1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Intel IXP4xx NPE-C crypto driver
4	*
5	* Copyright (C) 2008 Christian Hohnstaedt <chohnstaedt@innominate.com>
6	*/
7
8	#include <linux/platform_device.h>
9	#include <linux/dma-mapping.h>
10	#include <linux/dmapool.h>
11	#include <linux/crypto.h>
12	#include <linux/kernel.h>
13	#include <linux/rtnetlink.h>
14	#include <linux/interrupt.h>
15	#include <linux/spinlock.h>
16	#include <linux/gfp.h>
17	#include <linux/module.h>
18	#include <linux/of.h>
19
20	#include <crypto/ctr.h>
21	#include <crypto/internal/des.h>
22	#include <crypto/aes.h>
23	#include <crypto/hmac.h>
24	#include <crypto/sha1.h>
25	#include <crypto/algapi.h>
26	#include <crypto/internal/aead.h>
27	#include <crypto/internal/skcipher.h>
28	#include <crypto/authenc.h>
29	#include <crypto/scatterwalk.h>
30
31	#include <linux/soc/ixp4xx/npe.h>
32	#include <linux/soc/ixp4xx/qmgr.h>
33
34	/* Intermittent includes, delete this after v5.14-rc1 */
35	#include <linux/soc/ixp4xx/cpu.h>
36
37	#define MAX_KEYLEN 32
38
39	/* hash: cfgword + 2 * digestlen; crypt: keylen + cfgword */
40	#define NPE_CTX_LEN 80
41	#define AES_BLOCK128 16
42
43	#define NPE_OP_HASH_VERIFY 0x01
44	#define NPE_OP_CCM_ENABLE 0x04
45	#define NPE_OP_CRYPT_ENABLE 0x08
46	#define NPE_OP_HASH_ENABLE 0x10
47	#define NPE_OP_NOT_IN_PLACE 0x20
48	#define NPE_OP_HMAC_DISABLE 0x40
49	#define NPE_OP_CRYPT_ENCRYPT 0x80
50
51	#define NPE_OP_CCM_GEN_MIC 0xcc
52	#define NPE_OP_HASH_GEN_ICV 0x50
53	#define NPE_OP_ENC_GEN_KEY 0xc9
54
55	#define MOD_ECB 0x0000
56	#define MOD_CTR 0x1000
57	#define MOD_CBC_ENC 0x2000
58	#define MOD_CBC_DEC 0x3000
59	#define MOD_CCM_ENC 0x4000
60	#define MOD_CCM_DEC 0x5000
61
62	#define KEYLEN_128 4
63	#define KEYLEN_192 6
64	#define KEYLEN_256 8
65
66	#define CIPH_DECR 0x0000
67	#define CIPH_ENCR 0x0400
68
69	#define MOD_DES 0x0000
70	#define MOD_TDEA2 0x0100
71	#define MOD_3DES 0x0200
72	#define MOD_AES 0x0800
73	#define MOD_AES128 (0x0800 | KEYLEN_128)
74	#define MOD_AES192 (0x0900 | KEYLEN_192)
75	#define MOD_AES256 (0x0a00 | KEYLEN_256)
76
77	#define MAX_IVLEN 16
78	#define NPE_QLEN 16
79	/* Space for registering when the first
80	* NPE_QLEN crypt_ctl are busy */
81	#define NPE_QLEN_TOTAL 64
82
83	#define CTL_FLAG_UNUSED 0x0000
84	#define CTL_FLAG_USED 0x1000
85	#define CTL_FLAG_PERFORM_ABLK 0x0001
86	#define CTL_FLAG_GEN_ICV 0x0002
87	#define CTL_FLAG_GEN_REVAES 0x0004
88	#define CTL_FLAG_PERFORM_AEAD 0x0008
89	#define CTL_FLAG_MASK 0x000f
90
91	#define HMAC_PAD_BLOCKLEN SHA1_BLOCK_SIZE
92
93	#define MD5_DIGEST_SIZE 16
94
95	struct buffer_desc {
96	u32 phys_next;
97	#ifdef __ARMEB__
98	u16 buf_len;
99	u16 pkt_len;
100	#else
101	u16 pkt_len;
102	u16 buf_len;
103	#endif
104	dma_addr_t phys_addr;
105	u32 __reserved[4];
106	struct buffer_desc *next;
107	enum dma_data_direction dir;
108	};
109
110	struct crypt_ctl {
111	#ifdef __ARMEB__
112	u8 mode; /* NPE_OP_* operation mode */
113	u8 init_len;
114	u16 reserved;
115	#else
116	u16 reserved;
117	u8 init_len;
118	u8 mode; /* NPE_OP_* operation mode */
119	#endif
120	u8 iv[MAX_IVLEN]; /* IV for CBC mode or CTR IV for CTR mode */
121	u32 icv_rev_aes; /* icv or rev aes */
122	u32 src_buf;
123	u32 dst_buf;
124	#ifdef __ARMEB__
125	u16 auth_offs; /* Authentication start offset */
126	u16 auth_len; /* Authentication data length */
127	u16 crypt_offs; /* Cryption start offset */
128	u16 crypt_len; /* Cryption data length */
129	#else
130	u16 auth_len; /* Authentication data length */
131	u16 auth_offs; /* Authentication start offset */
132	u16 crypt_len; /* Cryption data length */
133	u16 crypt_offs; /* Cryption start offset */
134	#endif
135	u32 aadAddr; /* Additional Auth Data Addr for CCM mode */
136	u32 crypto_ctx; /* NPE Crypto Param structure address */
137
138	/* Used by Host: 4*4 bytes*/
139	unsigned int ctl_flags;
140	union {
141	struct skcipher_request *ablk_req;
142	struct aead_request *aead_req;
143	struct crypto_tfm *tfm;
144	} data;
145	struct buffer_desc *regist_buf;
146	u8 *regist_ptr;
147	};
148
149	struct ablk_ctx {
150	struct buffer_desc *src;
151	struct buffer_desc *dst;
152	u8 iv[MAX_IVLEN];
153	bool encrypt;
154	struct skcipher_request fallback_req; // keep at the end
155	};
156
157	struct aead_ctx {
158	struct buffer_desc *src;
159	struct buffer_desc *dst;
160	struct scatterlist ivlist;
161	/* used when the hmac is not on one sg entry */
162	u8 *hmac_virt;
163	int encrypt;
164	};
165
166	struct ix_hash_algo {
167	u32 cfgword;
168	unsigned char *icv;
169	};
170
171	struct ix_sa_dir {
172	unsigned char *npe_ctx;
173	dma_addr_t npe_ctx_phys;
174	int npe_ctx_idx;
175	u8 npe_mode;
176	};
177
178	struct ixp_ctx {
179	struct ix_sa_dir encrypt;
180	struct ix_sa_dir decrypt;
181	int authkey_len;
182	u8 authkey[MAX_KEYLEN];
183	int enckey_len;
184	u8 enckey[MAX_KEYLEN];
185	u8 salt[MAX_IVLEN];
186	u8 nonce[CTR_RFC3686_NONCE_SIZE];
187	unsigned int salted;
188	atomic_t configuring;
189	struct completion completion;
190	struct crypto_skcipher *fallback_tfm;
191	};
192
193	struct ixp_alg {
194	struct skcipher_alg crypto;
195	const struct ix_hash_algo *hash;
196	u32 cfg_enc;
197	u32 cfg_dec;
198
199	int registered;
200	};
201
