
1225	.ivsize = AES_BLOCK_SIZE,
1226	},
1227	};
1228
1229
1230	/ gcm aead functions /
1231
1232	static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1233	const u32 *data, size_t datalen,
1234	const __be32 ghash_in, __be32 ghash_out,
1235	atmel_aes_fn_t resume);
1236	static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd);
1237	static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd);
1238
1239	static int atmel_aes_gcm_start(struct atmel_aes_dev *dd);
1240	static int atmel_aes_gcm_process(struct atmel_aes_dev *dd);
1241	static int atmel_aes_gcm_length(struct atmel_aes_dev *dd);
1242	static int atmel_aes_gcm_data(struct atmel_aes_dev *dd);
1243	static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd);
1244	static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd);
1245	static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd);
1246
1247	static inline struct atmel_aes_gcm_ctx *
1248	atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx)
1249	{
1250	return container_of(ctx, struct atmel_aes_gcm_ctx, base);
1251	}
1252
1253	static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1254	const u32 *data, size_t datalen,
1255	const __be32 ghash_in, __be32 ghash_out,
1256	atmel_aes_fn_t resume)
1257	{
1258	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1259
1260	dd->data = (u32 *)data;
1261	dd->datalen = datalen;
1262	ctx->ghash_in = ghash_in;
1263	ctx->ghash_out = ghash_out;
1264	ctx->ghash_resume = resume;
1265
1266	atmel_aes_write_ctrl(dd, use_dma: false, NULL);
1267	return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_ghash_init);
1268	}
1269
1270	static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd)
1271	{
1272	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1273
1274	/ Set the data length. /
1275	atmel_aes_write(dd, AES_AADLENR, value: dd->total);
1276	atmel_aes_write(dd, AES_CLENR, value: `0`);
1277
1278	/ If needed, overwrite the GCM Intermediate Hash Word Registers /
1279	if (ctx->ghash_in)
1280	atmel_aes_write_block(dd, AES_GHASHR(`0`), value: ctx->ghash_in);
1281
1282	return atmel_aes_gcm_ghash_finalize(dd);
1283	}
1284
1285	static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd)
1286	{
1287	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1288	u32 isr;
1289
1290	/ Write data into the Input Data Registers. /
1291	while (dd->datalen > `0`) {
1292	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: dd->data);
1293	dd->data += `4`;
1294	dd->datalen -= AES_BLOCK_SIZE;
1295
1296	isr = atmel_aes_read(dd, AES_ISR);
1297	if (!(isr & AES_INT_DATARDY)) {
1298	dd->resume = atmel_aes_gcm_ghash_finalize;
1299	atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1300	return -EINPROGRESS;
1301	}
1302	}
1303
1304	/ Read the computed hash from GHASHRx. /
1305	atmel_aes_read_block(dd, AES_GHASHR(`0`), value: ctx->ghash_out);
1306
1307	return ctx->ghash_resume(dd);
1308	}
1309
1310
1311	static int atmel_aes_gcm_start(struct atmel_aes_dev *dd)
1312	{
1313	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1314	struct aead_request *req = aead_request_cast(req: dd->areq);
1315	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1316	struct atmel_aes_reqctx *rctx = aead_request_ctx(req);
1317	size_t ivsize = crypto_aead_ivsize(tfm);
1318	size_t datalen, padlen;
1319	const void *iv = req->iv;
1320	u8 *data = dd->buf;
1321	int err;
1322
1323	atmel_aes_set_mode(dd, rctx);
1324
1325	err = atmel_aes_hw_init(dd);
1326	if (err)
1327	return atmel_aes_complete(dd, err);
1328
1329	if (likely(ivsize == GCM_AES_IV_SIZE)) {
1330	memcpy(ctx->j0, iv, ivsize);
1331	ctx->j0[`3`] = cpu_to_be32(`1`);
1332	return atmel_aes_gcm_process(dd);
1333	}
1334
1335	padlen = atmel_aes_padlen(len: ivsize, AES_BLOCK_SIZE);
1336	datalen = ivsize + padlen + AES_BLOCK_SIZE;
1337	if (datalen > dd->buflen)
1338	return atmel_aes_complete(dd, err: -EINVAL);
1339
1340	memcpy(data, iv, ivsize);
1341	memset(data + ivsize, `0`, padlen + sizeof(u64));
1342	((__be64 )(data + datalen))[-`1`] = cpu_to_be64(ivsize `8`);
1343
1344	return atmel_aes_gcm_ghash(dd, data: (const u32 *)data, datalen,
1345	NULL, ghash_out: ctx->j0, resume: atmel_aes_gcm_process);
1346	}
1347
1348	static int atmel_aes_gcm_process(struct atmel_aes_dev *dd)
1349	{
1350	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1351	struct aead_request *req = aead_request_cast(req: dd->areq);
1352	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1353	bool enc = atmel_aes_is_encrypt(dd);
1354	u32 authsize;
1355
1356	/ Compute text length. /
1357	authsize = crypto_aead_authsize(tfm);
1358	ctx->textlen = req->cryptlen - (enc ? `0` : authsize);
1359
1360	/*
1361	* According to tcrypt test suite, the GCM Automatic Tag Generation
1362	* fails when both the message and its associated data are empty.
