projects / mirror_ubuntu-jammy-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 64d85cc9 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
| a00bd6e6 KY |
2 | /** |
| 3 | * AES CCM routines supporting the Power 7+ Nest Accelerators driver | |
| 4 | * | |
| 5 | * Copyright (C) 2012 International Business Machines Inc. | |
| 6 | * | |
| a00bd6e6 KY |
7 | * Author: Kent Yoder <yoder1@us.ibm.com> |
| 8 | */ | |
| 9 | ||
| 10 | #include <crypto/internal/aead.h> | |
| 11 | #include <crypto/aes.h> | |
| 12 | #include <crypto/algapi.h> | |
| 13 | #include <crypto/scatterwalk.h> | |
| 14 | #include <linux/module.h> | |
| 15 | #include <linux/types.h> | |
| 16 | #include <linux/crypto.h> | |
| 17 | #include <asm/vio.h> | |
| 18 | ||
| 19 | #include "nx_csbcpb.h" | |
| 20 | #include "nx.h" | |
| 21 | ||
| 22 | ||
| 23 | static int ccm_aes_nx_set_key(struct crypto_aead *tfm, | |
| 24 | const u8 *in_key, | |
| 25 | unsigned int key_len) | |
| 26 | { | |
| 27 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base); | |
| 28 | struct nx_csbcpb *csbcpb = nx_ctx->csbcpb; | |
| 29 | struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead; | |
| 30 | ||
| 31 | nx_ctx_init(nx_ctx, HCOP_FC_AES); | |
| 32 | ||
| 33 | switch (key_len) { | |
| 34 | case AES_KEYSIZE_128: | |
| 35 | NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_128); | |
| 36 | NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_128); | |
| 37 | nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_128]; | |
| 38 | break; | |
| 39 | default: | |
| 40 | return -EINVAL; | |
| 41 | } | |
| 42 | ||
| 43 | csbcpb->cpb.hdr.mode = NX_MODE_AES_CCM; | |
| 44 | memcpy(csbcpb->cpb.aes_ccm.key, in_key, key_len); | |
| 45 | ||
| 46 | csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_CCA; | |
| 47 | memcpy(csbcpb_aead->cpb.aes_cca.key, in_key, key_len); | |
| 48 | ||
| 49 | return 0; | |
| 50 | ||
| 51 | } | |
| 52 | ||
| 53 | static int ccm4309_aes_nx_set_key(struct crypto_aead *tfm, | |
| 54 | const u8 *in_key, | |
| 55 | unsigned int key_len) | |
| 56 | { | |
| 57 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base); | |
| 58 | ||
| 59 | if (key_len < 3) | |
| 60 | return -EINVAL; | |
| 61 | ||
| 62 | key_len -= 3; | |
| 63 | ||
| 64 | memcpy(nx_ctx->priv.ccm.nonce, in_key + key_len, 3); | |
| 65 | ||
| 66 | return ccm_aes_nx_set_key(tfm, in_key, key_len); | |
| 67 | } | |
| 68 | ||
| 69 | static int ccm_aes_nx_setauthsize(struct crypto_aead *tfm, | |
| 70 | unsigned int authsize) | |
| 71 | { | |
| 72 | switch (authsize) { | |
| 73 | case 4: | |
| 74 | case 6: | |
| 75 | case 8: | |
| 76 | case 10: | |
| 77 | case 12: | |
| 78 | case 14: | |
| 79 | case 16: | |
| 80 | break; | |
| 81 | default: | |
| 82 | return -EINVAL; | |
| 83 | } | |
| 84 | ||
| a00bd6e6 KY |
85 | return 0; |
| 86 | } | |
| 87 | ||
| 88 | static int ccm4309_aes_nx_setauthsize(struct crypto_aead *tfm, | |
| 89 | unsigned int authsize) | |
| 90 | { | |
| 91 | switch (authsize) { | |
| 92 | case 8: | |
| 93 | case 12: | |
| 94 | case 16: | |
| 95 | break; | |
| 96 | default: | |
| 97 | return -EINVAL; | |
| 98 | } | |
| 99 | ||
| a00bd6e6 KY |
100 | return 0; |
| 101 | } | |
| 102 | ||
| 103 | /* taken from crypto/ccm.c */ | |
