1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Cryptographic API. |
4 | * |
5 | * Support for ATMEL AES HW acceleration. |
6 | * |
7 | * Copyright (c) 2012 Eukréa Electromatique - ATMEL |
8 | * Author: Nicolas Royer <nicolas@eukrea.com> |
9 | * |
10 | * Some ideas are from omap-aes.c driver. |
11 | */ |
12 | |
13 | |
14 | #include <linux/kernel.h> |
15 | #include <linux/module.h> |
16 | #include <linux/slab.h> |
17 | #include <linux/err.h> |
18 | #include <linux/clk.h> |
19 | #include <linux/io.h> |
20 | #include <linux/hw_random.h> |
21 | #include <linux/platform_device.h> |
22 | |
23 | #include <linux/device.h> |
24 | #include <linux/dmaengine.h> |
25 | #include <linux/init.h> |
26 | #include <linux/errno.h> |
27 | #include <linux/interrupt.h> |
28 | #include <linux/irq.h> |
29 | #include <linux/scatterlist.h> |
30 | #include <linux/dma-mapping.h> |
31 | #include <linux/mod_devicetable.h> |
32 | #include <linux/delay.h> |
33 | #include <linux/crypto.h> |
34 | #include <crypto/scatterwalk.h> |
35 | #include <crypto/algapi.h> |
36 | #include <crypto/aes.h> |
37 | #include <crypto/gcm.h> |
38 | #include <crypto/xts.h> |
39 | #include <crypto/internal/aead.h> |
40 | #include <crypto/internal/skcipher.h> |
41 | #include "atmel-aes-regs.h" |
42 | #include "atmel-authenc.h" |
43 | |
44 | #define ATMEL_AES_PRIORITY 300 |
45 | |
46 | #define ATMEL_AES_BUFFER_ORDER 2 |
47 | #define ATMEL_AES_BUFFER_SIZE (PAGE_SIZE << ATMEL_AES_BUFFER_ORDER) |
48 | |
49 | #define CFB8_BLOCK_SIZE 1 |
50 | #define CFB16_BLOCK_SIZE 2 |
51 | #define CFB32_BLOCK_SIZE 4 |
52 | #define CFB64_BLOCK_SIZE 8 |
53 | |
54 | #define SIZE_IN_WORDS(x) ((x) >> 2) |
55 | |
56 | /* AES flags */ |
57 | /* Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) */ |
58 | #define AES_FLAGS_ENCRYPT AES_MR_CYPHER_ENC |
59 | #define AES_FLAGS_GTAGEN AES_MR_GTAGEN |
60 | #define AES_FLAGS_OPMODE_MASK (AES_MR_OPMOD_MASK | AES_MR_CFBS_MASK) |
61 | #define AES_FLAGS_ECB AES_MR_OPMOD_ECB |
62 | #define AES_FLAGS_CBC AES_MR_OPMOD_CBC |
63 | #define AES_FLAGS_OFB AES_MR_OPMOD_OFB |
64 | #define AES_FLAGS_CFB128 (AES_MR_OPMOD_CFB | AES_MR_CFBS_128b) |
65 | #define AES_FLAGS_CFB64 (AES_MR_OPMOD_CFB | AES_MR_CFBS_64b) |
66 | #define AES_FLAGS_CFB32 (AES_MR_OPMOD_CFB | AES_MR_CFBS_32b) |
67 | #define AES_FLAGS_CFB16 (AES_MR_OPMOD_CFB | AES_MR_CFBS_16b) |
68 | #define AES_FLAGS_CFB8 (AES_MR_OPMOD_CFB | AES_MR_CFBS_8b) |
69 | #define AES_FLAGS_CTR AES_MR_OPMOD_CTR |
70 | #define AES_FLAGS_GCM AES_MR_OPMOD_GCM |
71 | #define AES_FLAGS_XTS AES_MR_OPMOD_XTS |
72 | |
73 | #define AES_FLAGS_MODE_MASK (AES_FLAGS_OPMODE_MASK | \ |
74 | AES_FLAGS_ENCRYPT | \ |
75 | AES_FLAGS_GTAGEN) |
76 | |
77 | #define AES_FLAGS_BUSY BIT(3) |
78 | #define AES_FLAGS_DUMP_REG BIT(4) |
79 | #define AES_FLAGS_OWN_SHA BIT(5) |
80 | |
81 | #define AES_FLAGS_PERSISTENT AES_FLAGS_BUSY |
82 | |
83 | #define ATMEL_AES_QUEUE_LENGTH 50 |
84 | |
85 | #define ATMEL_AES_DMA_THRESHOLD 256 |
86 | |
87 | |
88 | struct atmel_aes_caps { |
89 | bool has_dualbuff; |
90 | bool has_cfb64; |
91 | bool has_gcm; |
92 | bool has_xts; |
93 | bool has_authenc; |
94 | u32 max_burst_size; |
95 | }; |
96 | |
97 | struct atmel_aes_dev; |
98 | |
99 | |
100 | typedef int (*atmel_aes_fn_t)(struct atmel_aes_dev *); |
101 | |
102 | |
103 | struct atmel_aes_base_ctx { |
104 | struct atmel_aes_dev *dd; |
105 | atmel_aes_fn_t start; |
106 | int keylen; |
107 | u32 key[AES_KEYSIZE_256 / sizeof(u32)]; |
108 | u16 block_size; |
109 | bool is_aead; |
110 | }; |
111 | |
112 | struct atmel_aes_ctx { |
113 | struct atmel_aes_base_ctx base; |
114 | }; |
115 | |
116 | struct atmel_aes_ctr_ctx { |
117 | struct atmel_aes_base_ctx base; |
118 | |
119 | __be32 iv[AES_BLOCK_SIZE / sizeof(u32)]; |
120 | size_t offset; |
121 | struct scatterlist src[2]; |
122 | struct scatterlist dst[2]; |
123 | u32 blocks; |
124 | }; |
125 | |
126 | struct atmel_aes_gcm_ctx { |
127 | struct atmel_aes_base_ctx base; |
128 | |
129 | struct scatterlist src[2]; |
130 | struct scatterlist dst[2]; |
131 | |
132 | __be32 j0[AES_BLOCK_SIZE / sizeof(u32)]; |
133 | u32 tag[AES_BLOCK_SIZE / sizeof(u32)]; |
134 | __be32 ghash[AES_BLOCK_SIZE / sizeof(u32)]; |
135 | size_t textlen; |
136 | |
137 | const __be32 *ghash_in; |
138 | __be32 *ghash_out; |
139 | atmel_aes_fn_t ghash_resume; |
140 | }; |
141 | |
142 | struct atmel_aes_xts_ctx { |
143 | struct atmel_aes_base_ctx base; |
144 | |
145 | u32 key2[AES_KEYSIZE_256 / sizeof(u32)]; |
146 | struct crypto_skcipher *fallback_tfm; |
147 | }; |
148 | |
149 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
150 | struct atmel_aes_authenc_ctx { |
151 | struct atmel_aes_base_ctx base; |
152 | struct atmel_sha_authenc_ctx *auth; |
153 | }; |
154 | #endif |
155 | |
156 | struct atmel_aes_reqctx { |
157 | unsigned long mode; |
158 | u8 lastc[AES_BLOCK_SIZE]; |
159 | struct skcipher_request fallback_req; |
160 | }; |
161 | |
162 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
163 | struct atmel_aes_authenc_reqctx { |
164 | struct atmel_aes_reqctx base; |
165 | |
166 | struct scatterlist src[2]; |
167 | struct scatterlist dst[2]; |
168 | size_t textlen; |
169 | u32 digest[SHA512_DIGEST_SIZE / sizeof(u32)]; |
170 | |
171 | /* auth_req MUST be place last. */ |
172 | struct ahash_request auth_req; |
173 | }; |
174 | #endif |
175 | |
176 | struct atmel_aes_dma { |
177 | struct dma_chan *chan; |
178 | struct scatterlist *sg; |
179 | int nents; |
180 | unsigned int remainder; |
181 | unsigned int sg_len; |
182 | }; |
183 | |
184 | struct atmel_aes_dev { |
185 | struct list_head list; |
186 | unsigned long phys_base; |
187 | void __iomem *io_base; |
188 | |
189 | struct crypto_async_request *areq; |
190 | struct atmel_aes_base_ctx *ctx; |
191 | |
192 | bool is_async; |
193 | atmel_aes_fn_t resume; |
194 | atmel_aes_fn_t cpu_transfer_complete; |
195 | |
196 | struct device *dev; |
197 | struct clk *iclk; |
198 | int irq; |
199 | |
200 | unsigned long flags; |
201 | |
202 | spinlock_t lock; |
203 | struct crypto_queue queue; |
204 | |
205 | struct tasklet_struct done_task; |
206 | struct tasklet_struct queue_task; |
207 | |
208 | size_t total; |
209 | size_t datalen; |
210 | u32 *data; |
211 | |
212 | struct atmel_aes_dma src; |
213 | struct atmel_aes_dma dst; |
214 | |
215 | size_t buflen; |
216 | void *buf; |
217 | struct scatterlist aligned_sg; |
218 | struct scatterlist *real_dst; |
219 | |
220 | struct atmel_aes_caps caps; |
221 | |
222 | u32 hw_version; |
223 | }; |
224 | |
225 | struct atmel_aes_drv { |
226 | struct list_head dev_list; |
227 | spinlock_t lock; |
228 | }; |
229 | |
230 | static struct atmel_aes_drv atmel_aes = { |
231 | .dev_list = LIST_HEAD_INIT(atmel_aes.dev_list), |
232 | .lock = __SPIN_LOCK_UNLOCKED(atmel_aes.lock), |
233 | }; |
234 | |
235 | #ifdef VERBOSE_DEBUG |
236 | static const char *atmel_aes_reg_name(u32 offset, char *tmp, size_t sz) |
237 | { |
238 | switch (offset) { |
239 | case AES_CR: |
240 | return "CR" ; |
241 | |
242 | case AES_MR: |
243 | return "MR" ; |
244 | |
245 | case AES_ISR: |
246 | return "ISR" ; |
247 | |
248 | case AES_IMR: |
249 | return "IMR" ; |
250 | |
251 | case AES_IER: |
252 | return "IER" ; |
253 | |
254 | case AES_IDR: |
255 | return "IDR" ; |
256 | |
257 | case AES_KEYWR(0): |
258 | case AES_KEYWR(1): |
259 | case AES_KEYWR(2): |
260 | case AES_KEYWR(3): |
261 | case AES_KEYWR(4): |
262 | case AES_KEYWR(5): |
263 | case AES_KEYWR(6): |
264 | case AES_KEYWR(7): |
265 | snprintf(tmp, sz, "KEYWR[%u]" , (offset - AES_KEYWR(0)) >> 2); |
266 | break; |
267 | |
268 | case AES_IDATAR(0): |
269 | case AES_IDATAR(1): |
270 | case AES_IDATAR(2): |
271 | case AES_IDATAR(3): |
272 | snprintf(tmp, sz, "IDATAR[%u]" , (offset - AES_IDATAR(0)) >> 2); |
273 | break; |
274 | |
275 | case AES_ODATAR(0): |
276 | case AES_ODATAR(1): |
277 | case AES_ODATAR(2): |
278 | case AES_ODATAR(3): |
279 | snprintf(tmp, sz, "ODATAR[%u]" , (offset - AES_ODATAR(0)) >> 2); |
280 | break; |
281 | |
282 | case AES_IVR(0): |
283 | case AES_IVR(1): |
284 | case AES_IVR(2): |
285 | case AES_IVR(3): |
286 | snprintf(tmp, sz, "IVR[%u]" , (offset - AES_IVR(0)) >> 2); |
287 | break; |
288 | |
289 | case AES_AADLENR: |
290 | return "AADLENR" ; |
291 | |
292 | case AES_CLENR: |
293 | return "CLENR" ; |
294 | |
295 | case AES_GHASHR(0): |
296 | case AES_GHASHR(1): |
297 | case AES_GHASHR(2): |
298 | case AES_GHASHR(3): |
299 | snprintf(tmp, sz, "GHASHR[%u]" , (offset - AES_GHASHR(0)) >> 2); |
300 | break; |
301 | |
302 | case AES_TAGR(0): |
303 | case AES_TAGR(1): |
304 | case AES_TAGR(2): |
305 | case AES_TAGR(3): |
306 | snprintf(tmp, sz, "TAGR[%u]" , (offset - AES_TAGR(0)) >> 2); |
307 | break; |
308 | |
309 | case AES_CTRR: |
310 | return "CTRR" ; |
311 | |
312 | case AES_GCMHR(0): |
313 | case AES_GCMHR(1): |
314 | case AES_GCMHR(2): |
315 | case AES_GCMHR(3): |
316 | snprintf(tmp, sz, "GCMHR[%u]" , (offset - AES_GCMHR(0)) >> 2); |
317 | break; |
318 | |
319 | case AES_EMR: |
320 | return "EMR" ; |
321 | |
322 | case AES_TWR(0): |
323 | case AES_TWR(1): |
324 | case AES_TWR(2): |
325 | case AES_TWR(3): |
326 | snprintf(tmp, sz, "TWR[%u]" , (offset - AES_TWR(0)) >> 2); |
327 | break; |
328 | |
329 | case AES_ALPHAR(0): |
330 | case AES_ALPHAR(1): |
331 | case AES_ALPHAR(2): |
332 | case AES_ALPHAR(3): |
333 | snprintf(tmp, sz, "ALPHAR[%u]" , (offset - AES_ALPHAR(0)) >> 2); |
334 | break; |
335 | |
336 | default: |
337 | snprintf(tmp, sz, "0x%02x" , offset); |
338 | break; |
339 | } |
340 | |
341 | return tmp; |
342 | } |
343 | #endif /* VERBOSE_DEBUG */ |
344 | |
345 | /* Shared functions */ |
346 | |
347 | static inline u32 atmel_aes_read(struct atmel_aes_dev *dd, u32 offset) |
348 | { |
349 | u32 value = readl_relaxed(dd->io_base + offset); |
350 | |
351 | #ifdef VERBOSE_DEBUG |
352 | if (dd->flags & AES_FLAGS_DUMP_REG) { |
353 | char tmp[16]; |
354 | |
355 | dev_vdbg(dd->dev, "read 0x%08x from %s\n" , value, |
356 | atmel_aes_reg_name(offset, tmp, sizeof(tmp))); |
357 | } |
358 | #endif /* VERBOSE_DEBUG */ |
359 | |
360 | return value; |
361 | } |
362 | |
363 | static inline void atmel_aes_write(struct atmel_aes_dev *dd, |
364 | u32 offset, u32 value) |
365 | { |
366 | #ifdef VERBOSE_DEBUG |
367 | if (dd->flags & AES_FLAGS_DUMP_REG) { |
368 | char tmp[16]; |
369 | |
370 | dev_vdbg(dd->dev, "write 0x%08x into %s\n" , value, |
371 | atmel_aes_reg_name(offset, tmp, sizeof(tmp))); |
372 | } |
373 | #endif /* VERBOSE_DEBUG */ |
374 | |
375 | writel_relaxed(value, dd->io_base + offset); |
376 | } |
377 | |
378 | static void atmel_aes_read_n(struct atmel_aes_dev *dd, u32 offset, |
379 | u32 *value, int count) |
380 | { |
381 | for (; count--; value++, offset += 4) |
382 | *value = atmel_aes_read(dd, offset); |
383 | } |
384 | |
385 | static void atmel_aes_write_n(struct atmel_aes_dev *dd, u32 offset, |
386 | const u32 *value, int count) |
387 | { |
388 | for (; count--; value++, offset += 4) |
389 | atmel_aes_write(dd, offset, value: *value); |
390 | } |
391 | |
392 | static inline void atmel_aes_read_block(struct atmel_aes_dev *dd, u32 offset, |
393 | void *value) |
394 | { |
395 | atmel_aes_read_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE)); |
396 | } |
397 | |