1363	*/
1364	if (likely(req->assoclen != `0` \|\| ctx->textlen != `0`))
1365	dd->flags \|= AES_FLAGS_GTAGEN;
1366
1367	atmel_aes_write_ctrl(dd, use_dma: false, NULL);
1368	return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_length);
1369	}
1370
1371	static int atmel_aes_gcm_length(struct atmel_aes_dev *dd)
1372	{
1373	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1374	struct aead_request *req = aead_request_cast(req: dd->areq);
1375	__be32 j0_lsw, *j0 = ctx->j0;
1376	size_t padlen;
1377
1378	/ Write incr32(J0) into IV. /
1379	j0_lsw = j0[`3`];
1380	be32_add_cpu(var: &j0[`3`], val: `1`);
1381	atmel_aes_write_block(dd, AES_IVR(`0`), value: j0);
1382	j0[`3`] = j0_lsw;
1383
1384	/ Set aad and text lengths. /
1385	atmel_aes_write(dd, AES_AADLENR, value: req->assoclen);
1386	atmel_aes_write(dd, AES_CLENR, value: ctx->textlen);
1387
1388	/ Check whether AAD are present. /
1389	if (unlikely(req->assoclen == `0`)) {
1390	dd->datalen = `0`;
1391	return atmel_aes_gcm_data(dd);
1392	}
1393
1394	/ Copy assoc data and add padding. /
1395	padlen = atmel_aes_padlen(len: req->assoclen, AES_BLOCK_SIZE);
1396	if (unlikely(req->assoclen + padlen > dd->buflen))
1397	return atmel_aes_complete(dd, err: -EINVAL);
1398	sg_copy_to_buffer(sgl: req->src, nents: sg_nents(sg: req->src), buf: dd->buf, buflen: req->assoclen);
1399
1400	/ Write assoc data into the Input Data register. /
1401	dd->data = (u32 *)dd->buf;
1402	dd->datalen = req->assoclen + padlen;
1403	return atmel_aes_gcm_data(dd);
1404	}
1405
1406	static int atmel_aes_gcm_data(struct atmel_aes_dev *dd)
1407	{
1408	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1409	struct aead_request *req = aead_request_cast(req: dd->areq);
1410	bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD);
1411	struct scatterlist src, dst;
1412	u32 isr, mr;
1413
1414	/ Write AAD first. /
1415	while (dd->datalen > `0`) {
1416	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: dd->data);
1417	dd->data += `4`;
1418	dd->datalen -= AES_BLOCK_SIZE;
1419
1420	isr = atmel_aes_read(dd, AES_ISR);
1421	if (!(isr & AES_INT_DATARDY)) {
1422	dd->resume = atmel_aes_gcm_data;
1423	atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1424	return -EINPROGRESS;
1425	}
1426	}
1427
1428	/ GMAC only. /
1429	if (unlikely(ctx->textlen == `0`))
1430	return atmel_aes_gcm_tag_init(dd);
1431
1432	/ Prepare src and dst scatter lists to transfer cipher/plain texts /
1433	src = scatterwalk_ffwd(dst: ctx->src, src: req->src, len: req->assoclen);
1434	dst = ((req->src == req->dst) ? src :
1435	scatterwalk_ffwd(dst: ctx->dst, src: req->dst, len: req->assoclen));
1436
1437	if (use_dma) {
1438	/ Update the Mode Register for DMA transfers. /
1439	mr = atmel_aes_read(dd, AES_MR);
1440	mr &= ~(AES_MR_SMOD_MASK \| AES_MR_DUALBUFF);
1441	mr \|= AES_MR_SMOD_IDATAR0;
1442	if (dd->caps.has_dualbuff)
1443	mr \|= AES_MR_DUALBUFF;
1444	atmel_aes_write(dd, AES_MR, value: mr);
1445
1446	return atmel_aes_dma_start(dd, src, dst, len: ctx->textlen,
1447	resume: atmel_aes_gcm_tag_init);
1448	}
1449
1450	return atmel_aes_cpu_start(dd, src, dst, len: ctx->textlen,
1451	resume: atmel_aes_gcm_tag_init);
1452	}
1453
1454	static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd)
1455	{
1456	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1457	struct aead_request *req = aead_request_cast(req: dd->areq);
1458	__be64 *data = dd->buf;
1459
1460	if (likely(dd->flags & AES_FLAGS_GTAGEN)) {
1461	if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) {
1462	dd->resume = atmel_aes_gcm_tag_init;
1463	atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY);
1464	return -EINPROGRESS;
1465	}
1466
1467	return atmel_aes_gcm_finalize(dd);
1468	}
1469
1470	/ Read the GCM Intermediate Hash Word Registers. /
1471	atmel_aes_read_block(dd, AES_GHASHR(`0`), value: ctx->ghash);
1472
1473	data[`0`] = cpu_to_be64(req->assoclen * `8`);
1474	data[`1`] = cpu_to_be64(ctx->textlen * `8`);
1475
1476	return atmel_aes_gcm_ghash(dd, data: (const u32 *)data, AES_BLOCK_SIZE,
1477	ghash_in: ctx->ghash, ghash_out: ctx->ghash, resume: atmel_aes_gcm_tag);
1478	}
1479
1480	static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd)
1481	{
1482	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1483	unsigned long flags;
1484
1485	/*
1486	* Change mode to CTR to complete the tag generation.
1487	* Use J0 as Initialization Vector.
1488	*/
1489	flags = dd->flags;
1490	dd->flags &= ~(AES_FLAGS_OPMODE_MASK \| AES_FLAGS_GTAGEN);
1491	dd->flags \|= AES_FLAGS_CTR;
1492	atmel_aes_write_ctrl(dd, use_dma: false, iv: ctx->j0);
1493	dd->flags = flags;
1494
1495	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: ctx->ghash);
1496	return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_finalize);
1497	}
1498
1499	static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd)
1500	{
1501	struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx);
1502	struct aead_request *req = aead_request_cast(req: dd->areq);
