2 * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support
4 * Copyright (C) 2016,2017 Advanced Micro Devices, Inc.
6 * Author: Gary R Hook <gary.hook@amd.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/sched.h>
15 #include <linux/delay.h>
16 #include <linux/scatterlist.h>
17 #include <linux/crypto.h>
18 #include <crypto/internal/aead.h>
19 #include <crypto/algapi.h>
20 #include <crypto/aes.h>
21 #include <crypto/ctr.h>
22 #include <crypto/gcm.h>
23 #include <crypto/scatterwalk.h>
24 #include <linux/delay.h>
26 #include "ccp-crypto.h"
28 static int ccp_aes_gcm_complete(struct crypto_async_request
*async_req
, int ret
)
33 static int ccp_aes_gcm_setkey(struct crypto_aead
*tfm
, const u8
*key
,
36 struct ccp_ctx
*ctx
= crypto_aead_ctx(tfm
);
40 ctx
->u
.aes
.type
= CCP_AES_TYPE_128
;
43 ctx
->u
.aes
.type
= CCP_AES_TYPE_192
;
46 ctx
->u
.aes
.type
= CCP_AES_TYPE_256
;
49 crypto_aead_set_flags(tfm
, CRYPTO_TFM_RES_BAD_KEY_LEN
);
53 ctx
->u
.aes
.mode
= CCP_AES_MODE_GCM
;
54 ctx
->u
.aes
.key_len
= key_len
;
56 memcpy(ctx
->u
.aes
.key
, key
, key_len
);
57 sg_init_one(&ctx
->u
.aes
.key_sg
, ctx
->u
.aes
.key
, key_len
);
62 static int ccp_aes_gcm_setauthsize(struct crypto_aead
*tfm
,
63 unsigned int authsize
)
81 static int ccp_aes_gcm_crypt(struct aead_request
*req
, bool encrypt
)
83 struct crypto_aead
*tfm
= crypto_aead_reqtfm(req
);
84 struct ccp_ctx
*ctx
= crypto_aead_ctx(tfm
);
85 struct ccp_aes_req_ctx
*rctx
= aead_request_ctx(req
);
86 struct scatterlist
*iv_sg
= NULL
;
87 unsigned int iv_len
= 0;
91 if (!ctx
->u
.aes
.key_len
)
94 if (ctx
->u
.aes
.mode
!= CCP_AES_MODE_GCM
)
102 * plaintext/ciphertext input
106 * Destination+tag buffer
109 /* Prepare the IV: 12 bytes + an integer (counter) */
110 memcpy(rctx
->iv
, req
->iv
, GCM_AES_IV_SIZE
);
111 for (i
= 0; i
< 3; i
++)
112 rctx
->iv
[i
+ GCM_AES_IV_SIZE
] = 0;
113 rctx
->iv
[AES_BLOCK_SIZE
- 1] = 1;
115 /* Set up a scatterlist for the IV */
116 iv_sg
= &rctx
->iv_sg
;
117 iv_len
= AES_BLOCK_SIZE
;
118 sg_init_one(iv_sg
, rctx
->iv
, iv_len
);
120 /* The AAD + plaintext are concatenated in the src buffer */
121 memset(&rctx
->cmd
, 0, sizeof(rctx
->cmd
));
122 INIT_LIST_HEAD(&rctx
->cmd
.entry
);
123 rctx
->cmd
.engine
= CCP_ENGINE_AES
;
124 rctx
->cmd
.u
.aes
.authsize
= crypto_aead_authsize(tfm
);
125 rctx
->cmd
.u
.aes
.type
= ctx
->u
.aes
.type
;
126 rctx
->cmd
.u
.aes
.mode
= ctx
->u
.aes
.mode
;
127 rctx
->cmd
.u
.aes
.action
= encrypt
;
128 rctx
->cmd
.u
.aes
.key
= &ctx
->u
.aes
.key_sg
;
129 rctx
->cmd
.u
.aes
.key_len
= ctx
->u
.aes
.key_len
;
130 rctx
->cmd
.u
.aes
.iv
= iv_sg
;
131 rctx
->cmd
.u
.aes
.iv_len
= iv_len
;
132 rctx
->cmd
.u
.aes
.src
= req
->src
;
133 rctx
->cmd
.u
.aes
.src_len
= req
->cryptlen
;
134 rctx
->cmd
.u
.aes
.aad_len
= req
->assoclen
;
136 /* The cipher text + the tag are in the dst buffer */