| 104 | static int set_msg_len(u8 *block, unsigned int msglen, int csize) | |
| 105 | { | |
| 106 | __be32 data; | |
| 107 | ||
| 108 | memset(block, 0, csize); | |
| 109 | block += csize; | |
| 110 | ||
| 111 | if (csize >= 4) | |
| 112 | csize = 4; | |
| 113 | else if (msglen > (unsigned int)(1 << (8 * csize))) | |
| 114 | return -EOVERFLOW; | |
| 115 | ||
| 116 | data = cpu_to_be32(msglen); | |
| 117 | memcpy(block - csize, (u8 *)&data + 4 - csize, csize); | |
| 118 | ||
| 119 | return 0; | |
| 120 | } | |
| 121 | ||
| 122 | /* taken from crypto/ccm.c */ | |
| 123 | static inline int crypto_ccm_check_iv(const u8 *iv) | |
| 124 | { | |
| 125 | /* 2 <= L <= 8, so 1 <= L' <= 7. */ | |
| 126 | if (1 > iv[0] || iv[0] > 7) | |
| 127 | return -EINVAL; | |
| 128 | ||
| 129 | return 0; | |
| 130 | } | |
| 131 | ||
| 132 | /* based on code from crypto/ccm.c */ | |
| 133 | static int generate_b0(u8 *iv, unsigned int assoclen, unsigned int authsize, | |
| 134 | unsigned int cryptlen, u8 *b0) | |
| 135 | { | |
| 136 | unsigned int l, lp, m = authsize; | |
| 137 | int rc; | |
| 138 | ||
| 139 | memcpy(b0, iv, 16); | |
| 140 | ||
| 141 | lp = b0[0]; | |
| 142 | l = lp + 1; | |
| 143 | ||
| 144 | /* set m, bits 3-5 */ | |
| 145 | *b0 |= (8 * ((m - 2) / 2)); | |
| 146 | ||
| 147 | /* set adata, bit 6, if associated data is used */ | |
| 148 | if (assoclen) | |
| 149 | *b0 |= 64; | |
| 150 | ||
| 151 | rc = set_msg_len(b0 + 16 - l, cryptlen, l); | |
| 152 | ||
| 153 | return rc; | |
| 154 | } | |
| 155 | ||
| 156 | static int generate_pat(u8 *iv, | |
| 157 | struct aead_request *req, | |
| 158 | struct nx_crypto_ctx *nx_ctx, | |
| 159 | unsigned int authsize, | |
| 160 | unsigned int nbytes, | |
| cc815653 | 161 | unsigned int assoclen, |
| a00bd6e6 KY |
162 | u8 *out) |
| 163 | { | |
| 164 | struct nx_sg *nx_insg = nx_ctx->in_sg; | |
| 165 | struct nx_sg *nx_outsg = nx_ctx->out_sg; | |
| 166 | unsigned int iauth_len = 0; | |
| a00bd6e6 KY |
167 | u8 tmp[16], *b1 = NULL, *b0 = NULL, *result = NULL; |
| 168 | int rc; | |
| 9247f0b0 | 169 | unsigned int max_sg_len; |
| a00bd6e6 KY |
170 | |
| 171 | /* zero the ctr value */ | |
| 172 | memset(iv + 15 - iv[0], 0, iv[0] + 1); | |
| 173 | ||
| 2b188b3b FG |
174 | /* page 78 of nx_wb.pdf has, |
| 175 | * Note: RFC3610 allows the AAD data to be up to 2^64 -1 bytes | |
| 176 | * in length. If a full message is used, the AES CCA implementation | |
| 177 | * restricts the maximum AAD length to 2^32 -1 bytes. | |
| 178 | * If partial messages are used, the implementation supports | |
| 179 | * 2^64 -1 bytes maximum AAD length. | |
| 180 | * | |
| 181 | * However, in the cryptoapi's aead_request structure, | |
| 182 | * assoclen is an unsigned int, thus it cannot hold a length | |
| 183 | * value greater than 2^32 - 1. | |
| 184 | * Thus the AAD is further constrained by this and is never | |
| 185 | * greater than 2^32. | |
| 186 | */ | |
| 187 | ||
| cc815653 | 188 | if (!assoclen) { |
| a00bd6e6 | 189 | b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0; |
| cc815653 | 190 | } else if (assoclen <= 14) { |
| a00bd6e6 KY |
191 | /* if associated data is 14 bytes or less, we do 1 GCM |
| 192 | * operation on 2 AES blocks, B0 (stored in the csbcpb) and B1, | |