1503	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1504	bool enc = atmel_aes_is_encrypt(dd);
1505	u32 offset, authsize, itag[`4`], *otag = ctx->tag;
1506	int err;
1507
1508	/ Read the computed tag. /
1509	if (likely(dd->flags & AES_FLAGS_GTAGEN))
1510	atmel_aes_read_block(dd, AES_TAGR(`0`), value: ctx->tag);
1511	else
1512	atmel_aes_read_block(dd, AES_ODATAR(`0`), value: ctx->tag);
1513
1514	offset = req->assoclen + ctx->textlen;
1515	authsize = crypto_aead_authsize(tfm);
1516	if (enc) {
1517	scatterwalk_map_and_copy(buf: otag, sg: req->dst, start: offset, nbytes: authsize, out: `1`);
1518	err = `0`;
1519	} else {
1520	scatterwalk_map_and_copy(buf: itag, sg: req->src, start: offset, nbytes: authsize, out: `0`);
1521	err = crypto_memneq(a: itag, b: otag, size: authsize) ? -EBADMSG : `0`;
1522	}
1523
1524	return atmel_aes_complete(dd, err);
1525	}
1526
1527	static int atmel_aes_gcm_crypt(struct aead_request *req,
1528	unsigned long mode)
1529	{
1530	struct atmel_aes_base_ctx *ctx;
1531	struct atmel_aes_reqctx *rctx;
1532
1533	ctx = crypto_aead_ctx(tfm: crypto_aead_reqtfm(req));
1534	ctx->block_size = AES_BLOCK_SIZE;
1535	ctx->is_aead = true;
1536
1537	rctx = aead_request_ctx(req);
1538	rctx->mode = AES_FLAGS_GCM \| mode;
1539
1540	return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base);
1541	}
1542
1543	static int atmel_aes_gcm_setkey(struct crypto_aead tfm, const* u8 *key,
1544	unsigned int keylen)
1545	{
1546	struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm);
1547
1548	if (keylen != AES_KEYSIZE_256 &&
1549	keylen != AES_KEYSIZE_192 &&
1550	keylen != AES_KEYSIZE_128)
1551	return -EINVAL;
1552
1553	memcpy(ctx->key, key, keylen);
1554	ctx->keylen = keylen;
1555
1556	return `0`;
1557	}
1558
1559	static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm,
1560	unsigned int authsize)
1561	{
1562	return crypto_gcm_check_authsize(authsize);
1563	}
1564
1565	static int atmel_aes_gcm_encrypt(struct aead_request *req)
1566	{
1567	return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT);
1568	}
1569
1570	static int atmel_aes_gcm_decrypt(struct aead_request *req)
1571	{
1572	return atmel_aes_gcm_crypt(req, mode: `0`);
1573	}
1574
1575	static int atmel_aes_gcm_init(struct crypto_aead *tfm)
1576	{
1577	struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
1578	struct atmel_aes_dev *dd;
1579
1580	dd = atmel_aes_dev_alloc(ctx: &ctx->base);
1581	if (!dd)
1582	return -ENODEV;
1583
1584	crypto_aead_set_reqsize(aead: tfm, reqsize: sizeof(struct atmel_aes_reqctx));
1585	ctx->base.dd = dd;
1586	ctx->base.start = atmel_aes_gcm_start;
1587
1588	return `0`;
1589	}
1590
1591	static struct aead_alg aes_gcm_alg = {
1592	.setkey = atmel_aes_gcm_setkey,
1593	.setauthsize = atmel_aes_gcm_setauthsize,
1594	.encrypt = atmel_aes_gcm_encrypt,
1595	.decrypt = atmel_aes_gcm_decrypt,
1596	.init = atmel_aes_gcm_init,
1597	.ivsize = GCM_AES_IV_SIZE,
1598	.maxauthsize = AES_BLOCK_SIZE,
1599
1600	.base = {
1601	.cra_name = "gcm(aes)",
1602	.cra_driver_name = "atmel-gcm-aes",
1603	.cra_blocksize = `1`,
1604	.cra_ctxsize = sizeof(struct atmel_aes_gcm_ctx),
1605	},
1606	};
1607
1608
1609	/ xts functions /
1610
1611	static inline struct atmel_aes_xts_ctx *
1612	atmel_aes_xts_ctx_cast(struct atmel_aes_base_ctx *ctx)
1613	{
1614	return container_of(ctx, struct atmel_aes_xts_ctx, base);
1615	}
1616
1617	static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd);
1618
1619	static int atmel_aes_xts_start(struct atmel_aes_dev *dd)
1620	{
1621	struct atmel_aes_xts_ctx *ctx = atmel_aes_xts_ctx_cast(ctx: dd->ctx);
1622	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
1623	struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req);
1624	unsigned long flags;
1625	int err;
1626
1627	atmel_aes_set_mode(dd, rctx);
1628
1629	err = atmel_aes_hw_init(dd);
1630	if (err)
1631	return atmel_aes_complete(dd, err);
1632
1633	/ Compute the tweak value from req->iv with ecb(aes). /
1634	flags = dd->flags;
1635	dd->flags &= ~AES_FLAGS_MODE_MASK;
1636	dd->flags \|= (AES_FLAGS_ECB \| AES_FLAGS_ENCRYPT);
1637	atmel_aes_write_ctrl_key(dd, use_dma: false, NULL,
1638	key: ctx->key2, keylen: ctx->base.keylen);
1639	dd->flags = flags;
1640
1641	atmel_aes_write_block(dd, AES_IDATAR(`0`), value: req->iv);
1642	return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_xts_process_data);
1643	}
1644
1645	static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd)
1646	{
1647	struct skcipher_request *req = skcipher_request_cast(req: dd->areq);
1648	bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD);
1649	u32 tweak[AES_BLOCK_SIZE / sizeof(u32)];
1650	static const __le32 one[AES_BLOCK_SIZE / sizeof(u32)] = {cpu_to_le32(`1`), };
1651	u8 tweak_bytes = (u8 )tweak;
1652	int i;
1653
1654	/ Read the computed ciphered tweak value. /
1655	atmel_aes_read_block(dd, AES_ODATAR(`0`), value: tweak);
1656	/*
1657	* Hardware quirk:
1658	* the order of the ciphered tweak bytes need to be reversed before
1659	* writing them into the ODATARx registers.