398 | static inline void atmel_aes_write_block(struct atmel_aes_dev *dd, u32 offset, |
399 | const void *value) |
400 | { |
401 | atmel_aes_write_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE)); |
402 | } |
403 | |
404 | static inline int atmel_aes_wait_for_data_ready(struct atmel_aes_dev *dd, |
405 | atmel_aes_fn_t resume) |
406 | { |
407 | u32 isr = atmel_aes_read(dd, AES_ISR); |
408 | |
409 | if (unlikely(isr & AES_INT_DATARDY)) |
410 | return resume(dd); |
411 | |
412 | dd->resume = resume; |
413 | atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); |
414 | return -EINPROGRESS; |
415 | } |
416 | |
417 | static inline size_t atmel_aes_padlen(size_t len, size_t block_size) |
418 | { |
419 | len &= block_size - 1; |
420 | return len ? block_size - len : 0; |
421 | } |
422 | |
423 | static struct atmel_aes_dev *atmel_aes_dev_alloc(struct atmel_aes_base_ctx *ctx) |
424 | { |
425 | struct atmel_aes_dev *aes_dd; |
426 | |
427 | spin_lock_bh(lock: &atmel_aes.lock); |
428 | /* One AES IP per SoC. */ |
429 | aes_dd = list_first_entry_or_null(&atmel_aes.dev_list, |
430 | struct atmel_aes_dev, list); |
431 | spin_unlock_bh(lock: &atmel_aes.lock); |
432 | return aes_dd; |
433 | } |
434 | |
435 | static int atmel_aes_hw_init(struct atmel_aes_dev *dd) |
436 | { |
437 | int err; |
438 | |
439 | err = clk_enable(clk: dd->iclk); |
440 | if (err) |
441 | return err; |
442 | |
443 | atmel_aes_write(dd, AES_CR, AES_CR_SWRST); |
444 | atmel_aes_write(dd, AES_MR, value: 0xE << AES_MR_CKEY_OFFSET); |
445 | |
446 | return 0; |
447 | } |
448 | |
449 | static inline unsigned int atmel_aes_get_version(struct atmel_aes_dev *dd) |
450 | { |
451 | return atmel_aes_read(dd, AES_HW_VERSION) & 0x00000fff; |
452 | } |
453 | |
454 | static int atmel_aes_hw_version_init(struct atmel_aes_dev *dd) |
455 | { |
456 | int err; |
457 | |
458 | err = atmel_aes_hw_init(dd); |
459 | if (err) |
460 | return err; |
461 | |
462 | dd->hw_version = atmel_aes_get_version(dd); |
463 | |
464 | dev_info(dd->dev, "version: 0x%x\n" , dd->hw_version); |
465 | |
466 | clk_disable(clk: dd->iclk); |
467 | return 0; |
468 | } |
469 | |
470 | static inline void atmel_aes_set_mode(struct atmel_aes_dev *dd, |
471 | const struct atmel_aes_reqctx *rctx) |
472 | { |
473 | /* Clear all but persistent flags and set request flags. */ |
474 | dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) | rctx->mode; |
475 | } |
476 | |
477 | static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd) |
478 | { |
479 | return (dd->flags & AES_FLAGS_ENCRYPT); |
480 | } |
481 | |
482 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
483 | static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err); |
484 | #endif |
485 | |
486 | static void atmel_aes_set_iv_as_last_ciphertext_block(struct atmel_aes_dev *dd) |
487 | { |
488 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
489 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
490 | struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
491 | unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher); |
492 | |
493 | if (req->cryptlen < ivsize) |
494 | return; |
495 | |
496 | if (rctx->mode & AES_FLAGS_ENCRYPT) |
497 | scatterwalk_map_and_copy(buf: req->iv, sg: req->dst, |
498 | start: req->cryptlen - ivsize, nbytes: ivsize, out: 0); |
499 | else |
500 | memcpy(req->iv, rctx->lastc, ivsize); |
501 | } |
502 | |
503 | static inline struct atmel_aes_ctr_ctx * |
504 | atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx) |
505 | { |
506 | return container_of(ctx, struct atmel_aes_ctr_ctx, base); |
507 | } |
508 | |
509 | static void atmel_aes_ctr_update_req_iv(struct atmel_aes_dev *dd) |
510 | { |
511 | struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx); |
512 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
513 | struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
514 | unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher); |
515 | int i; |
516 | |
517 | /* |
518 | * The CTR transfer works in fragments of data of maximum 1 MByte |
519 | * because of the 16 bit CTR counter embedded in the IP. When reaching |
520 | * here, ctx->blocks contains the number of blocks of the last fragment |
521 | * processed, there is no need to explicit cast it to u16. |
522 | */ |
523 | for (i = 0; i < ctx->blocks; i++) |
524 | crypto_inc(a: (u8 *)ctx->iv, AES_BLOCK_SIZE); |
525 | |
526 | memcpy(req->iv, ctx->iv, ivsize); |
527 | } |
528 | |
529 | static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err) |
530 | { |
531 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
532 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
533 | |
534 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
535 | if (dd->ctx->is_aead) |
536 | atmel_aes_authenc_complete(dd, err); |
537 | #endif |
538 | |
539 | clk_disable(clk: dd->iclk); |
540 | dd->flags &= ~AES_FLAGS_BUSY; |
541 | |
542 | if (!err && !dd->ctx->is_aead && |
543 | (rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_ECB) { |
544 | if ((rctx->mode & AES_FLAGS_OPMODE_MASK) != AES_FLAGS_CTR) |
545 | atmel_aes_set_iv_as_last_ciphertext_block(dd); |
546 | else |
547 | atmel_aes_ctr_update_req_iv(dd); |
548 | } |
549 | |
550 | if (dd->is_async) |
551 | crypto_request_complete(req: dd->areq, err); |
552 | |
553 | tasklet_schedule(t: &dd->queue_task); |
554 | |
555 | return err; |
556 | } |
557 | |
558 | static void atmel_aes_write_ctrl_key(struct atmel_aes_dev *dd, bool use_dma, |
559 | const __be32 *iv, const u32 *key, int keylen) |
560 | { |
561 | u32 valmr = 0; |
562 | |
563 | /* MR register must be set before IV registers */ |
564 | if (keylen == AES_KEYSIZE_128) |
565 | valmr |= AES_MR_KEYSIZE_128; |
566 | else if (keylen == AES_KEYSIZE_192) |
567 | valmr |= AES_MR_KEYSIZE_192; |
568 | else |
569 | valmr |= AES_MR_KEYSIZE_256; |
570 | |
571 | valmr |= dd->flags & AES_FLAGS_MODE_MASK; |
572 | |
573 | if (use_dma) { |
574 | valmr |= AES_MR_SMOD_IDATAR0; |
575 | if (dd->caps.has_dualbuff) |
576 | valmr |= AES_MR_DUALBUFF; |
577 | } else { |
578 | valmr |= AES_MR_SMOD_AUTO; |
579 | } |
580 | |
581 | atmel_aes_write(dd, AES_MR, value: valmr); |
582 | |
583 | atmel_aes_write_n(dd, AES_KEYWR(0), value: key, SIZE_IN_WORDS(keylen)); |
584 | |
585 | if (iv && (valmr & AES_MR_OPMOD_MASK) != AES_MR_OPMOD_ECB) |
586 | atmel_aes_write_block(dd, AES_IVR(0), value: iv); |
587 | } |
588 | |
589 | static inline void atmel_aes_write_ctrl(struct atmel_aes_dev *dd, bool use_dma, |
590 | const __be32 *iv) |
591 | |
592 | { |
593 | atmel_aes_write_ctrl_key(dd, use_dma, iv, |
594 | key: dd->ctx->key, keylen: dd->ctx->keylen); |
595 | } |
596 | |
597 | /* CPU transfer */ |
598 | |
599 | static int atmel_aes_cpu_transfer(struct atmel_aes_dev *dd) |
600 | { |
601 | int err = 0; |
602 | u32 isr; |
603 | |
604 | for (;;) { |
605 | atmel_aes_read_block(dd, AES_ODATAR(0), value: dd->data); |
606 | dd->data += 4; |
607 | dd->datalen -= AES_BLOCK_SIZE; |
608 | |
609 | if (dd->datalen < AES_BLOCK_SIZE) |
610 | break; |
611 | |
612 | atmel_aes_write_block(dd, AES_IDATAR(0), value: dd->data); |
613 | |
614 | isr = atmel_aes_read(dd, AES_ISR); |
615 | if (!(isr & AES_INT_DATARDY)) { |
616 | dd->resume = atmel_aes_cpu_transfer; |
617 | atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); |
618 | return -EINPROGRESS; |
619 | } |
620 | } |
621 | |
622 | if (!sg_copy_from_buffer(sgl: dd->real_dst, nents: sg_nents(sg: dd->real_dst), |
623 | buf: dd->buf, buflen: dd->total)) |
624 | err = -EINVAL; |
625 | |
626 | if (err) |
627 | return atmel_aes_complete(dd, err); |
628 | |
629 | return dd->cpu_transfer_complete(dd); |
630 | } |
631 | |
632 | static int atmel_aes_cpu_start(struct atmel_aes_dev *dd, |
633 | struct scatterlist *src, |
634 | struct scatterlist *dst, |
635 | size_t len, |
636 | atmel_aes_fn_t resume) |
637 | { |
638 | size_t padlen = atmel_aes_padlen(len, AES_BLOCK_SIZE); |
639 | |
640 | if (unlikely(len == 0)) |
641 | return -EINVAL; |
642 | |
643 | sg_copy_to_buffer(sgl: src, nents: sg_nents(sg: src), buf: dd->buf, buflen: len); |
644 | |
645 | dd->total = len; |
646 | dd->real_dst = dst; |
647 | dd->cpu_transfer_complete = resume; |
648 | dd->datalen = len + padlen; |
649 | dd->data = (u32 *)dd->buf; |
650 | atmel_aes_write_block(dd, AES_IDATAR(0), value: dd->data); |
651 | return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_cpu_transfer); |
652 | } |
653 | |
654 | |
655 | /* DMA transfer */ |
656 | |
657 | static void atmel_aes_dma_callback(void *data); |
658 | |
659 | static bool atmel_aes_check_aligned(struct atmel_aes_dev *dd, |
660 | struct scatterlist *sg, |
661 | size_t len, |
662 | struct atmel_aes_dma *dma) |
663 | { |
664 | int nents; |
665 | |
666 | if (!IS_ALIGNED(len, dd->ctx->block_size)) |
667 | return false; |
668 | |
669 | for (nents = 0; sg; sg = sg_next(sg), ++nents) { |
670 | if (!IS_ALIGNED(sg->offset, sizeof(u32))) |
671 | return false; |
672 | |
673 | if (len <= sg->length) { |
674 | if (!IS_ALIGNED(len, dd->ctx->block_size)) |
675 | return false; |
676 | |
677 | dma->nents = nents+1; |
678 | dma->remainder = sg->length - len; |
679 | sg->length = len; |
680 | return true; |
681 | } |
682 | |
683 | if (!IS_ALIGNED(sg->length, dd->ctx->block_size)) |
684 | return false; |
685 | |
686 | len -= sg->length; |
687 | } |
688 | |
689 | return false; |
690 | } |
691 | |
692 | static inline void atmel_aes_restore_sg(const struct atmel_aes_dma *dma) |
693 | { |
694 | struct scatterlist *sg = dma->sg; |
695 | int nents = dma->nents; |
696 | |
697 | if (!dma->remainder) |
698 | return; |
699 | |
700 | while (--nents > 0 && sg) |
701 | sg = sg_next(sg); |
702 | |
703 | if (!sg) |
704 | return; |
705 | |
706 | sg->length += dma->remainder; |
707 | } |
708 | |
709 | static int atmel_aes_map(struct atmel_aes_dev *dd, |
710 | struct scatterlist *src, |
711 | struct scatterlist *dst, |
712 | size_t len) |
713 | { |
714 | bool src_aligned, dst_aligned; |
715 | size_t padlen; |
716 | |
717 | dd->total = len; |
718 | dd->src.sg = src; |
719 | dd->dst.sg = dst; |
720 | dd->real_dst = dst; |
721 | |
722 | src_aligned = atmel_aes_check_aligned(dd, sg: src, len, dma: &dd->src); |
723 | if (src == dst) |
724 | dst_aligned = src_aligned; |
725 | else |
726 | dst_aligned = atmel_aes_check_aligned(dd, sg: dst, len, dma: &dd->dst); |
727 | if (!src_aligned || !dst_aligned) { |
728 | padlen = atmel_aes_padlen(len, block_size: dd->ctx->block_size); |
729 | |
730 | if (dd->buflen < len + padlen) |
731 | return -ENOMEM; |
732 | |
733 | if (!src_aligned) { |
734 | sg_copy_to_buffer(sgl: src, nents: sg_nents(sg: src), buf: dd->buf, buflen: len); |
735 | dd->src.sg = &dd->aligned_sg; |
736 | dd->src.nents = 1; |
737 | dd->src.remainder = 0; |
738 | } |
739 | |
740 | if (!dst_aligned) { |
741 | dd->dst.sg = &dd->aligned_sg; |
742 | dd->dst.nents = 1; |
743 | dd->dst.remainder = 0; |
744 | } |
745 | |
746 | sg_init_table(&dd->aligned_sg, 1); |
747 | sg_set_buf(sg: &dd->aligned_sg, buf: dd->buf, buflen: len + padlen); |
748 | } |
749 | |
750 | if (dd->src.sg == dd->dst.sg) { |
751 | dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents, |
752 | DMA_BIDIRECTIONAL); |
753 | dd->dst.sg_len = dd->src.sg_len; |
754 | if (!dd->src.sg_len) |
755 | return -EFAULT; |
756 | } else { |