202	struct ixp_aead_alg {
203	struct aead_alg crypto;
204	const struct ix_hash_algo *hash;
205	u32 cfg_enc;
206	u32 cfg_dec;
207
208	int registered;
209	};
210
211	static const struct ix_hash_algo hash_alg_md5 = {
212	.cfgword = 0xAA010004,
213	.icv = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
214	"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
215	};
216
217	static const struct ix_hash_algo hash_alg_sha1 = {
218	.cfgword = 0x00000005,
219	.icv = "\x67\x45\x23\x01\xEF\xCD\xAB\x89\x98\xBA"
220	"\xDC\xFE\x10\x32\x54\x76\xC3\xD2\xE1\xF0",
221	};
222
223	static struct npe *npe_c;
224
225	static unsigned int send_qid;
226	static unsigned int recv_qid;
227	static struct dma_pool *buffer_pool;
228	static struct dma_pool *ctx_pool;
229
230	static struct crypt_ctl *crypt_virt;
231	static dma_addr_t crypt_phys;
232
233	static int support_aes = 1;
234
235	static struct platform_device *pdev;
236
237	static inline dma_addr_t crypt_virt2phys(struct crypt_ctl *virt)
238	{
239	return crypt_phys + (virt - crypt_virt) * sizeof(struct crypt_ctl);
240	}
241
242	static inline struct crypt_ctl *crypt_phys2virt(dma_addr_t phys)
243	{
244	return crypt_virt + (phys - crypt_phys) / sizeof(struct crypt_ctl);
245	}
246
247	static inline u32 cipher_cfg_enc(struct crypto_tfm *tfm)
248	{
249	return container_of(tfm->__crt_alg, struct ixp_alg, crypto.base)->cfg_enc;
250	}
251
252	static inline u32 cipher_cfg_dec(struct crypto_tfm *tfm)
253	{
254	return container_of(tfm->__crt_alg, struct ixp_alg, crypto.base)->cfg_dec;
255	}
256
257	static inline const struct ix_hash_algo *ix_hash(struct crypto_tfm *tfm)
258	{
259	return container_of(tfm->__crt_alg, struct ixp_alg, crypto.base)->hash;
260	}
261
262	static int setup_crypt_desc(void)
263	{
264	struct device *dev = &pdev->dev;
265
266	BUILD_BUG_ON(!(IS_ENABLED(CONFIG_COMPILE_TEST) &&
267	IS_ENABLED(CONFIG_64BIT)) &&
268	sizeof(struct crypt_ctl) != 64);
269	crypt_virt = dma_alloc_coherent(dev,
270	NPE_QLEN * sizeof(struct crypt_ctl),
271	dma_handle: &crypt_phys, GFP_ATOMIC);
272	if (!crypt_virt)
273	return -ENOMEM;
274	return 0;
275	}
276
277	static DEFINE_SPINLOCK(desc_lock);
278	static struct crypt_ctl *get_crypt_desc(void)
279	{
280	int i;
281	static int idx;
282	unsigned long flags;
283
284	spin_lock_irqsave(&desc_lock, flags);
285
286	if (unlikely(!crypt_virt))
287	setup_crypt_desc();
288	if (unlikely(!crypt_virt)) {
289	spin_unlock_irqrestore(lock: &desc_lock, flags);
290	return NULL;
291	}
292	i = idx;
293	if (crypt_virt[i].ctl_flags == CTL_FLAG_UNUSED) {
294	if (++idx >= NPE_QLEN)
295	idx = 0;
296	crypt_virt[i].ctl_flags = CTL_FLAG_USED;
297	spin_unlock_irqrestore(lock: &desc_lock, flags);
298	return crypt_virt + i;
299	} else {
300	spin_unlock_irqrestore(lock: &desc_lock, flags);
301	return NULL;
302	}
303	}
304
305	static DEFINE_SPINLOCK(emerg_lock);
306	static struct crypt_ctl *get_crypt_desc_emerg(void)
307	{
308	int i;
309	static int idx = NPE_QLEN;
310	struct crypt_ctl *desc;
311	unsigned long flags;
312
313	desc = get_crypt_desc();
314	if (desc)
315	return desc;
316	if (unlikely(!crypt_virt))
317	return NULL;
318
319	spin_lock_irqsave(&emerg_lock, flags);
320	i = idx;
321	if (crypt_virt[i].ctl_flags == CTL_FLAG_UNUSED) {
322	if (++idx >= NPE_QLEN_TOTAL)
323	idx = NPE_QLEN;
324	crypt_virt[i].ctl_flags = CTL_FLAG_USED;
325	spin_unlock_irqrestore(lock: &emerg_lock, flags);
326	return crypt_virt + i;
327	} else {
328	spin_unlock_irqrestore(lock: &emerg_lock, flags);
329	return NULL;
330	}
331	}
332
333	static void free_buf_chain(struct device *dev, struct buffer_desc *buf,
334	dma_addr_t phys)
335	{
336	while (buf) {
337	struct buffer_desc *buf1;
338	u32 phys1;
339
340	buf1 = buf->next;
341	phys1 = buf->phys_next;
342	dma_unmap_single(dev, buf->phys_addr, buf->buf_len, buf->dir);
343	dma_pool_free(pool: buffer_pool, vaddr: buf, addr: phys);
344	buf = buf1;
345	phys = phys1;
346	}
347	}
348
349	static struct tasklet_struct crypto_done_tasklet;
350
351	static void finish_scattered_hmac(struct crypt_ctl *crypt)
352	{
353	struct aead_request *req = crypt->data.aead_req;
354	struct aead_ctx *req_ctx = aead_request_ctx(req);
355	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
356	int authsize = crypto_aead_authsize(tfm);
357	int decryptlen = req->assoclen + req->cryptlen - authsize;
358
359	if (req_ctx->encrypt) {
360	scatterwalk_map_and_copy(buf: req_ctx->hmac_virt, sg: req->dst,
361	start: decryptlen, nbytes: authsize, out: 1);
362	}
363	dma_pool_free(pool: buffer_pool, vaddr: req_ctx->hmac_virt, addr: crypt->icv_rev_aes);
364	}
365
366	static void one_packet(dma_addr_t phys)
367	{
368	struct device *dev = &pdev->dev;
369	struct crypt_ctl *crypt;
370	struct ixp_ctx *ctx;
371	int failed;
372
373	failed = phys & 0x1 ? -EBADMSG : 0;
374	phys &= ~0x3;
375	crypt = crypt_phys2virt(phys);
376
377	switch (crypt->ctl_flags & CTL_FLAG_MASK) {
378	case CTL_FLAG_PERFORM_AEAD: {
379	struct aead_request *req = crypt->data.aead_req;
380	struct aead_ctx *req_ctx = aead_request_ctx(req);
381
382	free_buf_chain(dev, buf: req_ctx->src, phys: crypt->src_buf);
383	free_buf_chain(dev, buf: req_ctx->dst, phys: crypt->dst_buf);
384	if (req_ctx->hmac_virt)