| 193 | * which is fed in through the source buffers here */ | |
| 194 | b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0; | |
| 195 | b1 = nx_ctx->priv.ccm.iauth_tag; | |
| cc815653 HX |
196 | iauth_len = assoclen; |
| 197 | } else if (assoclen <= 65280) { | |
| 2b188b3b FG |
198 | /* if associated data is less than (2^16 - 2^8), we construct |
| 199 | * B1 differently and feed in the associated data to a CCA | |
| 200 | * operation */ | |
| 201 | b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0; | |
| 202 | b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1; | |
| 203 | iauth_len = 14; | |
| 204 | } else { | |
| 205 | b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0; | |
| 206 | b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1; | |
| 207 | iauth_len = 10; | |
| 208 | } | |
| 209 | ||
| 210 | /* generate B0 */ | |
| cc815653 | 211 | rc = generate_b0(iv, assoclen, authsize, nbytes, b0); |
| 2b188b3b FG |
212 | if (rc) |
| 213 | return rc; | |
| a00bd6e6 | 214 | |
| 2b188b3b FG |
215 | /* generate B1: |
| 216 | * add control info for associated data | |
| 217 | * RFC 3610 and NIST Special Publication 800-38C | |
| 218 | */ | |
| 219 | if (b1) { | |
| 220 | memset(b1, 0, 16); | |
| cc815653 HX |
221 | if (assoclen <= 65280) { |
| 222 | *(u16 *)b1 = assoclen; | |
| 223 | scatterwalk_map_and_copy(b1 + 2, req->src, 0, | |
| 2b188b3b FG |
224 | iauth_len, SCATTERWALK_FROM_SG); |
| 225 | } else { | |
| 226 | *(u16 *)b1 = (u16)(0xfffe); | |
| cc815653 HX |
227 | *(u32 *)&b1[2] = assoclen; |
| 228 | scatterwalk_map_and_copy(b1 + 6, req->src, 0, | |
| 2b188b3b FG |
229 | iauth_len, SCATTERWALK_FROM_SG); |
| 230 | } | |
| 231 | } | |
| 232 | ||
| 233 | /* now copy any remaining AAD to scatterlist and call nx... */ | |
| cc815653 | 234 | if (!assoclen) { |
| 2b188b3b | 235 | return rc; |
| cc815653 | 236 | } else if (assoclen <= 14) { |
| 9247f0b0 LB |
237 | unsigned int len = 16; |
| 238 | ||
| 239 | nx_insg = nx_build_sg_list(nx_insg, b1, &len, nx_ctx->ap->sglen); | |
| 240 | ||
| 241 | if (len != 16) | |
| 242 | return -EINVAL; | |
| 243 | ||
| 244 | nx_outsg = nx_build_sg_list(nx_outsg, tmp, &len, | |
| a00bd6e6 KY |
245 | nx_ctx->ap->sglen); |
| 246 | ||
| 9247f0b0 LB |
247 | if (len != 16) |
| 248 | return -EINVAL; | |
| 249 | ||
| a00bd6e6 KY |
250 | /* inlen should be negative, indicating to phyp that its a |
| 251 | * pointer to an sg list */ | |
| 252 | nx_ctx->op.inlen = (nx_ctx->in_sg - nx_insg) * | |
| 253 | sizeof(struct nx_sg); | |
| 254 | nx_ctx->op.outlen = (nx_ctx->out_sg - nx_outsg) * | |
| 255 | sizeof(struct nx_sg); | |
| 256 | ||
| 257 | NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_ENDE_ENCRYPT; | |
| 258 | NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_INTERMEDIATE; | |
| 259 | ||
| a00bd6e6 | 260 | result = nx_ctx->csbcpb->cpb.aes_ccm.out_pat_or_mac; |
| a00bd6e6 | 261 | |
| 2b188b3b FG |
262 | rc = nx_hcall_sync(nx_ctx, &nx_ctx->op, |
| 263 | req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 264 | if (rc) | |
| 265 | return rc; | |
| 266 | ||
| 267 | atomic_inc(&(nx_ctx->stats->aes_ops)); | |
| cc815653 | 268 | atomic64_add(assoclen, &nx_ctx->stats->aes_bytes); |
| a00bd6e6 | 269 | |
| a00bd6e6 | 270 | } else { |
| 2b188b3b FG |