757 | dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents, |
758 | DMA_TO_DEVICE); |
759 | if (!dd->src.sg_len) |
760 | return -EFAULT; |
761 | |
762 | dd->dst.sg_len = dma_map_sg(dd->dev, dd->dst.sg, dd->dst.nents, |
763 | DMA_FROM_DEVICE); |
764 | if (!dd->dst.sg_len) { |
765 | dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, |
766 | DMA_TO_DEVICE); |
767 | return -EFAULT; |
768 | } |
769 | } |
770 | |
771 | return 0; |
772 | } |
773 | |
774 | static void atmel_aes_unmap(struct atmel_aes_dev *dd) |
775 | { |
776 | if (dd->src.sg == dd->dst.sg) { |
777 | dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, |
778 | DMA_BIDIRECTIONAL); |
779 | |
780 | if (dd->src.sg != &dd->aligned_sg) |
781 | atmel_aes_restore_sg(dma: &dd->src); |
782 | } else { |
783 | dma_unmap_sg(dd->dev, dd->dst.sg, dd->dst.nents, |
784 | DMA_FROM_DEVICE); |
785 | |
786 | if (dd->dst.sg != &dd->aligned_sg) |
787 | atmel_aes_restore_sg(dma: &dd->dst); |
788 | |
789 | dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents, |
790 | DMA_TO_DEVICE); |
791 | |
792 | if (dd->src.sg != &dd->aligned_sg) |
793 | atmel_aes_restore_sg(dma: &dd->src); |
794 | } |
795 | |
796 | if (dd->dst.sg == &dd->aligned_sg) |
797 | sg_copy_from_buffer(sgl: dd->real_dst, nents: sg_nents(sg: dd->real_dst), |
798 | buf: dd->buf, buflen: dd->total); |
799 | } |
800 | |
801 | static int atmel_aes_dma_transfer_start(struct atmel_aes_dev *dd, |
802 | enum dma_slave_buswidth addr_width, |
803 | enum dma_transfer_direction dir, |
804 | u32 maxburst) |
805 | { |
806 | struct dma_async_tx_descriptor *desc; |
807 | struct dma_slave_config config; |
808 | dma_async_tx_callback callback; |
809 | struct atmel_aes_dma *dma; |
810 | int err; |
811 | |
812 | memset(&config, 0, sizeof(config)); |
813 | config.src_addr_width = addr_width; |
814 | config.dst_addr_width = addr_width; |
815 | config.src_maxburst = maxburst; |
816 | config.dst_maxburst = maxburst; |
817 | |
818 | switch (dir) { |
819 | case DMA_MEM_TO_DEV: |
820 | dma = &dd->src; |
821 | callback = NULL; |
822 | config.dst_addr = dd->phys_base + AES_IDATAR(0); |
823 | break; |
824 | |
825 | case DMA_DEV_TO_MEM: |
826 | dma = &dd->dst; |
827 | callback = atmel_aes_dma_callback; |
828 | config.src_addr = dd->phys_base + AES_ODATAR(0); |
829 | break; |
830 | |
831 | default: |
832 | return -EINVAL; |
833 | } |
834 | |
835 | err = dmaengine_slave_config(chan: dma->chan, config: &config); |
836 | if (err) |
837 | return err; |
838 | |
839 | desc = dmaengine_prep_slave_sg(chan: dma->chan, sgl: dma->sg, sg_len: dma->sg_len, dir, |
840 | flags: DMA_PREP_INTERRUPT | DMA_CTRL_ACK); |
841 | if (!desc) |
842 | return -ENOMEM; |
843 | |
844 | desc->callback = callback; |
845 | desc->callback_param = dd; |
846 | dmaengine_submit(desc); |
847 | dma_async_issue_pending(chan: dma->chan); |
848 | |
849 | return 0; |
850 | } |
851 | |
852 | static int atmel_aes_dma_start(struct atmel_aes_dev *dd, |
853 | struct scatterlist *src, |
854 | struct scatterlist *dst, |
855 | size_t len, |
856 | atmel_aes_fn_t resume) |
857 | { |
858 | enum dma_slave_buswidth addr_width; |
859 | u32 maxburst; |
860 | int err; |
861 | |
862 | switch (dd->ctx->block_size) { |
863 | case CFB8_BLOCK_SIZE: |
864 | addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE; |
865 | maxburst = 1; |
866 | break; |
867 | |
868 | case CFB16_BLOCK_SIZE: |
869 | addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES; |
870 | maxburst = 1; |
871 | break; |
872 | |
873 | case CFB32_BLOCK_SIZE: |
874 | case CFB64_BLOCK_SIZE: |
875 | addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
876 | maxburst = 1; |
877 | break; |
878 | |
879 | case AES_BLOCK_SIZE: |
880 | addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; |
881 | maxburst = dd->caps.max_burst_size; |
882 | break; |
883 | |
884 | default: |
885 | err = -EINVAL; |
886 | goto exit; |
887 | } |
888 | |
889 | err = atmel_aes_map(dd, src, dst, len); |
890 | if (err) |
891 | goto exit; |
892 | |
893 | dd->resume = resume; |
894 | |
895 | /* Set output DMA transfer first */ |
896 | err = atmel_aes_dma_transfer_start(dd, addr_width, dir: DMA_DEV_TO_MEM, |
897 | maxburst); |
898 | if (err) |
899 | goto unmap; |
900 | |
901 | /* Then set input DMA transfer */ |
902 | err = atmel_aes_dma_transfer_start(dd, addr_width, dir: DMA_MEM_TO_DEV, |
903 | maxburst); |
904 | if (err) |
905 | goto output_transfer_stop; |
906 | |
907 | return -EINPROGRESS; |
908 | |
909 | output_transfer_stop: |
910 | dmaengine_terminate_sync(chan: dd->dst.chan); |
911 | unmap: |
912 | atmel_aes_unmap(dd); |
913 | exit: |
914 | return atmel_aes_complete(dd, err); |
915 | } |
916 | |
917 | static void atmel_aes_dma_callback(void *data) |
918 | { |
919 | struct atmel_aes_dev *dd = data; |
920 | |
921 | atmel_aes_unmap(dd); |
922 | dd->is_async = true; |
923 | (void)dd->resume(dd); |
924 | } |
925 | |
926 | static int atmel_aes_handle_queue(struct atmel_aes_dev *dd, |
927 | struct crypto_async_request *new_areq) |
928 | { |
929 | struct crypto_async_request *areq, *backlog; |
930 | struct atmel_aes_base_ctx *ctx; |
931 | unsigned long flags; |
932 | bool start_async; |
933 | int err, ret = 0; |
934 | |
935 | spin_lock_irqsave(&dd->lock, flags); |
936 | if (new_areq) |
937 | ret = crypto_enqueue_request(queue: &dd->queue, request: new_areq); |
938 | if (dd->flags & AES_FLAGS_BUSY) { |
939 | spin_unlock_irqrestore(lock: &dd->lock, flags); |
940 | return ret; |
941 | } |
942 | backlog = crypto_get_backlog(queue: &dd->queue); |
943 | areq = crypto_dequeue_request(queue: &dd->queue); |
944 | if (areq) |
945 | dd->flags |= AES_FLAGS_BUSY; |
946 | spin_unlock_irqrestore(lock: &dd->lock, flags); |
947 | |
948 | if (!areq) |
949 | return ret; |
950 | |
951 | if (backlog) |
952 | crypto_request_complete(req: backlog, err: -EINPROGRESS); |
953 | |
954 | ctx = crypto_tfm_ctx(tfm: areq->tfm); |
955 | |
956 | dd->areq = areq; |
957 | dd->ctx = ctx; |
958 | start_async = (areq != new_areq); |
959 | dd->is_async = start_async; |
960 | |
961 | /* WARNING: ctx->start() MAY change dd->is_async. */ |
962 | err = ctx->start(dd); |
963 | return (start_async) ? ret : err; |
964 | } |
965 | |
966 | |
967 | /* AES async block ciphers */ |
968 | |
969 | static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd) |
970 | { |
971 | return atmel_aes_complete(dd, err: 0); |
972 | } |
973 | |
974 | static int atmel_aes_start(struct atmel_aes_dev *dd) |
975 | { |
976 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
977 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
978 | bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD || |
979 | dd->ctx->block_size != AES_BLOCK_SIZE); |
980 | int err; |
981 | |
982 | atmel_aes_set_mode(dd, rctx); |
983 | |
984 | err = atmel_aes_hw_init(dd); |
985 | if (err) |
986 | return atmel_aes_complete(dd, err); |
987 | |
988 | atmel_aes_write_ctrl(dd, use_dma, iv: (void *)req->iv); |
989 | if (use_dma) |
990 | return atmel_aes_dma_start(dd, src: req->src, dst: req->dst, |
991 | len: req->cryptlen, |
992 | resume: atmel_aes_transfer_complete); |
993 | |
994 | return atmel_aes_cpu_start(dd, src: req->src, dst: req->dst, len: req->cryptlen, |
995 | resume: atmel_aes_transfer_complete); |
996 | } |
997 | |
998 | static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd) |
999 | { |
1000 | struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx); |
1001 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
1002 | struct scatterlist *src, *dst; |
1003 | size_t datalen; |
1004 | u32 ctr; |
1005 | u16 start, end; |
1006 | bool use_dma, fragmented = false; |
1007 | |
1008 | /* Check for transfer completion. */ |
1009 | ctx->offset += dd->total; |
1010 | if (ctx->offset >= req->cryptlen) |
1011 | return atmel_aes_transfer_complete(dd); |
1012 | |
1013 | /* Compute data length. */ |
1014 | datalen = req->cryptlen - ctx->offset; |
1015 | ctx->blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE); |
1016 | ctr = be32_to_cpu(ctx->iv[3]); |
1017 | |
1018 | /* Check 16bit counter overflow. */ |
1019 | start = ctr & 0xffff; |
1020 | end = start + ctx->blocks - 1; |
1021 | |
1022 | if (ctx->blocks >> 16 || end < start) { |
1023 | ctr |= 0xffff; |
1024 | datalen = AES_BLOCK_SIZE * (0x10000 - start); |
1025 | fragmented = true; |
1026 | } |
1027 | |
1028 | use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD); |
1029 | |
1030 | /* Jump to offset. */ |
1031 | src = scatterwalk_ffwd(dst: ctx->src, src: req->src, len: ctx->offset); |
1032 | dst = ((req->src == req->dst) ? src : |
1033 | scatterwalk_ffwd(dst: ctx->dst, src: req->dst, len: ctx->offset)); |
1034 | |
1035 | /* Configure hardware. */ |
1036 | atmel_aes_write_ctrl(dd, use_dma, iv: ctx->iv); |
1037 | if (unlikely(fragmented)) { |
1038 | /* |
1039 | * Increment the counter manually to cope with the hardware |
1040 | * counter overflow. |
1041 | */ |
1042 | ctx->iv[3] = cpu_to_be32(ctr); |
1043 | crypto_inc(a: (u8 *)ctx->iv, AES_BLOCK_SIZE); |
1044 | } |
1045 | |
1046 | if (use_dma) |
1047 | return atmel_aes_dma_start(dd, src, dst, len: datalen, |
1048 | resume: atmel_aes_ctr_transfer); |
1049 | |
1050 | return atmel_aes_cpu_start(dd, src, dst, len: datalen, |
1051 | resume: atmel_aes_ctr_transfer); |
1052 | } |
1053 | |
1054 | static int atmel_aes_ctr_start(struct atmel_aes_dev *dd) |
1055 | { |
1056 | struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(ctx: dd->ctx); |
1057 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
1058 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
1059 | int err; |
1060 | |
1061 | atmel_aes_set_mode(dd, rctx); |
1062 | |
1063 | err = atmel_aes_hw_init(dd); |
1064 | if (err) |
1065 | return atmel_aes_complete(dd, err); |
1066 | |
1067 | memcpy(ctx->iv, req->iv, AES_BLOCK_SIZE); |
1068 | ctx->offset = 0; |
1069 | dd->total = 0; |
1070 | return atmel_aes_ctr_transfer(dd); |
1071 | } |
1072 | |
1073 | static int atmel_aes_xts_fallback(struct skcipher_request *req, bool enc) |
1074 | { |
1075 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
1076 | struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx( |
1077 | tfm: crypto_skcipher_reqtfm(req)); |
1078 | |
1079 | skcipher_request_set_tfm(req: &rctx->fallback_req, tfm: ctx->fallback_tfm); |
1080 | skcipher_request_set_callback(req: &rctx->fallback_req, flags: req->base.flags, |
1081 | compl: req->base.complete, data: req->base.data); |
1082 | skcipher_request_set_crypt(req: &rctx->fallback_req, src: req->src, dst: req->dst, |
1083 | cryptlen: req->cryptlen, iv: req->iv); |
1084 | |
1085 | return enc ? crypto_skcipher_encrypt(req: &rctx->fallback_req) : |
1086 | crypto_skcipher_decrypt(req: &rctx->fallback_req); |
1087 | } |
1088 | |
1089 | static int atmel_aes_crypt(struct skcipher_request *req, unsigned long mode) |
1090 | { |
1091 | struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); |
1092 | struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm: skcipher); |
1093 | struct atmel_aes_reqctx *rctx; |
1094 | u32 opmode = mode & AES_FLAGS_OPMODE_MASK; |
1095 | |
1096 | if (opmode == AES_FLAGS_XTS) { |
1097 | if (req->cryptlen < XTS_BLOCK_SIZE) |
1098 | return -EINVAL; |
1099 | |
1100 | if (!IS_ALIGNED(req->cryptlen, XTS_BLOCK_SIZE)) |