385	finish_scattered_hmac(crypt);
386
387	aead_request_complete(req, err: failed);
388	break;
389	}
390	case CTL_FLAG_PERFORM_ABLK: {
391	struct skcipher_request *req = crypt->data.ablk_req;
392	struct ablk_ctx *req_ctx = skcipher_request_ctx(req);
393	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
394	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
395	unsigned int offset;
396
397	if (ivsize > 0) {
398	offset = req->cryptlen - ivsize;
399	if (req_ctx->encrypt) {
400	scatterwalk_map_and_copy(buf: req->iv, sg: req->dst,
401	start: offset, nbytes: ivsize, out: 0);
402	} else {
403	memcpy(req->iv, req_ctx->iv, ivsize);
404	memzero_explicit(s: req_ctx->iv, count: ivsize);
405	}
406	}
407
408	if (req_ctx->dst)
409	free_buf_chain(dev, buf: req_ctx->dst, phys: crypt->dst_buf);
410
411	free_buf_chain(dev, buf: req_ctx->src, phys: crypt->src_buf);
412	skcipher_request_complete(req, err: failed);
413	break;
414	}
415	case CTL_FLAG_GEN_ICV:
416	ctx = crypto_tfm_ctx(tfm: crypt->data.tfm);
417	dma_pool_free(pool: ctx_pool, vaddr: crypt->regist_ptr,
418	addr: crypt->regist_buf->phys_addr);
419	dma_pool_free(pool: buffer_pool, vaddr: crypt->regist_buf, addr: crypt->src_buf);
420	if (atomic_dec_and_test(v: &ctx->configuring))
421	complete(&ctx->completion);
422	break;
423	case CTL_FLAG_GEN_REVAES:
424	ctx = crypto_tfm_ctx(tfm: crypt->data.tfm);
425	*(__be32 *)ctx->decrypt.npe_ctx &= cpu_to_be32(~CIPH_ENCR);
426	if (atomic_dec_and_test(v: &ctx->configuring))
427	complete(&ctx->completion);
428	break;
429	default:
430	BUG();
431	}
432	crypt->ctl_flags = CTL_FLAG_UNUSED;
433	}
434
435	static void irqhandler(void *_unused)
436	{
437	tasklet_schedule(t: &crypto_done_tasklet);
438	}
439
440	static void crypto_done_action(unsigned long arg)
441	{
442	int i;
443
444	for (i = 0; i < 4; i++) {
445	dma_addr_t phys = qmgr_get_entry(queue: recv_qid);
446	if (!phys)
447	return;
448	one_packet(phys);
449	}
450	tasklet_schedule(t: &crypto_done_tasklet);
451	}
452
453	static int init_ixp_crypto(struct device *dev)
454	{
455	struct device_node *np = dev->of_node;
456	u32 msg[2] = { 0, 0 };
457	int ret = -ENODEV;
458	u32 npe_id;
459
460	dev_info(dev, "probing...\n");
461
462	/* Locate the NPE and queue manager to use from device tree */
463	if (IS_ENABLED(CONFIG_OF) && np) {
464	struct of_phandle_args queue_spec;
465	struct of_phandle_args npe_spec;
466
467	ret = of_parse_phandle_with_fixed_args(np, list_name: "intel,npe-handle",
468	cell_count: 1, index: 0, out_args: &npe_spec);
469	if (ret) {
470	dev_err(dev, "no NPE engine specified\n");
471	return -ENODEV;
472	}
473	npe_id = npe_spec.args[0];
474	of_node_put(node: npe_spec.np);
475
476	ret = of_parse_phandle_with_fixed_args(np, list_name: "queue-rx", cell_count: 1, index: 0,
477	out_args: &queue_spec);
478	if (ret) {
479	dev_err(dev, "no rx queue phandle\n");
480	return -ENODEV;
481	}
482	recv_qid = queue_spec.args[0];
483	of_node_put(node: queue_spec.np);
484
485	ret = of_parse_phandle_with_fixed_args(np, list_name: "queue-txready", cell_count: 1, index: 0,
486	out_args: &queue_spec);
487	if (ret) {
488	dev_err(dev, "no txready queue phandle\n");
489	return -ENODEV;
490	}
491	send_qid = queue_spec.args[0];
492	of_node_put(node: queue_spec.np);
493	} else {
494	/*
495	* Hardcoded engine when using platform data, this goes away
496	* when we switch to using DT only.
497	*/
498	npe_id = 2;
499	send_qid = 29;
500	recv_qid = 30;
501	}
502
503	npe_c = npe_request(id: npe_id);
504	if (!npe_c)
505	return ret;
506
507	if (!npe_running(npe: npe_c)) {
508	ret = npe_load_firmware(npe: npe_c, name: npe_name(npe: npe_c), dev);
509	if (ret)
510	goto npe_release;
511	if (npe_recv_message(npe: npe_c, msg, what: "STATUS_MSG"))
512	goto npe_error;
513	} else {
514	if (npe_send_message(npe: npe_c, msg, what: "STATUS_MSG"))
515	goto npe_error;
516
517	if (npe_recv_message(npe: npe_c, msg, what: "STATUS_MSG"))
518	goto npe_error;
519	}
520
521	switch ((msg[1] >> 16) & 0xff) {
522	case 3:
523	dev_warn(dev, "Firmware of %s lacks AES support\n", npe_name(npe_c));
524	support_aes = 0;
525	break;
526	case 4:
527	case 5:
528	support_aes = 1;
529	break;
530	default:
531	dev_err(dev, "Firmware of %s lacks crypto support\n", npe_name(npe_c));
532	ret = -ENODEV;
533	goto npe_release;
534	}
535	/* buffer_pool will also be used to sometimes store the hmac,
536	* so assure it is large enough
537	*/
538	BUILD_BUG_ON(SHA1_DIGEST_SIZE > sizeof(struct buffer_desc));
539	buffer_pool = dma_pool_create(name: "buffer", dev, size: sizeof(struct buffer_desc),
540	align: 32, boundary: 0);
541	ret = -ENOMEM;
542	if (!buffer_pool)
543	goto err;
544
545	ctx_pool = dma_pool_create(name: "context", dev, NPE_CTX_LEN, align: 16, boundary: 0);
546	if (!ctx_pool)
547	goto err;
548
549	ret = qmgr_request_queue(send_qid, NPE_QLEN_TOTAL, 0, 0,
550	"ixp_crypto:out", NULL);
551	if (ret)
552	goto err;
553	ret = qmgr_request_queue(recv_qid, NPE_QLEN, 0, 0,
554	"ixp_crypto:in", NULL);
555	if (ret) {
556	qmgr_release_queue(queue: send_qid);
557	goto err;
558	}
559	qmgr_set_irq(queue: recv_qid, QUEUE_IRQ_SRC_NOT_EMPTY, handler: irqhandler, NULL);
560	tasklet_init(t: &crypto_done_tasklet, func: crypto_done_action, data: 0);