271 | unsigned int processed = 0, to_process; |
| 272 | ||
| 2b188b3b FG |
273 | processed += iauth_len; |
| 274 | ||
| 9247f0b0 LB |
275 | /* page_limit: number of sg entries that fit on one page */ |
| 276 | max_sg_len = min_t(u64, nx_ctx->ap->sglen, | |
| 277 | nx_driver.of.max_sg_len/sizeof(struct nx_sg)); | |
| 278 | max_sg_len = min_t(u64, max_sg_len, | |
| 279 | nx_ctx->ap->databytelen/NX_PAGE_SIZE); | |
| 280 | ||
| 2b188b3b | 281 | do { |
| cc815653 | 282 | to_process = min_t(u32, assoclen - processed, |
| 2b188b3b | 283 | nx_ctx->ap->databytelen); |
| 9247f0b0 LB |
284 | |
| 285 | nx_insg = nx_walk_and_build(nx_ctx->in_sg, | |
| 286 | nx_ctx->ap->sglen, | |
| cc815653 | 287 | req->src, processed, |
| 9247f0b0 | 288 | &to_process); |
| 2b188b3b | 289 | |
| cc815653 | 290 | if ((to_process + processed) < assoclen) { |
| 2b188b3b FG |
291 | NX_CPB_FDM(nx_ctx->csbcpb_aead) |= |
| 292 | NX_FDM_INTERMEDIATE; | |
| 293 | } else { | |
| 294 | NX_CPB_FDM(nx_ctx->csbcpb_aead) &= | |
| 295 | ~NX_FDM_INTERMEDIATE; | |
| 296 | } | |
| 297 | ||
| 2b188b3b FG |
298 | |
| 299 | nx_ctx->op_aead.inlen = (nx_ctx->in_sg - nx_insg) * | |
| 300 | sizeof(struct nx_sg); | |
| a00bd6e6 | 301 | |
| 2b188b3b | 302 | result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0; |
| a00bd6e6 | 303 | |
| 2b188b3b FG |
304 | rc = nx_hcall_sync(nx_ctx, &nx_ctx->op_aead, |
| 305 | req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 306 | if (rc) | |
| 307 | return rc; | |
| a00bd6e6 | 308 | |
| 2b188b3b FG |
309 | memcpy(nx_ctx->csbcpb_aead->cpb.aes_cca.b0, |
| 310 | nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0, | |
| 311 | AES_BLOCK_SIZE); | |
| a00bd6e6 | 312 | |
| 2b188b3b | 313 | NX_CPB_FDM(nx_ctx->csbcpb_aead) |= NX_FDM_CONTINUATION; |
| a00bd6e6 | 314 | |
| 2b188b3b | 315 | atomic_inc(&(nx_ctx->stats->aes_ops)); |
| cc815653 | 316 | atomic64_add(assoclen, &nx_ctx->stats->aes_bytes); |
| a00bd6e6 | 317 | |
| 2b188b3b | 318 | processed += to_process; |
| cc815653 | 319 | } while (processed < assoclen); |
| 2b188b3b FG |
320 | |
| 321 | result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0; | |
| a00bd6e6 | 322 | } |
| 2b188b3b FG |
323 | |
| 324 | memcpy(out, result, AES_BLOCK_SIZE); | |
| 325 | ||
| a00bd6e6 KY |
326 | return rc; |
| 327 | } | |
| 328 | ||
| 329 | static int ccm_nx_decrypt(struct aead_request *req, | |
| cc815653 HX |
330 | struct blkcipher_desc *desc, |
| 331 | unsigned int assoclen) | |
| a00bd6e6 KY |
332 | { |
| 333 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm); | |
| 334 | struct nx_csbcpb *csbcpb = nx_ctx->csbcpb; | |
| 335 | unsigned int nbytes = req->cryptlen; | |
| 336 | unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req)); | |
| 337 | struct nx_ccm_priv *priv = &nx_ctx->priv.ccm; | |
| c849163b | 338 | unsigned long irq_flags; |
| 2b188b3b | 339 | unsigned int processed = 0, to_process; |
| a00bd6e6 KY |
340 | int rc = -1; |
| 341 | ||
| c849163b MC |
342 | spin_lock_irqsave(&nx_ctx->lock, irq_flags); |
| 343 | ||
| a00bd6e6 KY |
344 | nbytes -= authsize; |
| 345 | ||
| 346 | /* copy out the auth tag to compare with later */ | |
| 347 | scatterwalk_map_and_copy(priv->oauth_tag, | |
| cc815653 | 348 | req->src, nbytes + req->assoclen, authsize, |