1101 | return atmel_aes_xts_fallback(req, |
1102 | enc: mode & AES_FLAGS_ENCRYPT); |
1103 | } |
1104 | |
1105 | /* |
1106 | * ECB, CBC, CFB, OFB or CTR mode require the plaintext and ciphertext |
1107 | * to have a positve integer length. |
1108 | */ |
1109 | if (!req->cryptlen && opmode != AES_FLAGS_XTS) |
1110 | return 0; |
1111 | |
1112 | if ((opmode == AES_FLAGS_ECB || opmode == AES_FLAGS_CBC) && |
1113 | !IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(skcipher))) |
1114 | return -EINVAL; |
1115 | |
1116 | switch (mode & AES_FLAGS_OPMODE_MASK) { |
1117 | case AES_FLAGS_CFB8: |
1118 | ctx->block_size = CFB8_BLOCK_SIZE; |
1119 | break; |
1120 | |
1121 | case AES_FLAGS_CFB16: |
1122 | ctx->block_size = CFB16_BLOCK_SIZE; |
1123 | break; |
1124 | |
1125 | case AES_FLAGS_CFB32: |
1126 | ctx->block_size = CFB32_BLOCK_SIZE; |
1127 | break; |
1128 | |
1129 | case AES_FLAGS_CFB64: |
1130 | ctx->block_size = CFB64_BLOCK_SIZE; |
1131 | break; |
1132 | |
1133 | default: |
1134 | ctx->block_size = AES_BLOCK_SIZE; |
1135 | break; |
1136 | } |
1137 | ctx->is_aead = false; |
1138 | |
1139 | rctx = skcipher_request_ctx(req); |
1140 | rctx->mode = mode; |
1141 | |
1142 | if (opmode != AES_FLAGS_ECB && |
1143 | !(mode & AES_FLAGS_ENCRYPT)) { |
1144 | unsigned int ivsize = crypto_skcipher_ivsize(tfm: skcipher); |
1145 | |
1146 | if (req->cryptlen >= ivsize) |
1147 | scatterwalk_map_and_copy(buf: rctx->lastc, sg: req->src, |
1148 | start: req->cryptlen - ivsize, |
1149 | nbytes: ivsize, out: 0); |
1150 | } |
1151 | |
1152 | return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base); |
1153 | } |
1154 | |
1155 | static int atmel_aes_setkey(struct crypto_skcipher *tfm, const u8 *key, |
1156 | unsigned int keylen) |
1157 | { |
1158 | struct atmel_aes_base_ctx *ctx = crypto_skcipher_ctx(tfm); |
1159 | |
1160 | if (keylen != AES_KEYSIZE_128 && |
1161 | keylen != AES_KEYSIZE_192 && |
1162 | keylen != AES_KEYSIZE_256) |
1163 | return -EINVAL; |
1164 | |
1165 | memcpy(ctx->key, key, keylen); |
1166 | ctx->keylen = keylen; |
1167 | |
1168 | return 0; |
1169 | } |
1170 | |
1171 | static int atmel_aes_ecb_encrypt(struct skcipher_request *req) |
1172 | { |
1173 | return atmel_aes_crypt(req, AES_FLAGS_ECB | AES_FLAGS_ENCRYPT); |
1174 | } |
1175 | |
1176 | static int atmel_aes_ecb_decrypt(struct skcipher_request *req) |
1177 | { |
1178 | return atmel_aes_crypt(req, AES_FLAGS_ECB); |
1179 | } |
1180 | |
1181 | static int atmel_aes_cbc_encrypt(struct skcipher_request *req) |
1182 | { |
1183 | return atmel_aes_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT); |
1184 | } |
1185 | |
1186 | static int atmel_aes_cbc_decrypt(struct skcipher_request *req) |
1187 | { |
1188 | return atmel_aes_crypt(req, AES_FLAGS_CBC); |
1189 | } |
1190 | |
1191 | static int atmel_aes_ofb_encrypt(struct skcipher_request *req) |
1192 | { |
1193 | return atmel_aes_crypt(req, AES_FLAGS_OFB | AES_FLAGS_ENCRYPT); |
1194 | } |
1195 | |
1196 | static int atmel_aes_ofb_decrypt(struct skcipher_request *req) |
1197 | { |
1198 | return atmel_aes_crypt(req, AES_FLAGS_OFB); |
1199 | } |
1200 | |
1201 | static int atmel_aes_cfb_encrypt(struct skcipher_request *req) |
1202 | { |
1203 | return atmel_aes_crypt(req, AES_FLAGS_CFB128 | AES_FLAGS_ENCRYPT); |
1204 | } |
1205 | |
1206 | static int atmel_aes_cfb_decrypt(struct skcipher_request *req) |
1207 | { |
1208 | return atmel_aes_crypt(req, AES_FLAGS_CFB128); |
1209 | } |
1210 | |
1211 | static int atmel_aes_cfb64_encrypt(struct skcipher_request *req) |
1212 | { |
1213 | return atmel_aes_crypt(req, AES_FLAGS_CFB64 | AES_FLAGS_ENCRYPT); |
1214 | } |
1215 | |
1216 | static int atmel_aes_cfb64_decrypt(struct skcipher_request *req) |
1217 | { |
1218 | return atmel_aes_crypt(req, AES_FLAGS_CFB64); |
1219 | } |
1220 | |
1221 | static int atmel_aes_cfb32_encrypt(struct skcipher_request *req) |
1222 | { |
1223 | return atmel_aes_crypt(req, AES_FLAGS_CFB32 | AES_FLAGS_ENCRYPT); |
1224 | } |
1225 | |
1226 | static int atmel_aes_cfb32_decrypt(struct skcipher_request *req) |
1227 | { |
1228 | return atmel_aes_crypt(req, AES_FLAGS_CFB32); |
1229 | } |
1230 | |
1231 | static int atmel_aes_cfb16_encrypt(struct skcipher_request *req) |
1232 | { |
1233 | return atmel_aes_crypt(req, AES_FLAGS_CFB16 | AES_FLAGS_ENCRYPT); |
1234 | } |
1235 | |
1236 | static int atmel_aes_cfb16_decrypt(struct skcipher_request *req) |
1237 | { |
1238 | return atmel_aes_crypt(req, AES_FLAGS_CFB16); |
1239 | } |
1240 | |
1241 | static int atmel_aes_cfb8_encrypt(struct skcipher_request *req) |
1242 | { |
1243 | return atmel_aes_crypt(req, AES_FLAGS_CFB8 | AES_FLAGS_ENCRYPT); |
1244 | } |
1245 | |
1246 | static int atmel_aes_cfb8_decrypt(struct skcipher_request *req) |
1247 | { |
1248 | return atmel_aes_crypt(req, AES_FLAGS_CFB8); |
1249 | } |
1250 | |
1251 | static int atmel_aes_ctr_encrypt(struct skcipher_request *req) |
1252 | { |
1253 | return atmel_aes_crypt(req, AES_FLAGS_CTR | AES_FLAGS_ENCRYPT); |
1254 | } |
1255 | |
1256 | static int atmel_aes_ctr_decrypt(struct skcipher_request *req) |
1257 | { |
1258 | return atmel_aes_crypt(req, AES_FLAGS_CTR); |
1259 | } |
1260 | |
1261 | static int atmel_aes_init_tfm(struct crypto_skcipher *tfm) |
1262 | { |
1263 | struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm); |
1264 | struct atmel_aes_dev *dd; |
1265 | |
1266 | dd = atmel_aes_dev_alloc(ctx: &ctx->base); |
1267 | if (!dd) |
1268 | return -ENODEV; |
1269 | |
1270 | crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx)); |
1271 | ctx->base.dd = dd; |
1272 | ctx->base.start = atmel_aes_start; |
1273 | |
1274 | return 0; |
1275 | } |
1276 | |
1277 | static int atmel_aes_ctr_init_tfm(struct crypto_skcipher *tfm) |
1278 | { |
1279 | struct atmel_aes_ctx *ctx = crypto_skcipher_ctx(tfm); |
1280 | struct atmel_aes_dev *dd; |
1281 | |
1282 | dd = atmel_aes_dev_alloc(ctx: &ctx->base); |
1283 | if (!dd) |
1284 | return -ENODEV; |
1285 | |
1286 | crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx)); |
1287 | ctx->base.dd = dd; |
1288 | ctx->base.start = atmel_aes_ctr_start; |
1289 | |
1290 | return 0; |
1291 | } |
1292 | |
1293 | static struct skcipher_alg aes_algs[] = { |
1294 | { |
1295 | .base.cra_name = "ecb(aes)" , |
1296 | .base.cra_driver_name = "atmel-ecb-aes" , |
1297 | .base.cra_blocksize = AES_BLOCK_SIZE, |
1298 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1299 | |
1300 | .init = atmel_aes_init_tfm, |
1301 | .min_keysize = AES_MIN_KEY_SIZE, |
1302 | .max_keysize = AES_MAX_KEY_SIZE, |
1303 | .setkey = atmel_aes_setkey, |
1304 | .encrypt = atmel_aes_ecb_encrypt, |
1305 | .decrypt = atmel_aes_ecb_decrypt, |
1306 | }, |
1307 | { |
1308 | .base.cra_name = "cbc(aes)" , |
1309 | .base.cra_driver_name = "atmel-cbc-aes" , |
1310 | .base.cra_blocksize = AES_BLOCK_SIZE, |
1311 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1312 | |
1313 | .init = atmel_aes_init_tfm, |
1314 | .min_keysize = AES_MIN_KEY_SIZE, |
1315 | .max_keysize = AES_MAX_KEY_SIZE, |
1316 | .setkey = atmel_aes_setkey, |
1317 | .encrypt = atmel_aes_cbc_encrypt, |
1318 | .decrypt = atmel_aes_cbc_decrypt, |
1319 | .ivsize = AES_BLOCK_SIZE, |
1320 | }, |
1321 | { |
1322 | .base.cra_name = "ofb(aes)" , |
1323 | .base.cra_driver_name = "atmel-ofb-aes" , |
1324 | .base.cra_blocksize = 1, |
1325 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1326 | |
1327 | .init = atmel_aes_init_tfm, |
1328 | .min_keysize = AES_MIN_KEY_SIZE, |
1329 | .max_keysize = AES_MAX_KEY_SIZE, |
1330 | .setkey = atmel_aes_setkey, |
1331 | .encrypt = atmel_aes_ofb_encrypt, |
1332 | .decrypt = atmel_aes_ofb_decrypt, |
1333 | .ivsize = AES_BLOCK_SIZE, |
1334 | }, |
1335 | { |
1336 | .base.cra_name = "cfb(aes)" , |
1337 | .base.cra_driver_name = "atmel-cfb-aes" , |
1338 | .base.cra_blocksize = 1, |
1339 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1340 | |
1341 | .init = atmel_aes_init_tfm, |
1342 | .min_keysize = AES_MIN_KEY_SIZE, |
1343 | .max_keysize = AES_MAX_KEY_SIZE, |
1344 | .setkey = atmel_aes_setkey, |
1345 | .encrypt = atmel_aes_cfb_encrypt, |
1346 | .decrypt = atmel_aes_cfb_decrypt, |
1347 | .ivsize = AES_BLOCK_SIZE, |
1348 | }, |
1349 | { |
1350 | .base.cra_name = "cfb32(aes)" , |
1351 | .base.cra_driver_name = "atmel-cfb32-aes" , |
1352 | .base.cra_blocksize = CFB32_BLOCK_SIZE, |
1353 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1354 | |
1355 | .init = atmel_aes_init_tfm, |
1356 | .min_keysize = AES_MIN_KEY_SIZE, |
1357 | .max_keysize = AES_MAX_KEY_SIZE, |
1358 | .setkey = atmel_aes_setkey, |
1359 | .encrypt = atmel_aes_cfb32_encrypt, |
1360 | .decrypt = atmel_aes_cfb32_decrypt, |
1361 | .ivsize = AES_BLOCK_SIZE, |
1362 | }, |
1363 | { |
1364 | .base.cra_name = "cfb16(aes)" , |
1365 | .base.cra_driver_name = "atmel-cfb16-aes" , |
1366 | .base.cra_blocksize = CFB16_BLOCK_SIZE, |
1367 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1368 | |
1369 | .init = atmel_aes_init_tfm, |
1370 | .min_keysize = AES_MIN_KEY_SIZE, |
1371 | .max_keysize = AES_MAX_KEY_SIZE, |
1372 | .setkey = atmel_aes_setkey, |
1373 | .encrypt = atmel_aes_cfb16_encrypt, |
1374 | .decrypt = atmel_aes_cfb16_decrypt, |
1375 | .ivsize = AES_BLOCK_SIZE, |
1376 | }, |
1377 | { |
1378 | .base.cra_name = "cfb8(aes)" , |
1379 | .base.cra_driver_name = "atmel-cfb8-aes" , |
1380 | .base.cra_blocksize = CFB8_BLOCK_SIZE, |
1381 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1382 | |
1383 | .init = atmel_aes_init_tfm, |
1384 | .min_keysize = AES_MIN_KEY_SIZE, |
1385 | .max_keysize = AES_MAX_KEY_SIZE, |
1386 | .setkey = atmel_aes_setkey, |
1387 | .encrypt = atmel_aes_cfb8_encrypt, |
1388 | .decrypt = atmel_aes_cfb8_decrypt, |
1389 | .ivsize = AES_BLOCK_SIZE, |
1390 | }, |
1391 | { |
1392 | .base.cra_name = "ctr(aes)" , |
1393 | .base.cra_driver_name = "atmel-ctr-aes" , |
1394 | .base.cra_blocksize = 1, |
1395 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctr_ctx), |
1396 | |
1397 | .init = atmel_aes_ctr_init_tfm, |
1398 | .min_keysize = AES_MIN_KEY_SIZE, |
1399 | .max_keysize = AES_MAX_KEY_SIZE, |
1400 | .setkey = atmel_aes_setkey, |
1401 | .encrypt = atmel_aes_ctr_encrypt, |
1402 | .decrypt = atmel_aes_ctr_decrypt, |
1403 | .ivsize = AES_BLOCK_SIZE, |
1404 | }, |
1405 | }; |
1406 | |
1407 | static struct skcipher_alg aes_cfb64_alg = { |
1408 | .base.cra_name = "cfb64(aes)" , |
1409 | .base.cra_driver_name = "atmel-cfb64-aes" , |
1410 | .base.cra_blocksize = CFB64_BLOCK_SIZE, |
1411 | .base.cra_ctxsize = sizeof(struct atmel_aes_ctx), |
1412 | |
1413 | .init = atmel_aes_init_tfm, |
1414 | .min_keysize = AES_MIN_KEY_SIZE, |
1415 | .max_keysize = AES_MAX_KEY_SIZE, |
1416 | .setkey = atmel_aes_setkey, |
1417 | .encrypt = atmel_aes_cfb64_encrypt, |
1418 | .decrypt = atmel_aes_cfb64_decrypt, |
1419 | .ivsize = AES_BLOCK_SIZE, |
1420 | }; |
1421 | |
1422 | |
1423 | /* gcm aead functions */ |
1424 | |
1425 | static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, |
1426 | const u32 *data, size_t datalen, |
1427 | const __be32 *ghash_in, __be32 *ghash_out, |
1428 | atmel_aes_fn_t resume); |
1429 | static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd); |
1430 | static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd); |
1431 | |
1432 | static int atmel_aes_gcm_start(struct atmel_aes_dev *dd); |