561
562	qmgr_enable_irq(queue: recv_qid);
563	return 0;
564
565	npe_error:
566	dev_err(dev, "%s not responding\n", npe_name(npe_c));
567	ret = -EIO;
568	err:
569	dma_pool_destroy(pool: ctx_pool);
570	dma_pool_destroy(pool: buffer_pool);
571	npe_release:
572	npe_release(npe: npe_c);
573	return ret;
574	}
575
576	static void release_ixp_crypto(struct device *dev)
577	{
578	qmgr_disable_irq(queue: recv_qid);
579	tasklet_kill(t: &crypto_done_tasklet);
580
581	qmgr_release_queue(queue: send_qid);
582	qmgr_release_queue(queue: recv_qid);
583
584	dma_pool_destroy(pool: ctx_pool);
585	dma_pool_destroy(pool: buffer_pool);
586
587	npe_release(npe: npe_c);
588
589	if (crypt_virt)
590	dma_free_coherent(dev, NPE_QLEN * sizeof(struct crypt_ctl),
591	cpu_addr: crypt_virt, dma_handle: crypt_phys);
592	}
593
594	static void reset_sa_dir(struct ix_sa_dir *dir)
595	{
596	memset(dir->npe_ctx, 0, NPE_CTX_LEN);
597	dir->npe_ctx_idx = 0;
598	dir->npe_mode = 0;
599	}
600
601	static int init_sa_dir(struct ix_sa_dir *dir)
602	{
603	dir->npe_ctx = dma_pool_alloc(pool: ctx_pool, GFP_KERNEL, handle: &dir->npe_ctx_phys);
604	if (!dir->npe_ctx)
605	return -ENOMEM;
606
607	reset_sa_dir(dir);
608	return 0;
609	}
610
611	static void free_sa_dir(struct ix_sa_dir *dir)
612	{
613	memset(dir->npe_ctx, 0, NPE_CTX_LEN);
614	dma_pool_free(pool: ctx_pool, vaddr: dir->npe_ctx, addr: dir->npe_ctx_phys);
615	}
616
617	static int init_tfm(struct crypto_tfm *tfm)
618	{
619	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
620	int ret;
621
622	atomic_set(v: &ctx->configuring, i: 0);
623	ret = init_sa_dir(dir: &ctx->encrypt);
624	if (ret)
625	return ret;
626	ret = init_sa_dir(dir: &ctx->decrypt);
627	if (ret)
628	free_sa_dir(dir: &ctx->encrypt);
629
630	return ret;
631	}
632
633	static int init_tfm_ablk(struct crypto_skcipher *tfm)
634	{
635	struct crypto_tfm *ctfm = crypto_skcipher_tfm(tfm);
636	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm: ctfm);
637	const char *name = crypto_tfm_alg_name(tfm: ctfm);
638
639	ctx->fallback_tfm = crypto_alloc_skcipher(alg_name: name, type: 0, CRYPTO_ALG_NEED_FALLBACK);
640	if (IS_ERR(ptr: ctx->fallback_tfm)) {
641	pr_err("ERROR: Cannot allocate fallback for %s %ld\n",
642	name, PTR_ERR(ctx->fallback_tfm));
643	return PTR_ERR(ptr: ctx->fallback_tfm);
644	}
645
646	pr_info("Fallback for %s is %s\n",
647	crypto_tfm_alg_driver_name(&tfm->base),
648	crypto_tfm_alg_driver_name(crypto_skcipher_tfm(ctx->fallback_tfm))
649	);
650
651	crypto_skcipher_set_reqsize(skcipher: tfm, reqsize: sizeof(struct ablk_ctx) + crypto_skcipher_reqsize(tfm: ctx->fallback_tfm));
652	return init_tfm(tfm: crypto_skcipher_tfm(tfm));
653	}
654
655	static int init_tfm_aead(struct crypto_aead *tfm)
656	{
657	crypto_aead_set_reqsize(aead: tfm, reqsize: sizeof(struct aead_ctx));
658	return init_tfm(tfm: crypto_aead_tfm(tfm));
659	}
660
661	static void exit_tfm(struct crypto_tfm *tfm)
662	{
663	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
664
665	free_sa_dir(dir: &ctx->encrypt);
666	free_sa_dir(dir: &ctx->decrypt);
667	}
668
669	static void exit_tfm_ablk(struct crypto_skcipher *tfm)
670	{
671	struct crypto_tfm *ctfm = crypto_skcipher_tfm(tfm);
672	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm: ctfm);
673
674	crypto_free_skcipher(tfm: ctx->fallback_tfm);
675	exit_tfm(tfm: crypto_skcipher_tfm(tfm));
676	}
677
678	static void exit_tfm_aead(struct crypto_aead *tfm)
679	{
680	exit_tfm(tfm: crypto_aead_tfm(tfm));
681	}
682
683	static int register_chain_var(struct crypto_tfm *tfm, u8 xpad, u32 target,
684	int init_len, u32 ctx_addr, const u8 *key,
685	int key_len)
686	{
687	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
688	struct crypt_ctl *crypt;
689	struct buffer_desc *buf;
690	int i;
691	u8 *pad;
692	dma_addr_t pad_phys, buf_phys;
693
694	BUILD_BUG_ON(NPE_CTX_LEN < HMAC_PAD_BLOCKLEN);
695	pad = dma_pool_alloc(pool: ctx_pool, GFP_KERNEL, handle: &pad_phys);
696	if (!pad)
697	return -ENOMEM;
698	buf = dma_pool_alloc(pool: buffer_pool, GFP_KERNEL, handle: &buf_phys);
699	if (!buf) {
700	dma_pool_free(pool: ctx_pool, vaddr: pad, addr: pad_phys);
701	return -ENOMEM;
702	}
703	crypt = get_crypt_desc_emerg();
704	if (!crypt) {
705	dma_pool_free(pool: ctx_pool, vaddr: pad, addr: pad_phys);
706	dma_pool_free(pool: buffer_pool, vaddr: buf, addr: buf_phys);
707	return -EAGAIN;
708	}
709
710	memcpy(pad, key, key_len);
711	memset(pad + key_len, 0, HMAC_PAD_BLOCKLEN - key_len);
712	for (i = 0; i < HMAC_PAD_BLOCKLEN; i++)
713	pad[i] ^= xpad;
714
715	crypt->data.tfm = tfm;
716	crypt->regist_ptr = pad;
717	crypt->regist_buf = buf;
718
719	crypt->auth_offs = 0;
720	crypt->auth_len = HMAC_PAD_BLOCKLEN;
721	crypt->crypto_ctx = ctx_addr;
722	crypt->src_buf = buf_phys;
723	crypt->icv_rev_aes = target;
724	crypt->mode = NPE_OP_HASH_GEN_ICV;
725	crypt->init_len = init_len;
726	crypt->ctl_flags |= CTL_FLAG_GEN_ICV;
727
728	buf->next = NULL;
729	buf->buf_len = HMAC_PAD_BLOCKLEN;
730	buf->pkt_len = 0;
731	buf->phys_addr = pad_phys;
732
733	atomic_inc(v: &ctx->configuring);
734	qmgr_put_entry(queue: send_qid, val: crypt_virt2phys(virt: crypt));
735	BUG_ON(qmgr_stat_overflow(send_qid));