| a00bd6e6 KY |
349 | SCATTERWALK_FROM_SG); |
| 350 | ||
| cc815653 | 351 | rc = generate_pat(desc->info, req, nx_ctx, authsize, nbytes, assoclen, |
| a00bd6e6 KY |
352 | csbcpb->cpb.aes_ccm.in_pat_or_b0); |
| 353 | if (rc) | |
| 354 | goto out; | |
| 355 | ||
| 2b188b3b FG |
356 | do { |
| 357 | ||
| 358 | /* to_process: the AES_BLOCK_SIZE data chunk to process in this | |
| 359 | * update. This value is bound by sg list limits. | |
| 360 | */ | |
| 9247f0b0 | 361 | to_process = nbytes - processed; |
| a00bd6e6 | 362 | |
| 2b188b3b FG |
363 | if ((to_process + processed) < nbytes) |
| 364 | NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE; | |
| 365 | else | |
| 366 | NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE; | |
| a00bd6e6 | 367 | |
| 2b188b3b FG |
368 | NX_CPB_FDM(nx_ctx->csbcpb) &= ~NX_FDM_ENDE_ENCRYPT; |
| 369 | ||
| 370 | rc = nx_build_sg_lists(nx_ctx, desc, req->dst, req->src, | |
| cc815653 HX |
371 | &to_process, processed + req->assoclen, |
| 372 | csbcpb->cpb.aes_ccm.iv_or_ctr); | |
| 2b188b3b FG |
373 | if (rc) |
| 374 | goto out; | |
| 375 | ||
| 376 | rc = nx_hcall_sync(nx_ctx, &nx_ctx->op, | |
| a00bd6e6 | 377 | req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP); |
| 2b188b3b FG |
378 | if (rc) |
| 379 | goto out; | |
| 380 | ||
| 381 | /* for partial completion, copy following for next | |
| 382 | * entry into loop... | |
| 383 | */ | |
| 384 | memcpy(desc->info, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE); | |
| 385 | memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0, | |
| 386 | csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE); | |
| 387 | memcpy(csbcpb->cpb.aes_ccm.in_s0, | |
| 388 | csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE); | |
| 389 | ||
| 390 | NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION; | |
| a00bd6e6 | 391 | |
| 2b188b3b FG |
392 | /* update stats */ |
| 393 | atomic_inc(&(nx_ctx->stats->aes_ops)); | |
| 394 | atomic64_add(csbcpb->csb.processed_byte_count, | |
| 395 | &(nx_ctx->stats->aes_bytes)); | |
| 396 | ||
| 397 | processed += to_process; | |
| 398 | } while (processed < nbytes); | |
| a00bd6e6 | 399 | |
| cb8affb5 | 400 | rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag, |
| a00bd6e6 KY |
401 | authsize) ? -EBADMSG : 0; |
| 402 | out: | |
| c849163b | 403 | spin_unlock_irqrestore(&nx_ctx->lock, irq_flags); |
| a00bd6e6 KY |
404 | return rc; |
| 405 | } | |
| 406 | ||
| 407 | static int ccm_nx_encrypt(struct aead_request *req, | |
| cc815653 HX |
408 | struct blkcipher_desc *desc, |
| 409 | unsigned int assoclen) | |
| a00bd6e6 KY |
410 | { |
| 411 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm); | |
| 412 | struct nx_csbcpb *csbcpb = nx_ctx->csbcpb; | |
| 413 | unsigned int nbytes = req->cryptlen; | |
| 414 | unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req)); | |
| c849163b | 415 | unsigned long irq_flags; |
| 2b188b3b | 416 | unsigned int processed = 0, to_process; |
| a00bd6e6 KY |
417 | int rc = -1; |
| 418 | ||
| c849163b MC |
419 | spin_lock_irqsave(&nx_ctx->lock, irq_flags); |
| 420 | ||
| cc815653 | 421 | rc = generate_pat(desc->info, req, nx_ctx, authsize, nbytes, assoclen, |
| a00bd6e6 KY |
422 | csbcpb->cpb.aes_ccm.in_pat_or_b0); |