1660	*/
1661	for (i = `0`; i < AES_BLOCK_SIZE/`2`; ++i)
1662	swap(tweak_bytes[i], tweak_bytes[AES_BLOCK_SIZE - `1` - i]);
1663
1664	/ Process the data. /
1665	atmel_aes_write_ctrl(dd, use_dma, NULL);
1666	atmel_aes_write_block(dd, AES_TWR(`0`), value: tweak);
1667	atmel_aes_write_block(dd, AES_ALPHAR(`0`), value: one);
1668	if (use_dma)
1669	return atmel_aes_dma_start(dd, src: req->src, dst: req->dst,
1670	len: req->cryptlen,
1671	resume: atmel_aes_transfer_complete);
1672
1673	return atmel_aes_cpu_start(dd, src: req->src, dst: req->dst, len: req->cryptlen,
1674	resume: atmel_aes_transfer_complete);
1675	}
1676
1677	static int atmel_aes_xts_setkey(struct crypto_skcipher tfm, const* u8 *key,
1678	unsigned int keylen)
1679	{
1680	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1681	int err;
1682
1683	err = xts_verify_key(tfm, key, keylen);
1684	if (err)
1685	return err;
1686
1687	crypto_skcipher_clear_flags(tfm: ctx->fallback_tfm, CRYPTO_TFM_REQ_MASK);
1688	crypto_skcipher_set_flags(tfm: ctx->fallback_tfm, flags: tfm->base.crt_flags &
1689	CRYPTO_TFM_REQ_MASK);
1690	err = crypto_skcipher_setkey(tfm: ctx->fallback_tfm, key, keylen);
1691	if (err)
1692	return err;
1693
1694	memcpy(ctx->base.key, key, keylen/`2`);
1695	memcpy(ctx->key2, key + keylen/`2`, keylen/`2`);
1696	ctx->base.keylen = keylen/`2`;
1697
1698	return `0`;
1699	}
1700
1701	static int atmel_aes_xts_encrypt(struct skcipher_request *req)
1702	{
1703	return atmel_aes_crypt(req, AES_FLAGS_XTS \| AES_FLAGS_ENCRYPT);
1704	}
1705
1706	static int atmel_aes_xts_decrypt(struct skcipher_request *req)
1707	{
1708	return atmel_aes_crypt(req, AES_FLAGS_XTS);
1709	}
1710
1711	static int atmel_aes_xts_init_tfm(struct crypto_skcipher *tfm)
1712	{
1713	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1714	struct atmel_aes_dev *dd;
1715	const char *tfm_name = crypto_tfm_alg_name(tfm: &tfm->base);
1716
1717	dd = atmel_aes_dev_alloc(ctx: &ctx->base);
1718	if (!dd)
1719	return -ENODEV;
1720
1721	ctx->fallback_tfm = crypto_alloc_skcipher(alg_name: tfm_name, type: `0`,
1722	CRYPTO_ALG_NEED_FALLBACK);
1723	if (IS_ERR(ptr: ctx->fallback_tfm))
1724	return PTR_ERR(ptr: ctx->fallback_tfm);
1725
1726	crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx) +
1727	crypto_skcipher_reqsize(tfm: ctx->fallback_tfm));
1728	ctx->base.dd = dd;
1729	ctx->base.start = atmel_aes_xts_start;
1730
1731	return `0`;
1732	}
1733
1734	static void atmel_aes_xts_exit_tfm(struct crypto_skcipher *tfm)
1735	{
1736	struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
1737
1738	crypto_free_skcipher(tfm: ctx->fallback_tfm);
1739	}
1740
1741	static struct skcipher_alg aes_xts_alg = {
1742	.base.cra_name = "xts(aes)",
1743	.base.cra_driver_name = "atmel-xts-aes",
1744	.base.cra_blocksize = AES_BLOCK_SIZE,
1745	.base.cra_ctxsize = sizeof(struct atmel_aes_xts_ctx),
1746	.base.cra_flags = CRYPTO_ALG_NEED_FALLBACK,
1747
1748	.min_keysize = `2` * AES_MIN_KEY_SIZE,
1749	.max_keysize = `2` * AES_MAX_KEY_SIZE,
1750	.ivsize = AES_BLOCK_SIZE,
1751	.setkey = atmel_aes_xts_setkey,
1752	.encrypt = atmel_aes_xts_encrypt,
1753	.decrypt = atmel_aes_xts_decrypt,
1754	.init = atmel_aes_xts_init_tfm,
1755	.exit = atmel_aes_xts_exit_tfm,
1756	};
1757
1758	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
1759	/ authenc aead functions /
1760
1761	static int atmel_aes_authenc_start(struct atmel_aes_dev *dd);
1762	static int atmel_aes_authenc_init(struct atmel_aes_dev dd, int* err,
1763	bool is_async);
1764	static int atmel_aes_authenc_transfer(struct atmel_aes_dev dd, int* err,
1765	bool is_async);
1766	static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd);
1767	static int atmel_aes_authenc_final(struct atmel_aes_dev dd, int* err,
1768	bool is_async);
1769
1770	static void atmel_aes_authenc_complete(struct atmel_aes_dev dd, int* err)
1771	{
1772	struct aead_request *req = aead_request_cast(req: dd->areq);
1773	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1774
1775	if (err && (dd->flags & AES_FLAGS_OWN_SHA))
1776	atmel_sha_authenc_abort(req: &rctx->auth_req);
1777	dd->flags &= ~AES_FLAGS_OWN_SHA;
1778	}
1779
1780	static int atmel_aes_authenc_start(struct atmel_aes_dev *dd)
1781	{
1782	struct aead_request *req = aead_request_cast(req: dd->areq);
1783	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1784	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1785	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
1786	int err;
1787
1788	atmel_aes_set_mode(dd, rctx: &rctx->base);
1789
1790	err = atmel_aes_hw_init(dd);
1791	if (err)
1792	return atmel_aes_complete(dd, err);
1793
1794	return atmel_sha_authenc_schedule(req: &rctx->auth_req, auth: ctx->auth,
1795	cb: atmel_aes_authenc_init, dd);
1796	}
1797
1798	static int atmel_aes_authenc_init(struct atmel_aes_dev dd, int* err,
1799	bool is_async)
1800	{
1801	struct aead_request *req = aead_request_cast(req: dd->areq);
1802	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1803
1804	if (is_async)
1805	dd->is_async = true;
1806	if (err)
1807	return atmel_aes_complete(dd, err);
1808
1809	/ If here, we've got the ownership of the SHA device. /
1810	dd->flags \|= AES_FLAGS_OWN_SHA;
1811
1812	/ Configure the SHA device. /
1813	return atmel_sha_authenc_init(req: &rctx->auth_req,
1814	assoc: req->src, assoclen: req->assoclen,
1815	textlen: rctx->textlen,
1816	cb: atmel_aes_authenc_transfer, dd);
1817	}
1818
1819	static int atmel_aes_authenc_transfer(struct atmel_aes_dev dd, int* err,
1820	bool is_async)
1821	{
1822	struct aead_request *req = aead_request_cast(req: dd->areq);
1823	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1824	bool enc = atmel_aes_is_encrypt(dd);
1825	struct scatterlist src, dst;
1826	__be32 iv[AES_BLOCK_SIZE / sizeof(u32)];
1827	u32 emr;
1828
1829	if (is_async)
1830	dd->is_async = true;
1831	if (err)
1832	return atmel_aes_complete(dd, err);
1833
1834	/ Prepare src and dst scatter-lists to transfer cipher/plain texts. /
1835	src = scatterwalk_ffwd(dst: rctx->src, src: req->src, len: req->assoclen);
1836	dst = src;
1837
1838	if (req->src != req->dst)
1839	dst = scatterwalk_ffwd(dst: rctx->dst, src: req->dst, len: req->assoclen);
1840
1841	/ Configure the AES device. /
1842	memcpy(iv, req->iv, sizeof(iv));
1843
1844	/*
1845	* Here we always set the 2nd parameter of atmel_aes_write_ctrl() to
1846	* 'true' even if the data transfer is actually performed by the CPU (so
1847	* not by the DMA) because we must force the AES_MR_SMOD bitfield to the
1848	* value AES_MR_SMOD_IDATAR0. Indeed, both AES_MR_SMOD and SHA_MR_SMOD
1849	* must be set to *_MR_SMOD_IDATAR0.