736	return 0;
737	}
738
739	static int setup_auth(struct crypto_tfm *tfm, int encrypt, unsigned int authsize,
740	const u8 *key, int key_len, unsigned int digest_len)
741	{
742	u32 itarget, otarget, npe_ctx_addr;
743	unsigned char *cinfo;
744	int init_len, ret = 0;
745	u32 cfgword;
746	struct ix_sa_dir *dir;
747	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
748	const struct ix_hash_algo *algo;
749
750	dir = encrypt ? &ctx->encrypt : &ctx->decrypt;
751	cinfo = dir->npe_ctx + dir->npe_ctx_idx;
752	algo = ix_hash(tfm);
753
754	/* write cfg word to cryptinfo */
755	cfgword = algo->cfgword | (authsize << 6); /* (authsize/4) << 8 */
756	#ifndef __ARMEB__
757	cfgword ^= 0xAA000000; /* change the "byte swap" flags */
758	#endif
759	*(__be32 *)cinfo = cpu_to_be32(cfgword);
760	cinfo += sizeof(cfgword);
761
762	/* write ICV to cryptinfo */
763	memcpy(cinfo, algo->icv, digest_len);
764	cinfo += digest_len;
765
766	itarget = dir->npe_ctx_phys + dir->npe_ctx_idx
767	+ sizeof(algo->cfgword);
768	otarget = itarget + digest_len;
769	init_len = cinfo - (dir->npe_ctx + dir->npe_ctx_idx);
770	npe_ctx_addr = dir->npe_ctx_phys + dir->npe_ctx_idx;
771
772	dir->npe_ctx_idx += init_len;
773	dir->npe_mode |= NPE_OP_HASH_ENABLE;
774
775	if (!encrypt)
776	dir->npe_mode |= NPE_OP_HASH_VERIFY;
777
778	ret = register_chain_var(tfm, HMAC_OPAD_VALUE, target: otarget,
779	init_len, ctx_addr: npe_ctx_addr, key, key_len);
780	if (ret)
781	return ret;
782	return register_chain_var(tfm, HMAC_IPAD_VALUE, target: itarget,
783	init_len, ctx_addr: npe_ctx_addr, key, key_len);
784	}
785
786	static int gen_rev_aes_key(struct crypto_tfm *tfm)
787	{
788	struct crypt_ctl *crypt;
789	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
790	struct ix_sa_dir *dir = &ctx->decrypt;
791
792	crypt = get_crypt_desc_emerg();
793	if (!crypt)
794	return -EAGAIN;
795
796	*(__be32 *)dir->npe_ctx |= cpu_to_be32(CIPH_ENCR);
797
798	crypt->data.tfm = tfm;
799	crypt->crypt_offs = 0;
800	crypt->crypt_len = AES_BLOCK128;
801	crypt->src_buf = 0;
802	crypt->crypto_ctx = dir->npe_ctx_phys;
803	crypt->icv_rev_aes = dir->npe_ctx_phys + sizeof(u32);
804	crypt->mode = NPE_OP_ENC_GEN_KEY;
805	crypt->init_len = dir->npe_ctx_idx;
806	crypt->ctl_flags |= CTL_FLAG_GEN_REVAES;
807
808	atomic_inc(v: &ctx->configuring);
809	qmgr_put_entry(queue: send_qid, val: crypt_virt2phys(virt: crypt));
810	BUG_ON(qmgr_stat_overflow(send_qid));
811	return 0;
812	}
813
814	static int setup_cipher(struct crypto_tfm *tfm, int encrypt, const u8 *key,
815	int key_len)
816	{
817	u8 *cinfo;
818	u32 cipher_cfg;
819	u32 keylen_cfg = 0;
820	struct ix_sa_dir *dir;
821	struct ixp_ctx *ctx = crypto_tfm_ctx(tfm);
822	int err;
823
824	dir = encrypt ? &ctx->encrypt : &ctx->decrypt;
825	cinfo = dir->npe_ctx;
826
827	if (encrypt) {
828	cipher_cfg = cipher_cfg_enc(tfm);
829	dir->npe_mode |= NPE_OP_CRYPT_ENCRYPT;
830	} else {
831	cipher_cfg = cipher_cfg_dec(tfm);
832	}
833	if (cipher_cfg & MOD_AES) {
834	switch (key_len) {
835	case 16:
836	keylen_cfg = MOD_AES128;
837	break;
838	case 24:
839	keylen_cfg = MOD_AES192;
840	break;
841	case 32:
842	keylen_cfg = MOD_AES256;
843	break;
844	default:
845	return -EINVAL;
846	}
847	cipher_cfg |= keylen_cfg;
848	} else {
849	err = crypto_des_verify_key(tfm, key);
850	if (err)
851	return err;
852	}
853	/* write cfg word to cryptinfo */
854	*(__be32 *)cinfo = cpu_to_be32(cipher_cfg);
855	cinfo += sizeof(cipher_cfg);
856
857	/* write cipher key to cryptinfo */
858	memcpy(cinfo, key, key_len);
859	/* NPE wants keylen set to DES3_EDE_KEY_SIZE even for single DES */
860	if (key_len < DES3_EDE_KEY_SIZE && !(cipher_cfg & MOD_AES)) {
861	memset(cinfo + key_len, 0, DES3_EDE_KEY_SIZE - key_len);
862	key_len = DES3_EDE_KEY_SIZE;
863	}
864	dir->npe_ctx_idx = sizeof(cipher_cfg) + key_len;
865	dir->npe_mode |= NPE_OP_CRYPT_ENABLE;
866	if ((cipher_cfg & MOD_AES) && !encrypt)
867	return gen_rev_aes_key(tfm);
868
869	return 0;
870	}
871
872	static struct buffer_desc *chainup_buffers(struct device *dev,
873	struct scatterlist *sg, unsigned int nbytes,
874	struct buffer_desc *buf, gfp_t flags,
875	enum dma_data_direction dir)
876	{
877	for (; nbytes > 0; sg = sg_next(sg)) {
878	unsigned int len = min(nbytes, sg->length);
879	struct buffer_desc *next_buf;
880	dma_addr_t next_buf_phys;
881	void *ptr;
882
883	nbytes -= len;
884	ptr = sg_virt(sg);
885	next_buf = dma_pool_alloc(pool: buffer_pool, mem_flags: flags, handle: &next_buf_phys);
886	if (!next_buf) {
887	buf = NULL;
888	break;
889	}
890	sg_dma_address(sg) = dma_map_single(dev, ptr, len, dir);
891	buf->next = next_buf;
892	buf->phys_next = next_buf_phys;
893	buf = next_buf;
894
895	buf->phys_addr = sg_dma_address(sg);
896	buf->buf_len = len;
897	buf->dir = dir;
898	}
899	buf->next = NULL;
900	buf->phys_next = 0;
901	return buf;
902	}
903
904	static int ablk_setkey(struct crypto_skcipher *tfm, const u8 *key,
905	unsigned int key_len)
906	{
907	struct ixp_ctx *ctx = crypto_skcipher_ctx(tfm);
908	int ret;
909
910	init_completion(x: &ctx->completion);
911	atomic_inc(v: &ctx->configuring);
912
913	reset_sa_dir(dir: &ctx->encrypt);
914	reset_sa_dir(dir: &ctx->decrypt);
915
916	ctx->encrypt.npe_mode = NPE_OP_HMAC_DISABLE;