| 423 | if (rc) | |
| 424 | goto out; | |
| 425 | ||
| 2b188b3b FG |
426 | do { |
| 427 | /* to process: the AES_BLOCK_SIZE data chunk to process in this | |
| 428 | * update. This value is bound by sg list limits. | |
| 429 | */ | |
| 9247f0b0 | 430 | to_process = nbytes - processed; |
| 2b188b3b FG |
431 | |
| 432 | if ((to_process + processed) < nbytes) | |
| 433 | NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE; | |
| 434 | else | |
| 435 | NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE; | |
| 436 | ||
| 437 | NX_CPB_FDM(csbcpb) |= NX_FDM_ENDE_ENCRYPT; | |
| 438 | ||
| 439 | rc = nx_build_sg_lists(nx_ctx, desc, req->dst, req->src, | |
| cc815653 | 440 | &to_process, processed + req->assoclen, |
| 2b188b3b FG |
441 | csbcpb->cpb.aes_ccm.iv_or_ctr); |
| 442 | if (rc) | |
| 443 | goto out; | |
| a00bd6e6 | 444 | |
| 2b188b3b FG |
445 | rc = nx_hcall_sync(nx_ctx, &nx_ctx->op, |
| 446 | req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP); | |
| 447 | if (rc) | |
| 448 | goto out; | |
| a00bd6e6 | 449 | |
| 2b188b3b FG |
450 | /* for partial completion, copy following for next |
| 451 | * entry into loop... | |
| 452 | */ | |
| 453 | memcpy(desc->info, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE); | |
| 454 | memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0, | |
| 455 | csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE); | |
| 456 | memcpy(csbcpb->cpb.aes_ccm.in_s0, | |
| 457 | csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE); | |
| a00bd6e6 | 458 | |
| 2b188b3b FG |
459 | NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION; |
| 460 | ||
| 461 | /* update stats */ | |
| 462 | atomic_inc(&(nx_ctx->stats->aes_ops)); | |
| 463 | atomic64_add(csbcpb->csb.processed_byte_count, | |
| 464 | &(nx_ctx->stats->aes_bytes)); | |
| 465 | ||
| 466 | processed += to_process; | |
| 467 | ||
| 468 | } while (processed < nbytes); | |
| a00bd6e6 KY |
469 | |
| 470 | /* copy out the auth tag */ | |
| 471 | scatterwalk_map_and_copy(csbcpb->cpb.aes_ccm.out_pat_or_mac, | |
| cc815653 | 472 | req->dst, nbytes + req->assoclen, authsize, |
| a00bd6e6 | 473 | SCATTERWALK_TO_SG); |
| 2b188b3b | 474 | |
| a00bd6e6 | 475 | out: |
| c849163b | 476 | spin_unlock_irqrestore(&nx_ctx->lock, irq_flags); |
| a00bd6e6 KY |
477 | return rc; |
| 478 | } | |
| 479 | ||
| 480 | static int ccm4309_aes_nx_encrypt(struct aead_request *req) | |
| 481 | { | |
| 482 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm); | |
| 030f4e96 | 483 | struct nx_gcm_rctx *rctx = aead_request_ctx(req); |
| a00bd6e6 | 484 | struct blkcipher_desc desc; |
| 030f4e96 | 485 | u8 *iv = rctx->iv; |
| a00bd6e6 KY |
486 | |
| 487 | iv[0] = 3; | |
| 488 | memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3); | |
| 489 | memcpy(iv + 4, req->iv, 8); | |
| 490 | ||
| 491 | desc.info = iv; | |
| a00bd6e6 | 492 | |
| cc815653 | 493 | return ccm_nx_encrypt(req, &desc, req->assoclen - 8); |
| a00bd6e6 KY |
494 | } |
| 495 | ||
| 496 | static int ccm_aes_nx_encrypt(struct aead_request *req) | |
| 497 | { | |
| 498 | struct blkcipher_desc desc; | |
| 499 | int rc; | |
| 500 | ||
| 501 | desc.info = req->iv; | |
| a00bd6e6 KY |
502 | |
| 503 | rc = crypto_ccm_check_iv(desc.info); | |