1433 | static int atmel_aes_gcm_process(struct atmel_aes_dev *dd); |
1434 | static int atmel_aes_gcm_length(struct atmel_aes_dev *dd); |
1435 | static int atmel_aes_gcm_data(struct atmel_aes_dev *dd); |
1436 | static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd); |
1437 | static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd); |
1438 | static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd); |
1439 | |
1440 | static inline struct atmel_aes_gcm_ctx * |
1441 | atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx) |
1442 | { |
1443 | return container_of(ctx, struct atmel_aes_gcm_ctx, base); |
1444 | } |
1445 | |
1446 | static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd, |
1447 | const u32 *data, size_t datalen, |
1448 | const __be32 *ghash_in, __be32 *ghash_out, |
1449 | atmel_aes_fn_t resume) |
1450 | { |
1451 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1452 | |
1453 | dd->data = (u32 *)data; |
1454 | dd->datalen = datalen; |
1455 | ctx->ghash_in = ghash_in; |
1456 | ctx->ghash_out = ghash_out; |
1457 | ctx->ghash_resume = resume; |
1458 | |
1459 | atmel_aes_write_ctrl(dd, use_dma: false, NULL); |
1460 | return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_ghash_init); |
1461 | } |
1462 | |
1463 | static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd) |
1464 | { |
1465 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1466 | |
1467 | /* Set the data length. */ |
1468 | atmel_aes_write(dd, AES_AADLENR, value: dd->total); |
1469 | atmel_aes_write(dd, AES_CLENR, value: 0); |
1470 | |
1471 | /* If needed, overwrite the GCM Intermediate Hash Word Registers */ |
1472 | if (ctx->ghash_in) |
1473 | atmel_aes_write_block(dd, AES_GHASHR(0), value: ctx->ghash_in); |
1474 | |
1475 | return atmel_aes_gcm_ghash_finalize(dd); |
1476 | } |
1477 | |
1478 | static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd) |
1479 | { |
1480 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1481 | u32 isr; |
1482 | |
1483 | /* Write data into the Input Data Registers. */ |
1484 | while (dd->datalen > 0) { |
1485 | atmel_aes_write_block(dd, AES_IDATAR(0), value: dd->data); |
1486 | dd->data += 4; |
1487 | dd->datalen -= AES_BLOCK_SIZE; |
1488 | |
1489 | isr = atmel_aes_read(dd, AES_ISR); |
1490 | if (!(isr & AES_INT_DATARDY)) { |
1491 | dd->resume = atmel_aes_gcm_ghash_finalize; |
1492 | atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); |
1493 | return -EINPROGRESS; |
1494 | } |
1495 | } |
1496 | |
1497 | /* Read the computed hash from GHASHRx. */ |
1498 | atmel_aes_read_block(dd, AES_GHASHR(0), value: ctx->ghash_out); |
1499 | |
1500 | return ctx->ghash_resume(dd); |
1501 | } |
1502 | |
1503 | |
1504 | static int atmel_aes_gcm_start(struct atmel_aes_dev *dd) |
1505 | { |
1506 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1507 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1508 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
1509 | struct atmel_aes_reqctx *rctx = aead_request_ctx(req); |
1510 | size_t ivsize = crypto_aead_ivsize(tfm); |
1511 | size_t datalen, padlen; |
1512 | const void *iv = req->iv; |
1513 | u8 *data = dd->buf; |
1514 | int err; |
1515 | |
1516 | atmel_aes_set_mode(dd, rctx); |
1517 | |
1518 | err = atmel_aes_hw_init(dd); |
1519 | if (err) |
1520 | return atmel_aes_complete(dd, err); |
1521 | |
1522 | if (likely(ivsize == GCM_AES_IV_SIZE)) { |
1523 | memcpy(ctx->j0, iv, ivsize); |
1524 | ctx->j0[3] = cpu_to_be32(1); |
1525 | return atmel_aes_gcm_process(dd); |
1526 | } |
1527 | |
1528 | padlen = atmel_aes_padlen(len: ivsize, AES_BLOCK_SIZE); |
1529 | datalen = ivsize + padlen + AES_BLOCK_SIZE; |
1530 | if (datalen > dd->buflen) |
1531 | return atmel_aes_complete(dd, err: -EINVAL); |
1532 | |
1533 | memcpy(data, iv, ivsize); |
1534 | memset(data + ivsize, 0, padlen + sizeof(u64)); |
1535 | ((__be64 *)(data + datalen))[-1] = cpu_to_be64(ivsize * 8); |
1536 | |
1537 | return atmel_aes_gcm_ghash(dd, data: (const u32 *)data, datalen, |
1538 | NULL, ghash_out: ctx->j0, resume: atmel_aes_gcm_process); |
1539 | } |
1540 | |
1541 | static int atmel_aes_gcm_process(struct atmel_aes_dev *dd) |
1542 | { |
1543 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1544 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1545 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
1546 | bool enc = atmel_aes_is_encrypt(dd); |
1547 | u32 authsize; |
1548 | |
1549 | /* Compute text length. */ |
1550 | authsize = crypto_aead_authsize(tfm); |
1551 | ctx->textlen = req->cryptlen - (enc ? 0 : authsize); |
1552 | |
1553 | /* |
1554 | * According to tcrypt test suite, the GCM Automatic Tag Generation |
1555 | * fails when both the message and its associated data are empty. |
1556 | */ |
1557 | if (likely(req->assoclen != 0 || ctx->textlen != 0)) |
1558 | dd->flags |= AES_FLAGS_GTAGEN; |
1559 | |
1560 | atmel_aes_write_ctrl(dd, use_dma: false, NULL); |
1561 | return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_length); |
1562 | } |
1563 | |
1564 | static int atmel_aes_gcm_length(struct atmel_aes_dev *dd) |
1565 | { |
1566 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1567 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1568 | __be32 j0_lsw, *j0 = ctx->j0; |
1569 | size_t padlen; |
1570 | |
1571 | /* Write incr32(J0) into IV. */ |
1572 | j0_lsw = j0[3]; |
1573 | be32_add_cpu(var: &j0[3], val: 1); |
1574 | atmel_aes_write_block(dd, AES_IVR(0), value: j0); |
1575 | j0[3] = j0_lsw; |
1576 | |
1577 | /* Set aad and text lengths. */ |
1578 | atmel_aes_write(dd, AES_AADLENR, value: req->assoclen); |
1579 | atmel_aes_write(dd, AES_CLENR, value: ctx->textlen); |
1580 | |
1581 | /* Check whether AAD are present. */ |
1582 | if (unlikely(req->assoclen == 0)) { |
1583 | dd->datalen = 0; |
1584 | return atmel_aes_gcm_data(dd); |
1585 | } |
1586 | |
1587 | /* Copy assoc data and add padding. */ |
1588 | padlen = atmel_aes_padlen(len: req->assoclen, AES_BLOCK_SIZE); |
1589 | if (unlikely(req->assoclen + padlen > dd->buflen)) |
1590 | return atmel_aes_complete(dd, err: -EINVAL); |
1591 | sg_copy_to_buffer(sgl: req->src, nents: sg_nents(sg: req->src), buf: dd->buf, buflen: req->assoclen); |
1592 | |
1593 | /* Write assoc data into the Input Data register. */ |
1594 | dd->data = (u32 *)dd->buf; |
1595 | dd->datalen = req->assoclen + padlen; |
1596 | return atmel_aes_gcm_data(dd); |
1597 | } |
1598 | |
1599 | static int atmel_aes_gcm_data(struct atmel_aes_dev *dd) |
1600 | { |
1601 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1602 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1603 | bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD); |
1604 | struct scatterlist *src, *dst; |
1605 | u32 isr, mr; |
1606 | |
1607 | /* Write AAD first. */ |
1608 | while (dd->datalen > 0) { |
1609 | atmel_aes_write_block(dd, AES_IDATAR(0), value: dd->data); |
1610 | dd->data += 4; |
1611 | dd->datalen -= AES_BLOCK_SIZE; |
1612 | |
1613 | isr = atmel_aes_read(dd, AES_ISR); |
1614 | if (!(isr & AES_INT_DATARDY)) { |
1615 | dd->resume = atmel_aes_gcm_data; |
1616 | atmel_aes_write(dd, AES_IER, AES_INT_DATARDY); |
1617 | return -EINPROGRESS; |
1618 | } |
1619 | } |
1620 | |
1621 | /* GMAC only. */ |
1622 | if (unlikely(ctx->textlen == 0)) |
1623 | return atmel_aes_gcm_tag_init(dd); |
1624 | |
1625 | /* Prepare src and dst scatter lists to transfer cipher/plain texts */ |
1626 | src = scatterwalk_ffwd(dst: ctx->src, src: req->src, len: req->assoclen); |
1627 | dst = ((req->src == req->dst) ? src : |
1628 | scatterwalk_ffwd(dst: ctx->dst, src: req->dst, len: req->assoclen)); |
1629 | |
1630 | if (use_dma) { |
1631 | /* Update the Mode Register for DMA transfers. */ |
1632 | mr = atmel_aes_read(dd, AES_MR); |
1633 | mr &= ~(AES_MR_SMOD_MASK | AES_MR_DUALBUFF); |
1634 | mr |= AES_MR_SMOD_IDATAR0; |
1635 | if (dd->caps.has_dualbuff) |
1636 | mr |= AES_MR_DUALBUFF; |
1637 | atmel_aes_write(dd, AES_MR, value: mr); |
1638 | |
1639 | return atmel_aes_dma_start(dd, src, dst, len: ctx->textlen, |
1640 | resume: atmel_aes_gcm_tag_init); |
1641 | } |
1642 | |
1643 | return atmel_aes_cpu_start(dd, src, dst, len: ctx->textlen, |
1644 | resume: atmel_aes_gcm_tag_init); |
1645 | } |
1646 | |
1647 | static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd) |
1648 | { |
1649 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1650 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1651 | __be64 *data = dd->buf; |
1652 | |
1653 | if (likely(dd->flags & AES_FLAGS_GTAGEN)) { |
1654 | if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) { |
1655 | dd->resume = atmel_aes_gcm_tag_init; |
1656 | atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY); |
1657 | return -EINPROGRESS; |
1658 | } |
1659 | |
1660 | return atmel_aes_gcm_finalize(dd); |
1661 | } |
1662 | |
1663 | /* Read the GCM Intermediate Hash Word Registers. */ |
1664 | atmel_aes_read_block(dd, AES_GHASHR(0), value: ctx->ghash); |
1665 | |
1666 | data[0] = cpu_to_be64(req->assoclen * 8); |
1667 | data[1] = cpu_to_be64(ctx->textlen * 8); |
1668 | |
1669 | return atmel_aes_gcm_ghash(dd, data: (const u32 *)data, AES_BLOCK_SIZE, |
1670 | ghash_in: ctx->ghash, ghash_out: ctx->ghash, resume: atmel_aes_gcm_tag); |
1671 | } |
1672 | |
1673 | static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd) |
1674 | { |
1675 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1676 | unsigned long flags; |
1677 | |
1678 | /* |
1679 | * Change mode to CTR to complete the tag generation. |
1680 | * Use J0 as Initialization Vector. |
1681 | */ |
1682 | flags = dd->flags; |
1683 | dd->flags &= ~(AES_FLAGS_OPMODE_MASK | AES_FLAGS_GTAGEN); |
1684 | dd->flags |= AES_FLAGS_CTR; |
1685 | atmel_aes_write_ctrl(dd, use_dma: false, iv: ctx->j0); |
1686 | dd->flags = flags; |
1687 | |
1688 | atmel_aes_write_block(dd, AES_IDATAR(0), value: ctx->ghash); |
1689 | return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_gcm_finalize); |
1690 | } |
1691 | |
1692 | static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd) |
1693 | { |
1694 | struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(ctx: dd->ctx); |
1695 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1696 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
1697 | bool enc = atmel_aes_is_encrypt(dd); |
1698 | u32 offset, authsize, itag[4], *otag = ctx->tag; |
1699 | int err; |
1700 | |
1701 | /* Read the computed tag. */ |
1702 | if (likely(dd->flags & AES_FLAGS_GTAGEN)) |
1703 | atmel_aes_read_block(dd, AES_TAGR(0), value: ctx->tag); |
1704 | else |
1705 | atmel_aes_read_block(dd, AES_ODATAR(0), value: ctx->tag); |
1706 | |
1707 | offset = req->assoclen + ctx->textlen; |
1708 | authsize = crypto_aead_authsize(tfm); |
1709 | if (enc) { |
1710 | scatterwalk_map_and_copy(buf: otag, sg: req->dst, start: offset, nbytes: authsize, out: 1); |
1711 | err = 0; |
1712 | } else { |
1713 | scatterwalk_map_and_copy(buf: itag, sg: req->src, start: offset, nbytes: authsize, out: 0); |
1714 | err = crypto_memneq(a: itag, b: otag, size: authsize) ? -EBADMSG : 0; |
1715 | } |
1716 | |
1717 | return atmel_aes_complete(dd, err); |
1718 | } |
1719 | |
1720 | static int atmel_aes_gcm_crypt(struct aead_request *req, |
1721 | unsigned long mode) |
1722 | { |