917	ctx->decrypt.npe_mode = NPE_OP_HMAC_DISABLE;
918
919	ret = setup_cipher(tfm: &tfm->base, encrypt: 0, key, key_len);
920	if (ret)
921	goto out;
922	ret = setup_cipher(tfm: &tfm->base, encrypt: 1, key, key_len);
923	out:
924	if (!atomic_dec_and_test(v: &ctx->configuring))
925	wait_for_completion(&ctx->completion);
926	if (ret)
927	return ret;
928	crypto_skcipher_clear_flags(tfm: ctx->fallback_tfm, CRYPTO_TFM_REQ_MASK);
929	crypto_skcipher_set_flags(tfm: ctx->fallback_tfm, flags: tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
930
931	return crypto_skcipher_setkey(tfm: ctx->fallback_tfm, key, keylen: key_len);
932	}
933
934	static int ablk_des3_setkey(struct crypto_skcipher *tfm, const u8 *key,
935	unsigned int key_len)
936	{
937	return verify_skcipher_des3_key(tfm, key) ?:
938	ablk_setkey(tfm, key, key_len);
939	}
940
941	static int ablk_rfc3686_setkey(struct crypto_skcipher *tfm, const u8 *key,
942	unsigned int key_len)
943	{
944	struct ixp_ctx *ctx = crypto_skcipher_ctx(tfm);
945
946	/* the nonce is stored in bytes at end of key */
947	if (key_len < CTR_RFC3686_NONCE_SIZE)
948	return -EINVAL;
949
950	memcpy(ctx->nonce, key + (key_len - CTR_RFC3686_NONCE_SIZE),
951	CTR_RFC3686_NONCE_SIZE);
952
953	key_len -= CTR_RFC3686_NONCE_SIZE;
954	return ablk_setkey(tfm, key, key_len);
955	}
956
957	static int ixp4xx_cipher_fallback(struct skcipher_request *areq, int encrypt)
958	{
959	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req: areq);
960	struct ixp_ctx *op = crypto_skcipher_ctx(tfm);
961	struct ablk_ctx *rctx = skcipher_request_ctx(req: areq);
962	int err;
963
964	skcipher_request_set_tfm(req: &rctx->fallback_req, tfm: op->fallback_tfm);
965	skcipher_request_set_callback(req: &rctx->fallback_req, flags: areq->base.flags,
966	compl: areq->base.complete, data: areq->base.data);
967	skcipher_request_set_crypt(req: &rctx->fallback_req, src: areq->src, dst: areq->dst,
968	cryptlen: areq->cryptlen, iv: areq->iv);
969	if (encrypt)
970	err = crypto_skcipher_encrypt(req: &rctx->fallback_req);
971	else
972	err = crypto_skcipher_decrypt(req: &rctx->fallback_req);
973	return err;
974	}
975
976	static int ablk_perform(struct skcipher_request *req, int encrypt)
977	{
978	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
979	struct ixp_ctx *ctx = crypto_skcipher_ctx(tfm);
980	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
981	struct ix_sa_dir *dir;
982	struct crypt_ctl *crypt;
983	unsigned int nbytes = req->cryptlen;
984	enum dma_data_direction src_direction = DMA_BIDIRECTIONAL;
985	struct ablk_ctx *req_ctx = skcipher_request_ctx(req);
986	struct buffer_desc src_hook;
987	struct device *dev = &pdev->dev;
988	unsigned int offset;
989	gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
990	GFP_KERNEL : GFP_ATOMIC;
991
992	if (sg_nents(sg: req->src) > 1 || sg_nents(sg: req->dst) > 1)
993	return ixp4xx_cipher_fallback(areq: req, encrypt);
994
995	if (qmgr_stat_full(queue: send_qid))
996	return -EAGAIN;
997	if (atomic_read(v: &ctx->configuring))
998	return -EAGAIN;
999
1000	dir = encrypt ? &ctx->encrypt : &ctx->decrypt;
1001	req_ctx->encrypt = encrypt;
1002
1003	crypt = get_crypt_desc();
1004	if (!crypt)
1005	return -ENOMEM;
1006
1007	crypt->data.ablk_req = req;
1008	crypt->crypto_ctx = dir->npe_ctx_phys;
1009	crypt->mode = dir->npe_mode;
1010	crypt->init_len = dir->npe_ctx_idx;
1011
1012	crypt->crypt_offs = 0;
1013	crypt->crypt_len = nbytes;
1014
1015	BUG_ON(ivsize && !req->iv);
1016	memcpy(crypt->iv, req->iv, ivsize);
1017	if (ivsize > 0 && !encrypt) {
1018	offset = req->cryptlen - ivsize;
1019	scatterwalk_map_and_copy(buf: req_ctx->iv, sg: req->src, start: offset, nbytes: ivsize, out: 0);
1020	}
1021	if (req->src != req->dst) {
1022	struct buffer_desc dst_hook;
1023
1024	crypt->mode |= NPE_OP_NOT_IN_PLACE;
1025	/* This was never tested by Intel
1026	* for more than one dst buffer, I think. */
1027	req_ctx->dst = NULL;
1028	if (!chainup_buffers(dev, sg: req->dst, nbytes, buf: &dst_hook,
1029	flags, dir: DMA_FROM_DEVICE))
1030	goto free_buf_dest;
1031	src_direction = DMA_TO_DEVICE;
1032	req_ctx->dst = dst_hook.next;
1033	crypt->dst_buf = dst_hook.phys_next;
1034	} else {
1035	req_ctx->dst = NULL;
1036	}
1037	req_ctx->src = NULL;
1038	if (!chainup_buffers(dev, sg: req->src, nbytes, buf: &src_hook, flags,
1039	dir: src_direction))
1040	goto free_buf_src;
1041
1042	req_ctx->src = src_hook.next;
1043	crypt->src_buf = src_hook.phys_next;
1044	crypt->ctl_flags |= CTL_FLAG_PERFORM_ABLK;
1045	qmgr_put_entry(queue: send_qid, val: crypt_virt2phys(virt: crypt));
1046	BUG_ON(qmgr_stat_overflow(send_qid));
1047	return -EINPROGRESS;
1048
1049	free_buf_src:
1050	free_buf_chain(dev, buf: req_ctx->src, phys: crypt->src_buf);
1051	free_buf_dest:
1052	if (req->src != req->dst)
1053	free_buf_chain(dev, buf: req_ctx->dst, phys: crypt->dst_buf);
1054
1055	crypt->ctl_flags = CTL_FLAG_UNUSED;
1056	return -ENOMEM;
1057	}
1058
1059	static int ablk_encrypt(struct skcipher_request *req)
1060	{
1061	return ablk_perform(req, encrypt: 1);
1062	}
1063
1064	static int ablk_decrypt(struct skcipher_request *req)
1065	{
1066	return ablk_perform(req, encrypt: 0);
1067	}
1068