1850	*/
1851	atmel_aes_write_ctrl(dd, use_dma: true, iv);
1852	emr = AES_EMR_PLIPEN;
1853	if (!enc)
1854	emr \|= AES_EMR_PLIPD;
1855	atmel_aes_write(dd, AES_EMR, value: emr);
1856
1857	/ Transfer data. /
1858	return atmel_aes_dma_start(dd, src, dst, len: rctx->textlen,
1859	resume: atmel_aes_authenc_digest);
1860	}
1861
1862	static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd)
1863	{
1864	struct aead_request *req = aead_request_cast(req: dd->areq);
1865	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1866
1867	/ atmel_sha_authenc_final() releases the SHA device. /
1868	dd->flags &= ~AES_FLAGS_OWN_SHA;
1869	return atmel_sha_authenc_final(req: &rctx->auth_req,
1870	digest: rctx->digest, digestlen: sizeof(rctx->digest),
1871	cb: atmel_aes_authenc_final, dd);
1872	}
1873
1874	static int atmel_aes_authenc_final(struct atmel_aes_dev dd, int* err,
1875	bool is_async)
1876	{
1877	struct aead_request *req = aead_request_cast(req: dd->areq);
1878	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1879	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1880	bool enc = atmel_aes_is_encrypt(dd);
1881	u32 idigest[SHA512_DIGEST_SIZE / sizeof(u32)], *odigest = rctx->digest;
1882	u32 offs, authsize;
1883
1884	if (is_async)
1885	dd->is_async = true;
1886	if (err)
1887	goto complete;
1888
1889	offs = req->assoclen + rctx->textlen;
1890	authsize = crypto_aead_authsize(tfm);
1891	if (enc) {
1892	scatterwalk_map_and_copy(buf: odigest, sg: req->dst, start: offs, nbytes: authsize, out: `1`);
1893	} else {
1894	scatterwalk_map_and_copy(buf: idigest, sg: req->src, start: offs, nbytes: authsize, out: `0`);
1895	if (crypto_memneq(a: idigest, b: odigest, size: authsize))
1896	err = -EBADMSG;
1897	}
1898
1899	complete:
1900	return atmel_aes_complete(dd, err);
1901	}
1902
1903	static int atmel_aes_authenc_setkey(struct crypto_aead tfm, const* u8 *key,
1904	unsigned int keylen)
1905	{
1906	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
1907	struct crypto_authenc_keys keys;
1908	int err;
1909
1910	if (crypto_authenc_extractkeys(keys: &keys, key, keylen) != `0`)
1911	goto badkey;
1912
1913	if (keys.enckeylen > sizeof(ctx->base.key))
1914	goto badkey;
1915
1916	/ Save auth key. /
1917	err = atmel_sha_authenc_setkey(auth: ctx->auth,
1918	key: keys.authkey, keylen: keys.authkeylen,
1919	flags: crypto_aead_get_flags(tfm));
1920	if (err) {
1921	memzero_explicit(s: &keys, count: sizeof(keys));
1922	return err;
1923	}
1924
1925	/ Save enc key. /
1926	ctx->base.keylen = keys.enckeylen;
1927	memcpy(ctx->base.key, keys.enckey, keys.enckeylen);
1928
1929	memzero_explicit(s: &keys, count: sizeof(keys));
1930	return `0`;
1931
1932	badkey:
1933	memzero_explicit(s: &keys, count: sizeof(keys));
1934	return -EINVAL;
1935	}
1936
1937	static int atmel_aes_authenc_init_tfm(struct crypto_aead *tfm,
1938	unsigned long auth_mode)
1939	{
1940	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
1941	unsigned int auth_reqsize = atmel_sha_authenc_get_reqsize();
1942	struct atmel_aes_dev *dd;
1943
1944	dd = atmel_aes_dev_alloc(ctx: &ctx->base);
1945	if (!dd)
1946	return -ENODEV;
1947
1948	ctx->auth = atmel_sha_authenc_spawn(mode: auth_mode);
1949	if (IS_ERR(ptr: ctx->auth))
1950	return PTR_ERR(ptr: ctx->auth);
1951
1952	crypto_aead_set_reqsize(aead: tfm, reqsize: (sizeof(struct atmel_aes_authenc_reqctx) +
1953	auth_reqsize));
1954	ctx->base.dd = dd;
1955	ctx->base.start = atmel_aes_authenc_start;
1956
1957	return `0`;
1958	}
1959
1960	static int atmel_aes_authenc_hmac_sha1_init_tfm(struct crypto_aead *tfm)
1961	{
1962	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA1);
1963	}
1964
1965	static int atmel_aes_authenc_hmac_sha224_init_tfm(struct crypto_aead *tfm)
1966	{
1967	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA224);
1968	}
1969
1970	static int atmel_aes_authenc_hmac_sha256_init_tfm(struct crypto_aead *tfm)
1971	{
1972	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA256);
1973	}
1974
1975	static int atmel_aes_authenc_hmac_sha384_init_tfm(struct crypto_aead *tfm)
1976	{
1977	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA384);
1978	}
1979
1980	static int atmel_aes_authenc_hmac_sha512_init_tfm(struct crypto_aead *tfm)
1981	{
1982	return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA512);
1983	}
1984
1985	static void atmel_aes_authenc_exit_tfm(struct crypto_aead *tfm)
1986	{
1987	struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm);
1988
1989	atmel_sha_authenc_free(auth: ctx->auth);
1990	}
1991
1992	static int atmel_aes_authenc_crypt(struct aead_request *req,
1993	unsigned long mode)
1994	{
1995	struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req);
1996	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1997	struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm);
1998	u32 authsize = crypto_aead_authsize(tfm);
1999	bool enc = (mode & AES_FLAGS_ENCRYPT);
2000
2001	/ Compute text length. /
2002	if (!enc && req->cryptlen < authsize)
2003	return -EINVAL;
2004	rctx->textlen = req->cryptlen - (enc ? `0` : authsize);
2005
2006	/*
2007	* Currently, empty messages are not supported yet:
2008	* the SHA auto-padding can be used only on non-empty messages.
2009	* Hence a special case needs to be implemented for empty message.