1723 | struct atmel_aes_base_ctx *ctx; |
1724 | struct atmel_aes_reqctx *rctx; |
1725 | |
1726 | ctx = crypto_aead_ctx(tfm: crypto_aead_reqtfm(req)); |
1727 | ctx->block_size = AES_BLOCK_SIZE; |
1728 | ctx->is_aead = true; |
1729 | |
1730 | rctx = aead_request_ctx(req); |
1731 | rctx->mode = AES_FLAGS_GCM | mode; |
1732 | |
1733 | return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base); |
1734 | } |
1735 | |
1736 | static int atmel_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, |
1737 | unsigned int keylen) |
1738 | { |
1739 | struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm); |
1740 | |
1741 | if (keylen != AES_KEYSIZE_256 && |
1742 | keylen != AES_KEYSIZE_192 && |
1743 | keylen != AES_KEYSIZE_128) |
1744 | return -EINVAL; |
1745 | |
1746 | memcpy(ctx->key, key, keylen); |
1747 | ctx->keylen = keylen; |
1748 | |
1749 | return 0; |
1750 | } |
1751 | |
1752 | static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm, |
1753 | unsigned int authsize) |
1754 | { |
1755 | return crypto_gcm_check_authsize(authsize); |
1756 | } |
1757 | |
1758 | static int atmel_aes_gcm_encrypt(struct aead_request *req) |
1759 | { |
1760 | return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT); |
1761 | } |
1762 | |
1763 | static int atmel_aes_gcm_decrypt(struct aead_request *req) |
1764 | { |
1765 | return atmel_aes_gcm_crypt(req, mode: 0); |
1766 | } |
1767 | |
1768 | static int atmel_aes_gcm_init(struct crypto_aead *tfm) |
1769 | { |
1770 | struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm); |
1771 | struct atmel_aes_dev *dd; |
1772 | |
1773 | dd = atmel_aes_dev_alloc(ctx: &ctx->base); |
1774 | if (!dd) |
1775 | return -ENODEV; |
1776 | |
1777 | crypto_aead_set_reqsize(aead: tfm, reqsize: sizeof(struct atmel_aes_reqctx)); |
1778 | ctx->base.dd = dd; |
1779 | ctx->base.start = atmel_aes_gcm_start; |
1780 | |
1781 | return 0; |
1782 | } |
1783 | |
1784 | static struct aead_alg aes_gcm_alg = { |
1785 | .setkey = atmel_aes_gcm_setkey, |
1786 | .setauthsize = atmel_aes_gcm_setauthsize, |
1787 | .encrypt = atmel_aes_gcm_encrypt, |
1788 | .decrypt = atmel_aes_gcm_decrypt, |
1789 | .init = atmel_aes_gcm_init, |
1790 | .ivsize = GCM_AES_IV_SIZE, |
1791 | .maxauthsize = AES_BLOCK_SIZE, |
1792 | |
1793 | .base = { |
1794 | .cra_name = "gcm(aes)" , |
1795 | .cra_driver_name = "atmel-gcm-aes" , |
1796 | .cra_blocksize = 1, |
1797 | .cra_ctxsize = sizeof(struct atmel_aes_gcm_ctx), |
1798 | }, |
1799 | }; |
1800 | |
1801 | |
1802 | /* xts functions */ |
1803 | |
1804 | static inline struct atmel_aes_xts_ctx * |
1805 | atmel_aes_xts_ctx_cast(struct atmel_aes_base_ctx *ctx) |
1806 | { |
1807 | return container_of(ctx, struct atmel_aes_xts_ctx, base); |
1808 | } |
1809 | |
1810 | static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd); |
1811 | |
1812 | static int atmel_aes_xts_start(struct atmel_aes_dev *dd) |
1813 | { |
1814 | struct atmel_aes_xts_ctx *ctx = atmel_aes_xts_ctx_cast(ctx: dd->ctx); |
1815 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
1816 | struct atmel_aes_reqctx *rctx = skcipher_request_ctx(req); |
1817 | unsigned long flags; |
1818 | int err; |
1819 | |
1820 | atmel_aes_set_mode(dd, rctx); |
1821 | |
1822 | err = atmel_aes_hw_init(dd); |
1823 | if (err) |
1824 | return atmel_aes_complete(dd, err); |
1825 | |
1826 | /* Compute the tweak value from req->iv with ecb(aes). */ |
1827 | flags = dd->flags; |
1828 | dd->flags &= ~AES_FLAGS_MODE_MASK; |
1829 | dd->flags |= (AES_FLAGS_ECB | AES_FLAGS_ENCRYPT); |
1830 | atmel_aes_write_ctrl_key(dd, use_dma: false, NULL, |
1831 | key: ctx->key2, keylen: ctx->base.keylen); |
1832 | dd->flags = flags; |
1833 | |
1834 | atmel_aes_write_block(dd, AES_IDATAR(0), value: req->iv); |
1835 | return atmel_aes_wait_for_data_ready(dd, resume: atmel_aes_xts_process_data); |
1836 | } |
1837 | |
1838 | static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd) |
1839 | { |
1840 | struct skcipher_request *req = skcipher_request_cast(req: dd->areq); |
1841 | bool use_dma = (req->cryptlen >= ATMEL_AES_DMA_THRESHOLD); |
1842 | u32 tweak[AES_BLOCK_SIZE / sizeof(u32)]; |
1843 | static const __le32 one[AES_BLOCK_SIZE / sizeof(u32)] = {cpu_to_le32(1), }; |
1844 | u8 *tweak_bytes = (u8 *)tweak; |
1845 | int i; |
1846 | |
1847 | /* Read the computed ciphered tweak value. */ |
1848 | atmel_aes_read_block(dd, AES_ODATAR(0), value: tweak); |
1849 | /* |
1850 | * Hardware quirk: |
1851 | * the order of the ciphered tweak bytes need to be reversed before |
1852 | * writing them into the ODATARx registers. |
1853 | */ |
1854 | for (i = 0; i < AES_BLOCK_SIZE/2; ++i) |
1855 | swap(tweak_bytes[i], tweak_bytes[AES_BLOCK_SIZE - 1 - i]); |
1856 | |
1857 | /* Process the data. */ |
1858 | atmel_aes_write_ctrl(dd, use_dma, NULL); |
1859 | atmel_aes_write_block(dd, AES_TWR(0), value: tweak); |
1860 | atmel_aes_write_block(dd, AES_ALPHAR(0), value: one); |
1861 | if (use_dma) |
1862 | return atmel_aes_dma_start(dd, src: req->src, dst: req->dst, |
1863 | len: req->cryptlen, |
1864 | resume: atmel_aes_transfer_complete); |
1865 | |
1866 | return atmel_aes_cpu_start(dd, src: req->src, dst: req->dst, len: req->cryptlen, |
1867 | resume: atmel_aes_transfer_complete); |
1868 | } |
1869 | |
1870 | static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key, |
1871 | unsigned int keylen) |
1872 | { |
1873 | struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); |
1874 | int err; |
1875 | |
1876 | err = xts_verify_key(tfm, key, keylen); |
1877 | if (err) |
1878 | return err; |
1879 | |
1880 | crypto_skcipher_clear_flags(tfm: ctx->fallback_tfm, CRYPTO_TFM_REQ_MASK); |
1881 | crypto_skcipher_set_flags(tfm: ctx->fallback_tfm, flags: tfm->base.crt_flags & |
1882 | CRYPTO_TFM_REQ_MASK); |
1883 | err = crypto_skcipher_setkey(tfm: ctx->fallback_tfm, key, keylen); |
1884 | if (err) |
1885 | return err; |
1886 | |
1887 | memcpy(ctx->base.key, key, keylen/2); |
1888 | memcpy(ctx->key2, key + keylen/2, keylen/2); |
1889 | ctx->base.keylen = keylen/2; |
1890 | |
1891 | return 0; |
1892 | } |
1893 | |
1894 | static int atmel_aes_xts_encrypt(struct skcipher_request *req) |
1895 | { |
1896 | return atmel_aes_crypt(req, AES_FLAGS_XTS | AES_FLAGS_ENCRYPT); |
1897 | } |
1898 | |
1899 | static int atmel_aes_xts_decrypt(struct skcipher_request *req) |
1900 | { |
1901 | return atmel_aes_crypt(req, AES_FLAGS_XTS); |
1902 | } |
1903 | |
1904 | static int atmel_aes_xts_init_tfm(struct crypto_skcipher *tfm) |
1905 | { |
1906 | struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); |
1907 | struct atmel_aes_dev *dd; |
1908 | const char *tfm_name = crypto_tfm_alg_name(tfm: &tfm->base); |
1909 | |
1910 | dd = atmel_aes_dev_alloc(ctx: &ctx->base); |
1911 | if (!dd) |
1912 | return -ENODEV; |
1913 | |
1914 | ctx->fallback_tfm = crypto_alloc_skcipher(alg_name: tfm_name, type: 0, |
1915 | CRYPTO_ALG_NEED_FALLBACK); |
1916 | if (IS_ERR(ptr: ctx->fallback_tfm)) |
1917 | return PTR_ERR(ptr: ctx->fallback_tfm); |
1918 | |
1919 | crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct atmel_aes_reqctx) + |
1920 | crypto_skcipher_reqsize(tfm: ctx->fallback_tfm)); |
1921 | ctx->base.dd = dd; |
1922 | ctx->base.start = atmel_aes_xts_start; |
1923 | |
1924 | return 0; |
1925 | } |
1926 | |
1927 | static void atmel_aes_xts_exit_tfm(struct crypto_skcipher *tfm) |
1928 | { |
1929 | struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm); |
1930 | |
1931 | crypto_free_skcipher(tfm: ctx->fallback_tfm); |
1932 | } |
1933 | |
1934 | static struct skcipher_alg aes_xts_alg = { |
1935 | .base.cra_name = "xts(aes)" , |
1936 | .base.cra_driver_name = "atmel-xts-aes" , |
1937 | .base.cra_blocksize = AES_BLOCK_SIZE, |
1938 | .base.cra_ctxsize = sizeof(struct atmel_aes_xts_ctx), |
1939 | .base.cra_flags = CRYPTO_ALG_NEED_FALLBACK, |
1940 | |
1941 | .min_keysize = 2 * AES_MIN_KEY_SIZE, |
1942 | .max_keysize = 2 * AES_MAX_KEY_SIZE, |
1943 | .ivsize = AES_BLOCK_SIZE, |
1944 | .setkey = atmel_aes_xts_setkey, |
1945 | .encrypt = atmel_aes_xts_encrypt, |
1946 | .decrypt = atmel_aes_xts_decrypt, |
1947 | .init = atmel_aes_xts_init_tfm, |
1948 | .exit = atmel_aes_xts_exit_tfm, |
1949 | }; |
1950 | |
1951 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
1952 | /* authenc aead functions */ |
1953 | |
1954 | static int atmel_aes_authenc_start(struct atmel_aes_dev *dd); |
1955 | static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err, |
1956 | bool is_async); |
1957 | static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err, |
1958 | bool is_async); |
1959 | static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd); |
1960 | static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err, |
1961 | bool is_async); |
1962 | |
1963 | static void atmel_aes_authenc_complete(struct atmel_aes_dev *dd, int err) |
1964 | { |
1965 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1966 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
1967 | |
1968 | if (err && (dd->flags & AES_FLAGS_OWN_SHA)) |
1969 | atmel_sha_authenc_abort(req: &rctx->auth_req); |
1970 | dd->flags &= ~AES_FLAGS_OWN_SHA; |
1971 | } |
1972 | |
1973 | static int atmel_aes_authenc_start(struct atmel_aes_dev *dd) |
1974 | { |
1975 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1976 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
1977 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
1978 | struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); |
1979 | int err; |
1980 | |
1981 | atmel_aes_set_mode(dd, rctx: &rctx->base); |
1982 | |
1983 | err = atmel_aes_hw_init(dd); |
1984 | if (err) |
1985 | return atmel_aes_complete(dd, err); |
1986 | |
1987 | return atmel_sha_authenc_schedule(req: &rctx->auth_req, auth: ctx->auth, |
1988 | cb: atmel_aes_authenc_init, dd); |
1989 | } |
1990 | |
1991 | static int atmel_aes_authenc_init(struct atmel_aes_dev *dd, int err, |
1992 | bool is_async) |
1993 | { |
1994 | struct aead_request *req = aead_request_cast(req: dd->areq); |
1995 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
1996 | |
1997 | if (is_async) |
1998 | dd->is_async = true; |
1999 | if (err) |
2000 | return atmel_aes_complete(dd, err); |
2001 | |
2002 | /* If here, we've got the ownership of the SHA device. */ |
2003 | dd->flags |= AES_FLAGS_OWN_SHA; |
2004 | |
2005 | /* Configure the SHA device. */ |
2006 | return atmel_sha_authenc_init(req: &rctx->auth_req, |
2007 | assoc: req->src, assoclen: req->assoclen, |
2008 | textlen: rctx->textlen, |
2009 | cb: atmel_aes_authenc_transfer, dd); |
2010 | } |
2011 | |
2012 | static int atmel_aes_authenc_transfer(struct atmel_aes_dev *dd, int err, |
2013 | bool is_async) |
2014 | { |
2015 | struct aead_request *req = aead_request_cast(req: dd->areq); |
2016 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
2017 | bool enc = atmel_aes_is_encrypt(dd); |
2018 | struct scatterlist *src, *dst; |
2019 | __be32 iv[AES_BLOCK_SIZE / sizeof(u32)]; |
2020 | u32 emr; |
2021 | |
2022 | if (is_async) |
2023 | dd->is_async = true; |
2024 | if (err) |
2025 | return atmel_aes_complete(dd, err); |
2026 | |
2027 | /* Prepare src and dst scatter-lists to transfer cipher/plain texts. */ |
2028 | src = scatterwalk_ffwd(dst: rctx->src, src: req->src, len: req->assoclen); |
2029 | dst = src; |