1069	static int ablk_rfc3686_crypt(struct skcipher_request *req)
1070	{
1071	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
1072	struct ixp_ctx *ctx = crypto_skcipher_ctx(tfm);
1073	u8 iv[CTR_RFC3686_BLOCK_SIZE];
1074	u8 *info = req->iv;
1075	int ret;
1076
1077	/* set up counter block */
1078	memcpy(iv, ctx->nonce, CTR_RFC3686_NONCE_SIZE);
1079	memcpy(iv + CTR_RFC3686_NONCE_SIZE, info, CTR_RFC3686_IV_SIZE);
1080
1081	/* initialize counter portion of counter block */
1082	*(__be32 *)(iv + CTR_RFC3686_NONCE_SIZE + CTR_RFC3686_IV_SIZE) =
1083	cpu_to_be32(1);
1084
1085	req->iv = iv;
1086	ret = ablk_perform(req, encrypt: 1);
1087	req->iv = info;
1088	return ret;
1089	}
1090
1091	static int aead_perform(struct aead_request *req, int encrypt,
1092	int cryptoffset, int eff_cryptlen, u8 *iv)
1093	{
1094	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1095	struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
1096	unsigned int ivsize = crypto_aead_ivsize(tfm);
1097	unsigned int authsize = crypto_aead_authsize(tfm);
1098	struct ix_sa_dir *dir;
1099	struct crypt_ctl *crypt;
1100	unsigned int cryptlen;
1101	struct buffer_desc *buf, src_hook;
1102	struct aead_ctx *req_ctx = aead_request_ctx(req);
1103	struct device *dev = &pdev->dev;
1104	gfp_t flags = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
1105	GFP_KERNEL : GFP_ATOMIC;
1106	enum dma_data_direction src_direction = DMA_BIDIRECTIONAL;
1107	unsigned int lastlen;
1108
1109	if (qmgr_stat_full(queue: send_qid))
1110	return -EAGAIN;
1111	if (atomic_read(v: &ctx->configuring))
1112	return -EAGAIN;
1113
1114	if (encrypt) {
1115	dir = &ctx->encrypt;
1116	cryptlen = req->cryptlen;
1117	} else {
1118	dir = &ctx->decrypt;
1119	/* req->cryptlen includes the authsize when decrypting */
1120	cryptlen = req->cryptlen - authsize;
1121	eff_cryptlen -= authsize;
1122	}
1123	crypt = get_crypt_desc();
1124	if (!crypt)
1125	return -ENOMEM;
1126
1127	crypt->data.aead_req = req;
1128	crypt->crypto_ctx = dir->npe_ctx_phys;
1129	crypt->mode = dir->npe_mode;
1130	crypt->init_len = dir->npe_ctx_idx;
1131
1132	crypt->crypt_offs = cryptoffset;
1133	crypt->crypt_len = eff_cryptlen;
1134
1135	crypt->auth_offs = 0;
1136	crypt->auth_len = req->assoclen + cryptlen;
1137	BUG_ON(ivsize && !req->iv);
1138	memcpy(crypt->iv, req->iv, ivsize);
1139
1140	buf = chainup_buffers(dev, sg: req->src, nbytes: crypt->auth_len,
1141	buf: &src_hook, flags, dir: src_direction);
1142	req_ctx->src = src_hook.next;
1143	crypt->src_buf = src_hook.phys_next;
1144	if (!buf)
1145	goto free_buf_src;
1146
1147	lastlen = buf->buf_len;
1148	if (lastlen >= authsize)
1149	crypt->icv_rev_aes = buf->phys_addr +
1150	buf->buf_len - authsize;
1151
1152	req_ctx->dst = NULL;
1153
1154	if (req->src != req->dst) {
1155	struct buffer_desc dst_hook;
1156
1157	crypt->mode |= NPE_OP_NOT_IN_PLACE;
1158	src_direction = DMA_TO_DEVICE;
1159
1160	buf = chainup_buffers(dev, sg: req->dst, nbytes: crypt->auth_len,
1161	buf: &dst_hook, flags, dir: DMA_FROM_DEVICE);
1162	req_ctx->dst = dst_hook.next;
1163	crypt->dst_buf = dst_hook.phys_next;
1164
1165	if (!buf)
1166	goto free_buf_dst;
1167
1168	if (encrypt) {
1169	lastlen = buf->buf_len;
1170	if (lastlen >= authsize)
1171	crypt->icv_rev_aes = buf->phys_addr +
1172	buf->buf_len - authsize;
1173	}
1174	}
1175
1176	if (unlikely(lastlen < authsize)) {
1177	dma_addr_t dma;
1178	/* The 12 hmac bytes are scattered,
1179	* we need to copy them into a safe buffer */
1180	req_ctx->hmac_virt = dma_pool_alloc(pool: buffer_pool, mem_flags: flags, handle: &dma);
1181	if (unlikely(!req_ctx->hmac_virt))
1182	goto free_buf_dst;
1183	crypt->icv_rev_aes = dma;
1184	if (!encrypt) {
1185	scatterwalk_map_and_copy(buf: req_ctx->hmac_virt,
1186	sg: req->src, start: cryptlen, nbytes: authsize, out: 0);
1187	}
1188	req_ctx->encrypt = encrypt;
1189	} else {
1190	req_ctx->hmac_virt = NULL;
1191	}
1192
1193	crypt->ctl_flags |= CTL_FLAG_PERFORM_AEAD;
1194	qmgr_put_entry(queue: send_qid, val: crypt_virt2phys(virt: crypt));
1195	BUG_ON(qmgr_stat_overflow(send_qid));
1196	return -EINPROGRESS;
1197
1198	free_buf_dst:
1199	free_buf_chain(dev, buf: req_ctx->dst, phys: crypt->dst_buf);
1200	free_buf_src:
1201	free_buf_chain(dev, buf: req_ctx->src, phys: crypt->src_buf);
1202	crypt->ctl_flags = CTL_FLAG_UNUSED;
1203	return -ENOMEM;
1204	}
1205
1206	static int aead_setup(struct crypto_aead *tfm, unsigned int authsize)
1207	{
1208	struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
1209	unsigned int digest_len = crypto_aead_maxauthsize(aead: tfm);
1210	int ret;
1211
1212	if (!ctx->enckey_len && !ctx->authkey_len)
1213	return 0;
1214	init_completion(x: &ctx->completion);
1215	atomic_inc(v: &ctx->configuring);
1216
1217	reset_sa_dir(dir: &ctx->encrypt);
1218	reset_sa_dir(dir: &ctx->decrypt);
1219
1220	ret = setup_cipher(tfm: &tfm->base, encrypt: 0, key: ctx->enckey, key_len: ctx->enckey_len);
1221	if (ret)
1222	goto out;
1223	ret = setup_cipher(tfm: &tfm->base, encrypt: 1, key: ctx->enckey, key_len: ctx->enckey_len);
1224	if (ret)
1225	goto out;
1226	ret = setup_auth(tfm: &tfm->base, encrypt: 0, authsize, key: ctx->authkey,
1227	key_len: ctx->authkey_len, digest_len);
1228	if (ret)