2010	*/
2011	if (!rctx->textlen && !req->assoclen)
2012	return -EINVAL;
2013
2014	rctx->base.mode = mode;
2015	ctx->block_size = AES_BLOCK_SIZE;
2016	ctx->is_aead = true;
2017
2018	return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base);
2019	}
2020
2021	static int atmel_aes_authenc_cbc_aes_encrypt(struct aead_request *req)
2022	{
2023	return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC \| AES_FLAGS_ENCRYPT);
2024	}
2025
2026	static int atmel_aes_authenc_cbc_aes_decrypt(struct aead_request *req)
2027	{
2028	return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC);
2029	}
2030
2031	static struct aead_alg aes_authenc_algs[] = {
2032	{
2033	.setkey = atmel_aes_authenc_setkey,
2034	.encrypt = atmel_aes_authenc_cbc_aes_encrypt,
2035	.decrypt = atmel_aes_authenc_cbc_aes_decrypt,
2036	.init = atmel_aes_authenc_hmac_sha1_init_tfm,
2037	.exit = atmel_aes_authenc_exit_tfm,
2038	.ivsize = AES_BLOCK_SIZE,
2039	.maxauthsize = SHA1_DIGEST_SIZE,
2040
2041	.base = {
2042	.cra_name = "authenc(hmac(sha1),cbc(aes))",
2043	.cra_driver_name = "atmel-authenc-hmac-sha1-cbc-aes",
2044	.cra_blocksize = AES_BLOCK_SIZE,
2045	.cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx),
2046	},
2047	},
2048	{
2049	.setkey = atmel_aes_authenc_setkey,
2050	.encrypt = atmel_aes_authenc_cbc_aes_encrypt,
2051	.decrypt = atmel_aes_authenc_cbc_aes_decrypt,
2052	.init = atmel_aes_authenc_hmac_sha224_init_tfm,
2053	.exit = atmel_aes_authenc_exit_tfm,
2054	.ivsize = AES_BLOCK_SIZE,
2055	.maxauthsize = SHA224_DIGEST_SIZE,
2056
2057	.base = {
2058	.cra_name = "authenc(hmac(sha224),cbc(aes))",
2059	.cra_driver_name = "atmel-authenc-hmac-sha224-cbc-aes",
2060	.cra_blocksize = AES_BLOCK_SIZE,
2061	.cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx),
2062	},
2063	},
2064	{
2065	.setkey = atmel_aes_authenc_setkey,
2066	.encrypt = atmel_aes_authenc_cbc_aes_encrypt,
2067	.decrypt = atmel_aes_authenc_cbc_aes_decrypt,
2068	.init = atmel_aes_authenc_hmac_sha256_init_tfm,
2069	.exit = atmel_aes_authenc_exit_tfm,
2070	.ivsize = AES_BLOCK_SIZE,
2071	.maxauthsize = SHA256_DIGEST_SIZE,
2072
2073	.base = {
2074	.cra_name = "authenc(hmac(sha256),cbc(aes))",
2075	.cra_driver_name = "atmel-authenc-hmac-sha256-cbc-aes",
2076	.cra_blocksize = AES_BLOCK_SIZE,
2077	.cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx),
2078	},
2079	},
2080	{
2081	.setkey = atmel_aes_authenc_setkey,
2082	.encrypt = atmel_aes_authenc_cbc_aes_encrypt,
2083	.decrypt = atmel_aes_authenc_cbc_aes_decrypt,
2084	.init = atmel_aes_authenc_hmac_sha384_init_tfm,
2085	.exit = atmel_aes_authenc_exit_tfm,
2086	.ivsize = AES_BLOCK_SIZE,
2087	.maxauthsize = SHA384_DIGEST_SIZE,
2088
2089	.base = {
2090	.cra_name = "authenc(hmac(sha384),cbc(aes))",
2091	.cra_driver_name = "atmel-authenc-hmac-sha384-cbc-aes",
2092	.cra_blocksize = AES_BLOCK_SIZE,
2093	.cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx),
2094	},
2095	},
2096	{
2097	.setkey = atmel_aes_authenc_setkey,
2098	.encrypt = atmel_aes_authenc_cbc_aes_encrypt,
2099	.decrypt = atmel_aes_authenc_cbc_aes_decrypt,
2100	.init = atmel_aes_authenc_hmac_sha512_init_tfm,
2101	.exit = atmel_aes_authenc_exit_tfm,
2102	.ivsize = AES_BLOCK_SIZE,
2103	.maxauthsize = SHA512_DIGEST_SIZE,
2104
2105	.base = {
2106	.cra_name = "authenc(hmac(sha512),cbc(aes))",
2107	.cra_driver_name = "atmel-authenc-hmac-sha512-cbc-aes",
2108	.cra_blocksize = AES_BLOCK_SIZE,
2109	.cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx),
2110	},
2111	},
2112	};
2113	#endif /* CONFIG_CRYPTO_DEV_ATMEL_AUTHENC */
2114
2115	/ Probe functions /
2116
2117	static int atmel_aes_buff_init(struct atmel_aes_dev *dd)
2118	{
2119	dd->buf = (void *)__get_free_pages(GFP_KERNEL, ATMEL_AES_BUFFER_ORDER);
2120	dd->buflen = ATMEL_AES_BUFFER_SIZE;
2121	dd->buflen &= ~(AES_BLOCK_SIZE - `1`);
2122
2123	if (!dd->buf) {
2124	dev_err(dd->dev, "unable to alloc pages.\n");
2125	return -ENOMEM;
2126	}
2127
2128	return `0`;
2129	}
2130
2131	static void atmel_aes_buff_cleanup(struct atmel_aes_dev *dd)
2132	{
2133	free_page((unsigned long)dd->buf);
2134	}
2135
2136	static int atmel_aes_dma_init(struct atmel_aes_dev *dd)
2137	{
2138	int ret;
2139
2140	/ Try to grab 2 DMA channels /
2141	dd->src.chan = dma_request_chan(dev: dd->dev, name: "tx");
2142	if (IS_ERR(ptr: dd->src.chan)) {
2143	ret = PTR_ERR(ptr: dd->src.chan);
2144	goto err_dma_in;
2145	}
2146
2147	dd->dst.chan = dma_request_chan(dev: dd->dev, name: "rx");
2148	if (IS_ERR(ptr: dd->dst.chan)) {
2149	ret = PTR_ERR(ptr: dd->dst.chan);
2150	goto err_dma_out;
2151	}
2152