2030 | |
2031 | if (req->src != req->dst) |
2032 | dst = scatterwalk_ffwd(dst: rctx->dst, src: req->dst, len: req->assoclen); |
2033 | |
2034 | /* Configure the AES device. */ |
2035 | memcpy(iv, req->iv, sizeof(iv)); |
2036 | |
2037 | /* |
2038 | * Here we always set the 2nd parameter of atmel_aes_write_ctrl() to |
2039 | * 'true' even if the data transfer is actually performed by the CPU (so |
2040 | * not by the DMA) because we must force the AES_MR_SMOD bitfield to the |
2041 | * value AES_MR_SMOD_IDATAR0. Indeed, both AES_MR_SMOD and SHA_MR_SMOD |
2042 | * must be set to *_MR_SMOD_IDATAR0. |
2043 | */ |
2044 | atmel_aes_write_ctrl(dd, use_dma: true, iv); |
2045 | emr = AES_EMR_PLIPEN; |
2046 | if (!enc) |
2047 | emr |= AES_EMR_PLIPD; |
2048 | atmel_aes_write(dd, AES_EMR, value: emr); |
2049 | |
2050 | /* Transfer data. */ |
2051 | return atmel_aes_dma_start(dd, src, dst, len: rctx->textlen, |
2052 | resume: atmel_aes_authenc_digest); |
2053 | } |
2054 | |
2055 | static int atmel_aes_authenc_digest(struct atmel_aes_dev *dd) |
2056 | { |
2057 | struct aead_request *req = aead_request_cast(req: dd->areq); |
2058 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
2059 | |
2060 | /* atmel_sha_authenc_final() releases the SHA device. */ |
2061 | dd->flags &= ~AES_FLAGS_OWN_SHA; |
2062 | return atmel_sha_authenc_final(req: &rctx->auth_req, |
2063 | digest: rctx->digest, digestlen: sizeof(rctx->digest), |
2064 | cb: atmel_aes_authenc_final, dd); |
2065 | } |
2066 | |
2067 | static int atmel_aes_authenc_final(struct atmel_aes_dev *dd, int err, |
2068 | bool is_async) |
2069 | { |
2070 | struct aead_request *req = aead_request_cast(req: dd->areq); |
2071 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
2072 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
2073 | bool enc = atmel_aes_is_encrypt(dd); |
2074 | u32 idigest[SHA512_DIGEST_SIZE / sizeof(u32)], *odigest = rctx->digest; |
2075 | u32 offs, authsize; |
2076 | |
2077 | if (is_async) |
2078 | dd->is_async = true; |
2079 | if (err) |
2080 | goto complete; |
2081 | |
2082 | offs = req->assoclen + rctx->textlen; |
2083 | authsize = crypto_aead_authsize(tfm); |
2084 | if (enc) { |
2085 | scatterwalk_map_and_copy(buf: odigest, sg: req->dst, start: offs, nbytes: authsize, out: 1); |
2086 | } else { |
2087 | scatterwalk_map_and_copy(buf: idigest, sg: req->src, start: offs, nbytes: authsize, out: 0); |
2088 | if (crypto_memneq(a: idigest, b: odigest, size: authsize)) |
2089 | err = -EBADMSG; |
2090 | } |
2091 | |
2092 | complete: |
2093 | return atmel_aes_complete(dd, err); |
2094 | } |
2095 | |
2096 | static int atmel_aes_authenc_setkey(struct crypto_aead *tfm, const u8 *key, |
2097 | unsigned int keylen) |
2098 | { |
2099 | struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); |
2100 | struct crypto_authenc_keys keys; |
2101 | int err; |
2102 | |
2103 | if (crypto_authenc_extractkeys(keys: &keys, key, keylen) != 0) |
2104 | goto badkey; |
2105 | |
2106 | if (keys.enckeylen > sizeof(ctx->base.key)) |
2107 | goto badkey; |
2108 | |
2109 | /* Save auth key. */ |
2110 | err = atmel_sha_authenc_setkey(auth: ctx->auth, |
2111 | key: keys.authkey, keylen: keys.authkeylen, |
2112 | flags: crypto_aead_get_flags(tfm)); |
2113 | if (err) { |
2114 | memzero_explicit(s: &keys, count: sizeof(keys)); |
2115 | return err; |
2116 | } |
2117 | |
2118 | /* Save enc key. */ |
2119 | ctx->base.keylen = keys.enckeylen; |
2120 | memcpy(ctx->base.key, keys.enckey, keys.enckeylen); |
2121 | |
2122 | memzero_explicit(s: &keys, count: sizeof(keys)); |
2123 | return 0; |
2124 | |
2125 | badkey: |
2126 | memzero_explicit(s: &keys, count: sizeof(keys)); |
2127 | return -EINVAL; |
2128 | } |
2129 | |
2130 | static int atmel_aes_authenc_init_tfm(struct crypto_aead *tfm, |
2131 | unsigned long auth_mode) |
2132 | { |
2133 | struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); |
2134 | unsigned int auth_reqsize = atmel_sha_authenc_get_reqsize(); |
2135 | struct atmel_aes_dev *dd; |
2136 | |
2137 | dd = atmel_aes_dev_alloc(ctx: &ctx->base); |
2138 | if (!dd) |
2139 | return -ENODEV; |
2140 | |
2141 | ctx->auth = atmel_sha_authenc_spawn(mode: auth_mode); |
2142 | if (IS_ERR(ptr: ctx->auth)) |
2143 | return PTR_ERR(ptr: ctx->auth); |
2144 | |
2145 | crypto_aead_set_reqsize(aead: tfm, reqsize: (sizeof(struct atmel_aes_authenc_reqctx) + |
2146 | auth_reqsize)); |
2147 | ctx->base.dd = dd; |
2148 | ctx->base.start = atmel_aes_authenc_start; |
2149 | |
2150 | return 0; |
2151 | } |
2152 | |
2153 | static int atmel_aes_authenc_hmac_sha1_init_tfm(struct crypto_aead *tfm) |
2154 | { |
2155 | return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA1); |
2156 | } |
2157 | |
2158 | static int atmel_aes_authenc_hmac_sha224_init_tfm(struct crypto_aead *tfm) |
2159 | { |
2160 | return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA224); |
2161 | } |
2162 | |
2163 | static int atmel_aes_authenc_hmac_sha256_init_tfm(struct crypto_aead *tfm) |
2164 | { |
2165 | return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA256); |
2166 | } |
2167 | |
2168 | static int atmel_aes_authenc_hmac_sha384_init_tfm(struct crypto_aead *tfm) |
2169 | { |
2170 | return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA384); |
2171 | } |
2172 | |
2173 | static int atmel_aes_authenc_hmac_sha512_init_tfm(struct crypto_aead *tfm) |
2174 | { |
2175 | return atmel_aes_authenc_init_tfm(tfm, SHA_FLAGS_HMAC_SHA512); |
2176 | } |
2177 | |
2178 | static void atmel_aes_authenc_exit_tfm(struct crypto_aead *tfm) |
2179 | { |
2180 | struct atmel_aes_authenc_ctx *ctx = crypto_aead_ctx(tfm); |
2181 | |
2182 | atmel_sha_authenc_free(auth: ctx->auth); |
2183 | } |
2184 | |
2185 | static int atmel_aes_authenc_crypt(struct aead_request *req, |
2186 | unsigned long mode) |
2187 | { |
2188 | struct atmel_aes_authenc_reqctx *rctx = aead_request_ctx(req); |
2189 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
2190 | struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm); |
2191 | u32 authsize = crypto_aead_authsize(tfm); |
2192 | bool enc = (mode & AES_FLAGS_ENCRYPT); |
2193 | |
2194 | /* Compute text length. */ |
2195 | if (!enc && req->cryptlen < authsize) |
2196 | return -EINVAL; |
2197 | rctx->textlen = req->cryptlen - (enc ? 0 : authsize); |
2198 | |
2199 | /* |
2200 | * Currently, empty messages are not supported yet: |
2201 | * the SHA auto-padding can be used only on non-empty messages. |
2202 | * Hence a special case needs to be implemented for empty message. |
2203 | */ |
2204 | if (!rctx->textlen && !req->assoclen) |
2205 | return -EINVAL; |
2206 | |
2207 | rctx->base.mode = mode; |
2208 | ctx->block_size = AES_BLOCK_SIZE; |
2209 | ctx->is_aead = true; |
2210 | |
2211 | return atmel_aes_handle_queue(dd: ctx->dd, new_areq: &req->base); |
2212 | } |
2213 | |
2214 | static int atmel_aes_authenc_cbc_aes_encrypt(struct aead_request *req) |
2215 | { |
2216 | return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT); |
2217 | } |
2218 | |
2219 | static int atmel_aes_authenc_cbc_aes_decrypt(struct aead_request *req) |
2220 | { |
2221 | return atmel_aes_authenc_crypt(req, AES_FLAGS_CBC); |
2222 | } |
2223 | |
2224 | static struct aead_alg aes_authenc_algs[] = { |
2225 | { |
2226 | .setkey = atmel_aes_authenc_setkey, |
2227 | .encrypt = atmel_aes_authenc_cbc_aes_encrypt, |
2228 | .decrypt = atmel_aes_authenc_cbc_aes_decrypt, |
2229 | .init = atmel_aes_authenc_hmac_sha1_init_tfm, |
2230 | .exit = atmel_aes_authenc_exit_tfm, |
2231 | .ivsize = AES_BLOCK_SIZE, |
2232 | .maxauthsize = SHA1_DIGEST_SIZE, |
2233 | |
2234 | .base = { |
2235 | .cra_name = "authenc(hmac(sha1),cbc(aes))" , |
2236 | .cra_driver_name = "atmel-authenc-hmac-sha1-cbc-aes" , |
2237 | .cra_blocksize = AES_BLOCK_SIZE, |
2238 | .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), |
2239 | }, |
2240 | }, |
2241 | { |
2242 | .setkey = atmel_aes_authenc_setkey, |
2243 | .encrypt = atmel_aes_authenc_cbc_aes_encrypt, |
2244 | .decrypt = atmel_aes_authenc_cbc_aes_decrypt, |
2245 | .init = atmel_aes_authenc_hmac_sha224_init_tfm, |
2246 | .exit = atmel_aes_authenc_exit_tfm, |
2247 | .ivsize = AES_BLOCK_SIZE, |
2248 | .maxauthsize = SHA224_DIGEST_SIZE, |
2249 | |
2250 | .base = { |
2251 | .cra_name = "authenc(hmac(sha224),cbc(aes))" , |
2252 | .cra_driver_name = "atmel-authenc-hmac-sha224-cbc-aes" , |
2253 | .cra_blocksize = AES_BLOCK_SIZE, |
2254 | .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), |
2255 | }, |
2256 | }, |
2257 | { |
2258 | .setkey = atmel_aes_authenc_setkey, |
2259 | .encrypt = atmel_aes_authenc_cbc_aes_encrypt, |
2260 | .decrypt = atmel_aes_authenc_cbc_aes_decrypt, |
2261 | .init = atmel_aes_authenc_hmac_sha256_init_tfm, |
2262 | .exit = atmel_aes_authenc_exit_tfm, |
2263 | .ivsize = AES_BLOCK_SIZE, |
2264 | .maxauthsize = SHA256_DIGEST_SIZE, |
2265 | |
2266 | .base = { |
2267 | .cra_name = "authenc(hmac(sha256),cbc(aes))" , |
2268 | .cra_driver_name = "atmel-authenc-hmac-sha256-cbc-aes" , |
2269 | .cra_blocksize = AES_BLOCK_SIZE, |
2270 | .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), |
2271 | }, |
2272 | }, |
2273 | { |
2274 | .setkey = atmel_aes_authenc_setkey, |
2275 | .encrypt = atmel_aes_authenc_cbc_aes_encrypt, |
2276 | .decrypt = atmel_aes_authenc_cbc_aes_decrypt, |
2277 | .init = atmel_aes_authenc_hmac_sha384_init_tfm, |
2278 | .exit = atmel_aes_authenc_exit_tfm, |
2279 | .ivsize = AES_BLOCK_SIZE, |
2280 | .maxauthsize = SHA384_DIGEST_SIZE, |
2281 | |
2282 | .base = { |
2283 | .cra_name = "authenc(hmac(sha384),cbc(aes))" , |
2284 | .cra_driver_name = "atmel-authenc-hmac-sha384-cbc-aes" , |
2285 | .cra_blocksize = AES_BLOCK_SIZE, |
2286 | .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), |
2287 | }, |
2288 | }, |
2289 | { |
2290 | .setkey = atmel_aes_authenc_setkey, |
2291 | .encrypt = atmel_aes_authenc_cbc_aes_encrypt, |
2292 | .decrypt = atmel_aes_authenc_cbc_aes_decrypt, |
2293 | .init = atmel_aes_authenc_hmac_sha512_init_tfm, |
2294 | .exit = atmel_aes_authenc_exit_tfm, |
2295 | .ivsize = AES_BLOCK_SIZE, |
2296 | .maxauthsize = SHA512_DIGEST_SIZE, |
2297 | |
2298 | .base = { |
2299 | .cra_name = "authenc(hmac(sha512),cbc(aes))" , |
2300 | .cra_driver_name = "atmel-authenc-hmac-sha512-cbc-aes" , |
2301 | .cra_blocksize = AES_BLOCK_SIZE, |
2302 | .cra_ctxsize = sizeof(struct atmel_aes_authenc_ctx), |
2303 | }, |
2304 | }, |
2305 | }; |
2306 | #endif /* CONFIG_CRYPTO_DEV_ATMEL_AUTHENC */ |
2307 | |
2308 | /* Probe functions */ |
2309 | |
2310 | static int atmel_aes_buff_init(struct atmel_aes_dev *dd) |
2311 | { |
2312 | dd->buf = (void *)__get_free_pages(GFP_KERNEL, ATMEL_AES_BUFFER_ORDER); |
2313 | dd->buflen = ATMEL_AES_BUFFER_SIZE; |
2314 | dd->buflen &= ~(AES_BLOCK_SIZE - 1); |
2315 | |
2316 | if (!dd->buf) { |
2317 | dev_err(dd->dev, "unable to alloc pages.\n" ); |
2318 | return -ENOMEM; |
2319 | } |
2320 | |
2321 | return 0; |
2322 | } |
2323 | |
2324 | static void atmel_aes_buff_cleanup(struct atmel_aes_dev *dd) |
2325 | { |
2326 | free_page((unsigned long)dd->buf); |
2327 | } |
2328 | |
2329 | static int atmel_aes_dma_init(struct atmel_aes_dev *dd) |
2330 | { |
2331 | int ret; |
2332 | |
2333 | /* Try to grab 2 DMA channels */ |
2334 | dd->src.chan = dma_request_chan(dev: dd->dev, name: "tx" ); |