| 504 | if (rc) | |
| 505 | return rc; | |
| 506 | ||
| cc815653 | 507 | return ccm_nx_encrypt(req, &desc, req->assoclen); |
| a00bd6e6 KY |
508 | } |
| 509 | ||
| 510 | static int ccm4309_aes_nx_decrypt(struct aead_request *req) | |
| 511 | { | |
| 512 | struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm); | |
| 030f4e96 | 513 | struct nx_gcm_rctx *rctx = aead_request_ctx(req); |
| a00bd6e6 | 514 | struct blkcipher_desc desc; |
| 030f4e96 | 515 | u8 *iv = rctx->iv; |
| a00bd6e6 KY |
516 | |
| 517 | iv[0] = 3; | |
| 518 | memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3); | |
| 519 | memcpy(iv + 4, req->iv, 8); | |
| 520 | ||
| 521 | desc.info = iv; | |
| a00bd6e6 | 522 | |
| cc815653 | 523 | return ccm_nx_decrypt(req, &desc, req->assoclen - 8); |
| a00bd6e6 KY |
524 | } |
| 525 | ||
| 526 | static int ccm_aes_nx_decrypt(struct aead_request *req) | |
| 527 | { | |
| 528 | struct blkcipher_desc desc; | |
| 529 | int rc; | |
| 530 | ||
| 531 | desc.info = req->iv; | |
| a00bd6e6 KY |
532 | |
| 533 | rc = crypto_ccm_check_iv(desc.info); | |
| 534 | if (rc) | |
| 535 | return rc; | |
| 536 | ||
| cc815653 | 537 | return ccm_nx_decrypt(req, &desc, req->assoclen); |
| a00bd6e6 KY |
538 | } |
| 539 | ||
| 540 | /* tell the block cipher walk routines that this is a stream cipher by | |
| 541 | * setting cra_blocksize to 1. Even using blkcipher_walk_virt_block | |
| 542 | * during encrypt/decrypt doesn't solve this problem, because it calls | |
| 543 | * blkcipher_walk_done under the covers, which doesn't use walk->blocksize, | |
| 544 | * but instead uses this tfm->blocksize. */ | |
| cc815653 HX |
545 | struct aead_alg nx_ccm_aes_alg = { |
| 546 | .base = { | |
| 547 | .cra_name = "ccm(aes)", | |
| 548 | .cra_driver_name = "ccm-aes-nx", | |
| 549 | .cra_priority = 300, | |
| 5e4b8c1f | 550 | .cra_flags = CRYPTO_ALG_NEED_FALLBACK, |
| cc815653 HX |
551 | .cra_blocksize = 1, |
| 552 | .cra_ctxsize = sizeof(struct nx_crypto_ctx), | |
| 553 | .cra_module = THIS_MODULE, | |
| 554 | }, | |
| 555 | .init = nx_crypto_ctx_aes_ccm_init, | |
| 556 | .exit = nx_crypto_ctx_aead_exit, | |
| 557 | .ivsize = AES_BLOCK_SIZE, | |
| 558 | .maxauthsize = AES_BLOCK_SIZE, | |
| 559 | .setkey = ccm_aes_nx_set_key, | |
| 560 | .setauthsize = ccm_aes_nx_setauthsize, | |
| 561 | .encrypt = ccm_aes_nx_encrypt, | |
| 562 | .decrypt = ccm_aes_nx_decrypt, | |
| a00bd6e6 KY |
563 | }; |
| 564 | ||
| cc815653 HX |
565 | struct aead_alg nx_ccm4309_aes_alg = { |
| 566 | .base = { | |
| 567 | .cra_name = "rfc4309(ccm(aes))", | |
| 568 | .cra_driver_name = "rfc4309-ccm-aes-nx", | |
| 569 | .cra_priority = 300, | |
| 5e4b8c1f | 570 | .cra_flags = CRYPTO_ALG_NEED_FALLBACK, |
| cc815653 HX |
571 | .cra_blocksize = 1, |
| 572 | .cra_ctxsize = sizeof(struct nx_crypto_ctx), | |
| 573 | .cra_module = THIS_MODULE, | |
| 574 | }, | |
| 575 | .init = nx_crypto_ctx_aes_ccm_init, | |
| 576 | .exit = nx_crypto_ctx_aead_exit, | |
| 577 | .ivsize = 8, | |
| 578 | .maxauthsize = AES_BLOCK_SIZE, | |
| 579 | .setkey = ccm4309_aes_nx_set_key, | |
| 580 | .setauthsize = ccm4309_aes_nx_setauthsize, | |
| 581 | .encrypt = ccm4309_aes_nx_encrypt, | |
| 582 | .decrypt = ccm4309_aes_nx_decrypt, | |
| a00bd6e6 | 583 | }; |