2153	return `0`;
2154
2155	err_dma_out:
2156	dma_release_channel(chan: dd->src.chan);
2157	err_dma_in:
2158	dev_err(dd->dev, "no DMA channel available\n");
2159	return ret;
2160	}
2161
2162	static void atmel_aes_dma_cleanup(struct atmel_aes_dev *dd)
2163	{
2164	dma_release_channel(chan: dd->dst.chan);
2165	dma_release_channel(chan: dd->src.chan);
2166	}
2167
2168	static void atmel_aes_queue_task(unsigned long data)
2169	{
2170	struct atmel_aes_dev dd = (struct* atmel_aes_dev *)data;
2171
2172	atmel_aes_handle_queue(dd, NULL);
2173	}
2174
2175	static void atmel_aes_done_task(unsigned long data)
2176	{
2177	struct atmel_aes_dev dd = (struct* atmel_aes_dev *)data;
2178
2179	dd->is_async = true;
2180	(void)dd->resume(dd);
2181	}
2182
2183	static irqreturn_t atmel_aes_irq(int irq, void *dev_id)
2184	{
2185	struct atmel_aes_dev *aes_dd = dev_id;
2186	u32 reg;
2187
2188	reg = atmel_aes_read(dd: aes_dd, AES_ISR);
2189	if (reg & atmel_aes_read(dd: aes_dd, AES_IMR)) {
2190	atmel_aes_write(dd: aes_dd, AES_IDR, value: reg);
2191	if (AES_FLAGS_BUSY & aes_dd->flags)
2192	tasklet_schedule(t: &aes_dd->done_task);
2193	else
2194	dev_warn(aes_dd->dev, "AES interrupt when no active requests.\n");
2195	return IRQ_HANDLED;
2196	}
2197
2198	return IRQ_NONE;
2199	}
2200
2201	static void atmel_aes_unregister_algs(struct atmel_aes_dev *dd)
2202	{
2203	int i;
2204
2205	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2206	if (dd->caps.has_authenc)
2207	for (i = `0`; i < ARRAY_SIZE(aes_authenc_algs); i++)
2208	crypto_unregister_aead(alg: &aes_authenc_algs[i]);
2209	#endif
2210
2211	if (dd->caps.has_xts)
2212	crypto_unregister_skcipher(alg: &aes_xts_alg);
2213
2214	if (dd->caps.has_gcm)
2215	crypto_unregister_aead(alg: &aes_gcm_alg);
2216
2217	for (i = `0`; i < ARRAY_SIZE(aes_algs); i++)
2218	crypto_unregister_skcipher(alg: &aes_algs[i]);
2219	}
2220
2221	static void atmel_aes_crypto_alg_init(struct crypto_alg *alg)
2222	{
2223	alg->cra_flags \|= CRYPTO_ALG_ASYNC;
2224	alg->cra_alignmask = `0xf`;
2225	alg->cra_priority = ATMEL_AES_PRIORITY;
2226	alg->cra_module = THIS_MODULE;
2227	}
2228
2229	static int atmel_aes_register_algs(struct atmel_aes_dev *dd)
2230	{
2231	int err, i, j;
2232
2233	for (i = `0`; i < ARRAY_SIZE(aes_algs); i++) {
2234	atmel_aes_crypto_alg_init(alg: &aes_algs[i].base);
2235
2236	err = crypto_register_skcipher(alg: &aes_algs[i]);
2237	if (err)
2238	goto err_aes_algs;
2239	}
2240
2241	if (dd->caps.has_gcm) {
2242	atmel_aes_crypto_alg_init(alg: &aes_gcm_alg.base);
2243
2244	err = crypto_register_aead(alg: &aes_gcm_alg);
2245	if (err)
2246	goto err_aes_gcm_alg;
2247	}
2248
2249	if (dd->caps.has_xts) {
2250	atmel_aes_crypto_alg_init(alg: &aes_xts_alg.base);
2251
2252	err = crypto_register_skcipher(alg: &aes_xts_alg);
2253	if (err)
2254	goto err_aes_xts_alg;
2255	}
2256
2257	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2258	if (dd->caps.has_authenc) {
2259	for (i = `0`; i < ARRAY_SIZE(aes_authenc_algs); i++) {
2260	atmel_aes_crypto_alg_init(alg: &aes_authenc_algs[i].base);
2261
2262	err = crypto_register_aead(alg: &aes_authenc_algs[i]);
2263	if (err)
2264	goto err_aes_authenc_alg;
2265	}
2266	}
2267	#endif
2268
2269	return `0`;
2270
2271	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2272	/ i = ARRAY_SIZE(aes_authenc_algs); /
2273	err_aes_authenc_alg:
2274	for (j = `0`; j < i; j++)
2275	crypto_unregister_aead(alg: &aes_authenc_algs[j]);
2276	crypto_unregister_skcipher(alg: &aes_xts_alg);
2277	#endif
2278	err_aes_xts_alg:
2279	crypto_unregister_aead(alg: &aes_gcm_alg);
2280	err_aes_gcm_alg:
2281	i = ARRAY_SIZE(aes_algs);
2282	err_aes_algs:
2283	for (j = `0`; j < i; j++)
2284	crypto_unregister_skcipher(alg: &aes_algs[j]);
2285
2286	return err;
2287	}
2288
2289	static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
2290	{
2291	dd->caps.has_dualbuff = `0`;
2292	dd->caps.has_gcm = `0`;
2293	dd->caps.has_xts = `0`;
2294	dd->caps.has_authenc = `0`;
2295	dd->caps.max_burst_size = `1`;
2296
2297	/ keep only major version number /
2298	switch (dd->hw_version & `0xff0`) {
2299	case `0x700`:
2300	case `0x600`:
2301	case `0x500`:
2302	dd->caps.has_dualbuff = `1`;
2303	dd->caps.has_gcm = `1`;
2304	dd->caps.has_xts = `1`;
2305	dd->caps.has_authenc = `1`;
2306	dd->caps.max_burst_size = `4`;
2307	break;
2308	case `0x200`:
2309	dd->caps.has_dualbuff = `1`;
2310	dd->caps.has_gcm = `1`;
2311	dd->caps.max_burst_size = `4`;
2312	break;
2313	case `0x130`:
2314	dd->caps.has_dualbuff = `1`;
2315	dd->caps.max_burst_size = `4`;
2316	break;
2317	case `0x120`:
2318	break;
2319	default:
2320	dev_warn(dd->dev,
2321	"Unmanaged aes version, set minimum capabilities\n");
2322	break;
2323	}
2324	}
2325
2326	static const struct of_device_id atmel_aes_dt_ids[] = {
2327	{ .compatible = "atmel,at91sam9g46-aes" },
2328	{ / sentinel / }
2329	};
2330	MODULE_DEVICE_TABLE(of, atmel_aes_dt_ids);
2331
2332	static int atmel_aes_probe(struct platform_device *pdev)
2333	{
2334	struct atmel_aes_dev *aes_dd;
2335	struct device *dev = &pdev->dev;
2336	struct resource *aes_res;
2337	int err;
2338
2339	aes_dd = devm_kzalloc(dev: &pdev->dev, size: sizeof(*aes_dd), GFP_KERNEL);
2340	if (!aes_dd)
2341	return -ENOMEM;
2342
2343	aes_dd->dev = dev;
2344
2345	platform_set_drvdata(pdev, data: aes_dd);
2346
2347	INIT_LIST_HEAD(list: &aes_dd->list);
2348	spin_lock_init(&aes_dd->lock);
2349
2350	tasklet_init(t: &aes_dd->done_task, func: atmel_aes_done_task,
2351	data: (unsigned long)aes_dd);
2352	tasklet_init(t: &aes_dd->queue_task, func: atmel_aes_queue_task,
2353	data: (unsigned long)aes_dd);
2354
2355	crypto_init_queue(queue: &aes_dd->queue, ATMEL_AES_QUEUE_LENGTH);
2356
2357	aes_dd->io_base = devm_platform_get_and_ioremap_resource(pdev, index: `0`, res: &aes_res);
2358	if (IS_ERR(ptr: aes_dd->io_base)) {
2359	err = PTR_ERR(ptr: aes_dd->io_base);
2360	goto err_tasklet_kill;
2361	}
2362	aes_dd->phys_base = aes_res->start;
2363
2364	/ Get the IRQ /
2365	aes_dd->irq = platform_get_irq(pdev, `0`);
2366	if (aes_dd->irq < `0`) {
2367	err = aes_dd->irq;
2368	goto err_tasklet_kill;
2369	}
2370
2371	err = devm_request_irq(dev: &pdev->dev, irq: aes_dd->irq, handler: atmel_aes_irq,
2372	IRQF_SHARED, devname: "atmel-aes", dev_id: aes_dd);
2373	if (err) {
2374	dev_err(dev, "unable to request aes irq.\n");
2375	goto err_tasklet_kill;
2376	}
2377
2378	/ Initializing the clock /
2379	aes_dd->iclk = devm_clk_get(dev: &pdev->dev, id: "aes_clk");
2380	if (IS_ERR(ptr: aes_dd->iclk)) {
2381	dev_err(dev, "clock initialization failed.\n");
2382	err = PTR_ERR(ptr: aes_dd->iclk);
2383	goto err_tasklet_kill;
2384	}
2385
2386	err = clk_prepare(clk: aes_dd->iclk);
2387	if (err)
2388	goto err_tasklet_kill;
2389
2390	err = atmel_aes_hw_version_init(dd: aes_dd);
2391	if (err)
2392	goto err_iclk_unprepare;
2393
2394	atmel_aes_get_cap(dd: aes_dd);
2395
2396	#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)
2397	if (aes_dd->caps.has_authenc && !atmel_sha_authenc_is_ready()) {
2398	err = -EPROBE_DEFER;
2399	goto err_iclk_unprepare;
2400	}
2401	#endif
2402
2403	err = atmel_aes_buff_init(dd: aes_dd);
2404	if (err)
2405	goto err_iclk_unprepare;
2406
2407	err = atmel_aes_dma_init(dd: aes_dd);
2408	if (err)
2409	goto err_buff_cleanup;
2410
2411	spin_lock(lock: &atmel_aes.lock);
2412	list_add_tail(new: &aes_dd->list, head: &atmel_aes.dev_list);
2413	spin_unlock(lock: &atmel_aes.lock);
2414
2415	err = atmel_aes_register_algs(dd: aes_dd);
2416	if (err)
2417	goto err_algs;
2418
2419	dev_info(dev, "Atmel AES - Using %s, %s for DMA transfers\n",
2420	dma_chan_name(aes_dd->src.chan),
2421	dma_chan_name(aes_dd->dst.chan));
2422
2423	return `0`;
2424
2425	err_algs:
2426	spin_lock(lock: &atmel_aes.lock);
2427	list_del(entry: &aes_dd->list);
2428	spin_unlock(lock: &atmel_aes.lock);
2429	atmel_aes_dma_cleanup(dd: aes_dd);
2430	err_buff_cleanup:
2431	atmel_aes_buff_cleanup(dd: aes_dd);
2432	err_iclk_unprepare:
2433	clk_unprepare(clk: aes_dd->iclk);
2434	err_tasklet_kill:
2435	tasklet_kill(t: &aes_dd->done_task);
2436	tasklet_kill(t: &aes_dd->queue_task);
2437
2438	return err;
2439	}
2440
2441	static void atmel_aes_remove(struct platform_device *pdev)
2442	{
2443	struct atmel_aes_dev *aes_dd;
2444
2445	aes_dd = platform_get_drvdata(pdev);
2446
2447	spin_lock(lock: &atmel_aes.lock);
2448	list_del(entry: &aes_dd->list);
2449	spin_unlock(lock: &atmel_aes.lock);
2450
2451	atmel_aes_unregister_algs(dd: aes_dd);
2452
2453	tasklet_kill(t: &aes_dd->done_task);
2454	tasklet_kill(t: &aes_dd->queue_task);
2455
2456	atmel_aes_dma_cleanup(dd: aes_dd);
2457	atmel_aes_buff_cleanup(dd: aes_dd);
2458
2459	clk_unprepare(clk: aes_dd->iclk);
2460	}
2461
2462	static struct platform_driver atmel_aes_driver = {
2463	.probe = atmel_aes_probe,
2464	.remove_new = atmel_aes_remove,
2465	.driver = {
2466	.name = "atmel_aes",
2467	.of_match_table = atmel_aes_dt_ids,
2468	},
2469	};
2470
2471	module_platform_driver(atmel_aes_driver);
2472
2473	MODULE_DESCRIPTION("Atmel AES hw acceleration support.");
2474	MODULE_LICENSE("GPL v2");
2475	MODULE_AUTHOR("Nicolas Royer - Eukréa Electromatique");
2476

source code of linux/drivers/crypto/atmel-aes.c