2335 | if (IS_ERR(ptr: dd->src.chan)) { |
2336 | ret = PTR_ERR(ptr: dd->src.chan); |
2337 | goto err_dma_in; |
2338 | } |
2339 | |
2340 | dd->dst.chan = dma_request_chan(dev: dd->dev, name: "rx" ); |
2341 | if (IS_ERR(ptr: dd->dst.chan)) { |
2342 | ret = PTR_ERR(ptr: dd->dst.chan); |
2343 | goto err_dma_out; |
2344 | } |
2345 | |
2346 | return 0; |
2347 | |
2348 | err_dma_out: |
2349 | dma_release_channel(chan: dd->src.chan); |
2350 | err_dma_in: |
2351 | dev_err(dd->dev, "no DMA channel available\n" ); |
2352 | return ret; |
2353 | } |
2354 | |
2355 | static void atmel_aes_dma_cleanup(struct atmel_aes_dev *dd) |
2356 | { |
2357 | dma_release_channel(chan: dd->dst.chan); |
2358 | dma_release_channel(chan: dd->src.chan); |
2359 | } |
2360 | |
2361 | static void atmel_aes_queue_task(unsigned long data) |
2362 | { |
2363 | struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data; |
2364 | |
2365 | atmel_aes_handle_queue(dd, NULL); |
2366 | } |
2367 | |
2368 | static void atmel_aes_done_task(unsigned long data) |
2369 | { |
2370 | struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data; |
2371 | |
2372 | dd->is_async = true; |
2373 | (void)dd->resume(dd); |
2374 | } |
2375 | |
2376 | static irqreturn_t atmel_aes_irq(int irq, void *dev_id) |
2377 | { |
2378 | struct atmel_aes_dev *aes_dd = dev_id; |
2379 | u32 reg; |
2380 | |
2381 | reg = atmel_aes_read(dd: aes_dd, AES_ISR); |
2382 | if (reg & atmel_aes_read(dd: aes_dd, AES_IMR)) { |
2383 | atmel_aes_write(dd: aes_dd, AES_IDR, value: reg); |
2384 | if (AES_FLAGS_BUSY & aes_dd->flags) |
2385 | tasklet_schedule(t: &aes_dd->done_task); |
2386 | else |
2387 | dev_warn(aes_dd->dev, "AES interrupt when no active requests.\n" ); |
2388 | return IRQ_HANDLED; |
2389 | } |
2390 | |
2391 | return IRQ_NONE; |
2392 | } |
2393 | |
2394 | static void atmel_aes_unregister_algs(struct atmel_aes_dev *dd) |
2395 | { |
2396 | int i; |
2397 | |
2398 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
2399 | if (dd->caps.has_authenc) |
2400 | for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++) |
2401 | crypto_unregister_aead(alg: &aes_authenc_algs[i]); |
2402 | #endif |
2403 | |
2404 | if (dd->caps.has_xts) |
2405 | crypto_unregister_skcipher(alg: &aes_xts_alg); |
2406 | |
2407 | if (dd->caps.has_gcm) |
2408 | crypto_unregister_aead(alg: &aes_gcm_alg); |
2409 | |
2410 | if (dd->caps.has_cfb64) |
2411 | crypto_unregister_skcipher(alg: &aes_cfb64_alg); |
2412 | |
2413 | for (i = 0; i < ARRAY_SIZE(aes_algs); i++) |
2414 | crypto_unregister_skcipher(alg: &aes_algs[i]); |
2415 | } |
2416 | |
2417 | static void atmel_aes_crypto_alg_init(struct crypto_alg *alg) |
2418 | { |
2419 | alg->cra_flags |= CRYPTO_ALG_ASYNC; |
2420 | alg->cra_alignmask = 0xf; |
2421 | alg->cra_priority = ATMEL_AES_PRIORITY; |
2422 | alg->cra_module = THIS_MODULE; |
2423 | } |
2424 | |
2425 | static int atmel_aes_register_algs(struct atmel_aes_dev *dd) |
2426 | { |
2427 | int err, i, j; |
2428 | |
2429 | for (i = 0; i < ARRAY_SIZE(aes_algs); i++) { |
2430 | atmel_aes_crypto_alg_init(alg: &aes_algs[i].base); |
2431 | |
2432 | err = crypto_register_skcipher(alg: &aes_algs[i]); |
2433 | if (err) |
2434 | goto err_aes_algs; |
2435 | } |
2436 | |
2437 | if (dd->caps.has_cfb64) { |
2438 | atmel_aes_crypto_alg_init(alg: &aes_cfb64_alg.base); |
2439 | |
2440 | err = crypto_register_skcipher(alg: &aes_cfb64_alg); |
2441 | if (err) |
2442 | goto err_aes_cfb64_alg; |
2443 | } |
2444 | |
2445 | if (dd->caps.has_gcm) { |
2446 | atmel_aes_crypto_alg_init(alg: &aes_gcm_alg.base); |
2447 | |
2448 | err = crypto_register_aead(alg: &aes_gcm_alg); |
2449 | if (err) |
2450 | goto err_aes_gcm_alg; |
2451 | } |
2452 | |
2453 | if (dd->caps.has_xts) { |
2454 | atmel_aes_crypto_alg_init(alg: &aes_xts_alg.base); |
2455 | |
2456 | err = crypto_register_skcipher(alg: &aes_xts_alg); |
2457 | if (err) |
2458 | goto err_aes_xts_alg; |
2459 | } |
2460 | |
2461 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
2462 | if (dd->caps.has_authenc) { |
2463 | for (i = 0; i < ARRAY_SIZE(aes_authenc_algs); i++) { |
2464 | atmel_aes_crypto_alg_init(alg: &aes_authenc_algs[i].base); |
2465 | |
2466 | err = crypto_register_aead(alg: &aes_authenc_algs[i]); |
2467 | if (err) |
2468 | goto err_aes_authenc_alg; |
2469 | } |
2470 | } |
2471 | #endif |
2472 | |
2473 | return 0; |
2474 | |
2475 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
2476 | /* i = ARRAY_SIZE(aes_authenc_algs); */ |
2477 | err_aes_authenc_alg: |
2478 | for (j = 0; j < i; j++) |
2479 | crypto_unregister_aead(alg: &aes_authenc_algs[j]); |
2480 | crypto_unregister_skcipher(alg: &aes_xts_alg); |
2481 | #endif |
2482 | err_aes_xts_alg: |
2483 | crypto_unregister_aead(alg: &aes_gcm_alg); |
2484 | err_aes_gcm_alg: |
2485 | crypto_unregister_skcipher(alg: &aes_cfb64_alg); |
2486 | err_aes_cfb64_alg: |
2487 | i = ARRAY_SIZE(aes_algs); |
2488 | err_aes_algs: |
2489 | for (j = 0; j < i; j++) |
2490 | crypto_unregister_skcipher(alg: &aes_algs[j]); |
2491 | |
2492 | return err; |
2493 | } |
2494 | |
2495 | static void atmel_aes_get_cap(struct atmel_aes_dev *dd) |
2496 | { |
2497 | dd->caps.has_dualbuff = 0; |
2498 | dd->caps.has_cfb64 = 0; |
2499 | dd->caps.has_gcm = 0; |
2500 | dd->caps.has_xts = 0; |
2501 | dd->caps.has_authenc = 0; |
2502 | dd->caps.max_burst_size = 1; |
2503 | |
2504 | /* keep only major version number */ |
2505 | switch (dd->hw_version & 0xff0) { |
2506 | case 0x700: |
2507 | case 0x600: |
2508 | case 0x500: |
2509 | dd->caps.has_dualbuff = 1; |
2510 | dd->caps.has_cfb64 = 1; |
2511 | dd->caps.has_gcm = 1; |
2512 | dd->caps.has_xts = 1; |
2513 | dd->caps.has_authenc = 1; |
2514 | dd->caps.max_burst_size = 4; |
2515 | break; |
2516 | case 0x200: |
2517 | dd->caps.has_dualbuff = 1; |
2518 | dd->caps.has_cfb64 = 1; |
2519 | dd->caps.has_gcm = 1; |
2520 | dd->caps.max_burst_size = 4; |
2521 | break; |
2522 | case 0x130: |
2523 | dd->caps.has_dualbuff = 1; |
2524 | dd->caps.has_cfb64 = 1; |
2525 | dd->caps.max_burst_size = 4; |
2526 | break; |
2527 | case 0x120: |
2528 | break; |
2529 | default: |
2530 | dev_warn(dd->dev, |
2531 | "Unmanaged aes version, set minimum capabilities\n" ); |
2532 | break; |
2533 | } |
2534 | } |
2535 | |
2536 | static const struct of_device_id atmel_aes_dt_ids[] = { |
2537 | { .compatible = "atmel,at91sam9g46-aes" }, |
2538 | { /* sentinel */ } |
2539 | }; |
2540 | MODULE_DEVICE_TABLE(of, atmel_aes_dt_ids); |
2541 | |
2542 | static int atmel_aes_probe(struct platform_device *pdev) |
2543 | { |
2544 | struct atmel_aes_dev *aes_dd; |
2545 | struct device *dev = &pdev->dev; |
2546 | struct resource *aes_res; |
2547 | int err; |
2548 | |
2549 | aes_dd = devm_kzalloc(dev: &pdev->dev, size: sizeof(*aes_dd), GFP_KERNEL); |
2550 | if (!aes_dd) |
2551 | return -ENOMEM; |
2552 | |
2553 | aes_dd->dev = dev; |
2554 | |
2555 | platform_set_drvdata(pdev, data: aes_dd); |
2556 | |
2557 | INIT_LIST_HEAD(list: &aes_dd->list); |
2558 | spin_lock_init(&aes_dd->lock); |
2559 | |
2560 | tasklet_init(t: &aes_dd->done_task, func: atmel_aes_done_task, |
2561 | data: (unsigned long)aes_dd); |
2562 | tasklet_init(t: &aes_dd->queue_task, func: atmel_aes_queue_task, |
2563 | data: (unsigned long)aes_dd); |
2564 | |
2565 | crypto_init_queue(queue: &aes_dd->queue, ATMEL_AES_QUEUE_LENGTH); |
2566 | |
2567 | aes_dd->io_base = devm_platform_get_and_ioremap_resource(pdev, index: 0, res: &aes_res); |
2568 | if (IS_ERR(ptr: aes_dd->io_base)) { |
2569 | err = PTR_ERR(ptr: aes_dd->io_base); |
2570 | goto err_tasklet_kill; |
2571 | } |
2572 | aes_dd->phys_base = aes_res->start; |
2573 | |
2574 | /* Get the IRQ */ |
2575 | aes_dd->irq = platform_get_irq(pdev, 0); |
2576 | if (aes_dd->irq < 0) { |
2577 | err = aes_dd->irq; |
2578 | goto err_tasklet_kill; |
2579 | } |
2580 | |
2581 | err = devm_request_irq(dev: &pdev->dev, irq: aes_dd->irq, handler: atmel_aes_irq, |
2582 | IRQF_SHARED, devname: "atmel-aes" , dev_id: aes_dd); |
2583 | if (err) { |
2584 | dev_err(dev, "unable to request aes irq.\n" ); |
2585 | goto err_tasklet_kill; |
2586 | } |
2587 | |
2588 | /* Initializing the clock */ |
2589 | aes_dd->iclk = devm_clk_get(dev: &pdev->dev, id: "aes_clk" ); |
2590 | if (IS_ERR(ptr: aes_dd->iclk)) { |
2591 | dev_err(dev, "clock initialization failed.\n" ); |
2592 | err = PTR_ERR(ptr: aes_dd->iclk); |
2593 | goto err_tasklet_kill; |
2594 | } |
2595 | |
2596 | err = clk_prepare(clk: aes_dd->iclk); |
2597 | if (err) |
2598 | goto err_tasklet_kill; |
2599 | |
2600 | err = atmel_aes_hw_version_init(dd: aes_dd); |
2601 | if (err) |
2602 | goto err_iclk_unprepare; |
2603 | |
2604 | atmel_aes_get_cap(dd: aes_dd); |
2605 | |
2606 | #if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC) |
2607 | if (aes_dd->caps.has_authenc && !atmel_sha_authenc_is_ready()) { |
2608 | err = -EPROBE_DEFER; |
2609 | goto err_iclk_unprepare; |
2610 | } |
2611 | #endif |
2612 | |
2613 | err = atmel_aes_buff_init(dd: aes_dd); |
2614 | if (err) |
2615 | goto err_iclk_unprepare; |
2616 | |
2617 | err = atmel_aes_dma_init(dd: aes_dd); |
2618 | if (err) |
2619 | goto err_buff_cleanup; |
2620 | |
2621 | spin_lock(lock: &atmel_aes.lock); |
2622 | list_add_tail(new: &aes_dd->list, head: &atmel_aes.dev_list); |
2623 | spin_unlock(lock: &atmel_aes.lock); |
2624 | |
2625 | err = atmel_aes_register_algs(dd: aes_dd); |
2626 | if (err) |
2627 | goto err_algs; |
2628 | |
2629 | dev_info(dev, "Atmel AES - Using %s, %s for DMA transfers\n" , |
2630 | dma_chan_name(aes_dd->src.chan), |
2631 | dma_chan_name(aes_dd->dst.chan)); |
2632 | |
2633 | return 0; |
2634 | |
2635 | err_algs: |
2636 | spin_lock(lock: &atmel_aes.lock); |
2637 | list_del(entry: &aes_dd->list); |
2638 | spin_unlock(lock: &atmel_aes.lock); |
2639 | atmel_aes_dma_cleanup(dd: aes_dd); |
2640 | err_buff_cleanup: |
2641 | atmel_aes_buff_cleanup(dd: aes_dd); |
2642 | err_iclk_unprepare: |
2643 | clk_unprepare(clk: aes_dd->iclk); |
2644 | err_tasklet_kill: |
2645 | tasklet_kill(t: &aes_dd->done_task); |
2646 | tasklet_kill(t: &aes_dd->queue_task); |
2647 | |
2648 | return err; |
2649 | } |
2650 | |
2651 | static void atmel_aes_remove(struct platform_device *pdev) |
2652 | { |
2653 | struct atmel_aes_dev *aes_dd; |
2654 | |
2655 | aes_dd = platform_get_drvdata(pdev); |
2656 | |
2657 | spin_lock(lock: &atmel_aes.lock); |
2658 | list_del(entry: &aes_dd->list); |
2659 | spin_unlock(lock: &atmel_aes.lock); |
2660 | |
2661 | atmel_aes_unregister_algs(dd: aes_dd); |
2662 | |
2663 | tasklet_kill(t: &aes_dd->done_task); |
2664 | tasklet_kill(t: &aes_dd->queue_task); |
2665 | |
2666 | atmel_aes_dma_cleanup(dd: aes_dd); |
2667 | atmel_aes_buff_cleanup(dd: aes_dd); |
2668 | |
2669 | clk_unprepare(clk: aes_dd->iclk); |
2670 | } |
2671 | |
2672 | static struct platform_driver atmel_aes_driver = { |
2673 | .probe = atmel_aes_probe, |
2674 | .remove_new = atmel_aes_remove, |
2675 | .driver = { |
2676 | .name = "atmel_aes" , |
2677 | .of_match_table = atmel_aes_dt_ids, |
2678 | }, |
2679 | }; |
2680 | |
2681 | module_platform_driver(atmel_aes_driver); |
2682 | |
2683 | MODULE_DESCRIPTION("Atmel AES hw acceleration support." ); |
2684 | MODULE_LICENSE("GPL v2" ); |
2685 | MODULE_AUTHOR("Nicolas Royer - Eukréa Electromatique" ); |
2686 | |