137 rctx
->cmd
.u
.aes
.dst
= req
->dst
;
139 ret
= ccp_crypto_enqueue_request(&req
->base
, &rctx
->cmd
);
144 static int ccp_aes_gcm_encrypt(struct aead_request
*req
)
146 return ccp_aes_gcm_crypt(req
, CCP_AES_ACTION_ENCRYPT
);
149 static int ccp_aes_gcm_decrypt(struct aead_request
*req
)
151 return ccp_aes_gcm_crypt(req
, CCP_AES_ACTION_DECRYPT
);
154 static int ccp_aes_gcm_cra_init(struct crypto_aead
*tfm
)
156 struct ccp_ctx
*ctx
= crypto_aead_ctx(tfm
);
158 ctx
->complete
= ccp_aes_gcm_complete
;
159 ctx
->u
.aes
.key_len
= 0;
161 crypto_aead_set_reqsize(tfm
, sizeof(struct ccp_aes_req_ctx
));
166 static void ccp_aes_gcm_cra_exit(struct crypto_tfm
*tfm
)
170 static struct aead_alg ccp_aes_gcm_defaults
= {
171 .setkey
= ccp_aes_gcm_setkey
,
172 .setauthsize
= ccp_aes_gcm_setauthsize
,
173 .encrypt
= ccp_aes_gcm_encrypt
,
174 .decrypt
= ccp_aes_gcm_decrypt
,
175 .init
= ccp_aes_gcm_cra_init
,
176 .ivsize
= GCM_AES_IV_SIZE
,
177 .maxauthsize
= AES_BLOCK_SIZE
,
179 .cra_flags
= CRYPTO_ALG_TYPE_ABLKCIPHER
|
181 CRYPTO_ALG_KERN_DRIVER_ONLY
|
182 CRYPTO_ALG_NEED_FALLBACK
,
183 .cra_blocksize
= AES_BLOCK_SIZE
,
184 .cra_ctxsize
= sizeof(struct ccp_ctx
),
185 .cra_priority
= CCP_CRA_PRIORITY
,
186 .cra_type
= &crypto_ablkcipher_type
,
187 .cra_exit
= ccp_aes_gcm_cra_exit
,
188 .cra_module
= THIS_MODULE
,
192 struct ccp_aes_aead_def
{
193 enum ccp_aes_mode mode
;
194 unsigned int version
;
196 const char *driver_name
;
197 unsigned int blocksize
;
199 struct aead_alg
*alg_defaults
;
202 static struct ccp_aes_aead_def aes_aead_algs
[] = {
204 .mode
= CCP_AES_MODE_GHASH
,
205 .version
= CCP_VERSION(5, 0),
207 .driver_name
= "gcm-aes-ccp",
209 .ivsize
= AES_BLOCK_SIZE
,
210 .alg_defaults
= &ccp_aes_gcm_defaults
,
214 static int ccp_register_aes_aead(struct list_head
*head
,
215 const struct ccp_aes_aead_def
*def
)
217 struct ccp_crypto_aead
*ccp_aead
;
218 struct aead_alg
*alg
;
221 ccp_aead
= kzalloc(sizeof(*ccp_aead
), GFP_KERNEL
);
225 INIT_LIST_HEAD(&ccp_aead
->entry
);
227 ccp_aead
->mode
= def
->mode
;
229 /* Copy the defaults and override as necessary */
230 alg
= &ccp_aead
->alg
;
231 *alg
= *def
->alg_defaults
;
232 snprintf(alg
->base
.cra_name
, CRYPTO_MAX_ALG_NAME
, "%s", def
->name
);
233 snprintf(alg
->base
.cra_driver_name
, CRYPTO_MAX_ALG_NAME
, "%s",
235 alg
->base
.cra_blocksize
= def
->blocksize
;
236 alg
->base
.cra_ablkcipher
.ivsize
= def
->ivsize
;
238 ret
= crypto_register_aead(alg
);
240 pr_err("%s ablkcipher algorithm registration error (%d)\n",
241 alg
->base
.cra_name
, ret
);
246 list_add(&ccp_aead
->entry
, head
);
251 int ccp_register_aes_aeads(struct list_head
*head
)
254 unsigned int ccpversion
= ccp_version();
256 for (i
= 0; i
< ARRAY_SIZE(aes_aead_algs
); i
++) {
257 if (aes_aead_algs
[i
].version
> ccpversion
)
259 ret
= ccp_register_aes_aead(head
, &aes_aead_algs
[i
]);