1229	goto out;
1230	ret = setup_auth(tfm: &tfm->base, encrypt: 1, authsize, key: ctx->authkey,
1231	key_len: ctx->authkey_len, digest_len);
1232	out:
1233	if (!atomic_dec_and_test(v: &ctx->configuring))
1234	wait_for_completion(&ctx->completion);
1235	return ret;
1236	}
1237
1238	static int aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
1239	{
1240	int max = crypto_aead_maxauthsize(aead: tfm) >> 2;
1241
1242	if ((authsize >> 2) < 1 || (authsize >> 2) > max || (authsize & 3))
1243	return -EINVAL;
1244	return aead_setup(tfm, authsize);
1245	}
1246
1247	static int aead_setkey(struct crypto_aead *tfm, const u8 *key,
1248	unsigned int keylen)
1249	{
1250	struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
1251	struct crypto_authenc_keys keys;
1252
1253	if (crypto_authenc_extractkeys(keys: &keys, key, keylen) != 0)
1254	goto badkey;
1255
1256	if (keys.authkeylen > sizeof(ctx->authkey))
1257	goto badkey;
1258
1259	if (keys.enckeylen > sizeof(ctx->enckey))
1260	goto badkey;
1261
1262	memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
1263	memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
1264	ctx->authkey_len = keys.authkeylen;
1265	ctx->enckey_len = keys.enckeylen;
1266
1267	memzero_explicit(s: &keys, count: sizeof(keys));
1268	return aead_setup(tfm, authsize: crypto_aead_authsize(tfm));
1269	badkey:
1270	memzero_explicit(s: &keys, count: sizeof(keys));
1271	return -EINVAL;
1272	}
1273
1274	static int des3_aead_setkey(struct crypto_aead *tfm, const u8 *key,
1275	unsigned int keylen)
1276	{
1277	struct ixp_ctx *ctx = crypto_aead_ctx(tfm);
1278	struct crypto_authenc_keys keys;
1279	int err;
1280
1281	err = crypto_authenc_extractkeys(keys: &keys, key, keylen);
1282	if (unlikely(err))
1283	goto badkey;
1284
1285	err = -EINVAL;
1286	if (keys.authkeylen > sizeof(ctx->authkey))
1287	goto badkey;
1288
1289	err = verify_aead_des3_key(tfm, key: keys.enckey, keylen: keys.enckeylen);
1290	if (err)
1291	goto badkey;
1292
1293	memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
1294	memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
1295	ctx->authkey_len = keys.authkeylen;
1296	ctx->enckey_len = keys.enckeylen;
1297
1298	memzero_explicit(s: &keys, count: sizeof(keys));
1299	return aead_setup(tfm, authsize: crypto_aead_authsize(tfm));
1300	badkey:
1301	memzero_explicit(s: &keys, count: sizeof(keys));
1302	return err;
1303	}
1304
1305	static int aead_encrypt(struct aead_request *req)
1306	{
1307	return aead_perform(req, encrypt: 1, cryptoffset: req->assoclen, eff_cryptlen: req->cryptlen, iv: req->iv);
1308	}
1309
1310	static int aead_decrypt(struct aead_request *req)
1311	{
1312	return aead_perform(req, encrypt: 0, cryptoffset: req->assoclen, eff_cryptlen: req->cryptlen, iv: req->iv);
1313	}
1314
1315	static struct ixp_alg ixp4xx_algos[] = {
1316	{
1317	.crypto = {
1318	.base.cra_name = "cbc(des)",
1319	.base.cra_blocksize = DES_BLOCK_SIZE,
1320
1321	.min_keysize = DES_KEY_SIZE,
1322	.max_keysize = DES_KEY_SIZE,
1323	.ivsize = DES_BLOCK_SIZE,
1324	},
1325	.cfg_enc = CIPH_ENCR | MOD_DES | MOD_CBC_ENC | KEYLEN_192,
1326	.cfg_dec = CIPH_DECR | MOD_DES | MOD_CBC_DEC | KEYLEN_192,
1327
1328	}, {
1329	.crypto = {
1330	.base.cra_name = "ecb(des)",
1331	.base.cra_blocksize = DES_BLOCK_SIZE,
1332	.min_keysize = DES_KEY_SIZE,
1333	.max_keysize = DES_KEY_SIZE,
1334	},
1335	.cfg_enc = CIPH_ENCR | MOD_DES | MOD_ECB | KEYLEN_192,
1336	.cfg_dec = CIPH_DECR | MOD_DES | MOD_ECB | KEYLEN_192,
1337	}, {
1338	.crypto = {
1339	.base.cra_name = "cbc(des3_ede)",
1340	.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
1341
1342	.min_keysize = DES3_EDE_KEY_SIZE,
1343	.max_keysize = DES3_EDE_KEY_SIZE,
1344	.ivsize = DES3_EDE_BLOCK_SIZE,
1345	.setkey = ablk_des3_setkey,
1346	},
1347	.cfg_enc = CIPH_ENCR | MOD_3DES | MOD_CBC_ENC | KEYLEN_192,
1348	.cfg_dec = CIPH_DECR | MOD_3DES | MOD_CBC_DEC | KEYLEN_192,
1349	}, {
1350	.crypto = {
1351	.base.cra_name = "ecb(des3_ede)",
1352	.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
1353
1354	.min_keysize = DES3_EDE_KEY_SIZE,
1355	.max_keysize = DES3_EDE_KEY_SIZE,
1356	.setkey = ablk_des3_setkey,
1357	},
1358	.cfg_enc = CIPH_ENCR | MOD_3DES | MOD_ECB | KEYLEN_192,
1359	.cfg_dec = CIPH_DECR | MOD_3DES | MOD_ECB | KEYLEN_192,
1360	}, {
1361	.crypto = {
1362	.base.cra_name = "cbc(aes)",
1363	.base.cra_blocksize = AES_BLOCK_SIZE,
1364
1365	.min_keysize = AES_MIN_KEY_SIZE,
1366	.max_keysize = AES_MAX_KEY_SIZE,
1367	.ivsize = AES_BLOCK_SIZE,
1368	},
1369	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_CBC_ENC,
1370	.cfg_dec = CIPH_DECR | MOD_AES | MOD_CBC_DEC,
1371	}, {
1372	.crypto = {
1373	.base.cra_name = "ecb(aes)",
1374	.base.cra_blocksize = AES_BLOCK_SIZE,
1375
1376	.min_keysize = AES_MIN_KEY_SIZE,
1377	.max_keysize = AES_MAX_KEY_SIZE,
1378	},
1379	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_ECB,
1380	.cfg_dec = CIPH_DECR | MOD_AES | MOD_ECB,
1381	}, {
1382	.crypto = {
1383	.base.cra_name = "ctr(aes)",
1384	.base.cra_blocksize = 1,
1385
1386	.min_keysize = AES_MIN_KEY_SIZE,
1387	.max_keysize = AES_MAX_KEY_SIZE,
1388	.ivsize = AES_BLOCK_SIZE,
1389	},
1390	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_CTR,
1391	.cfg_dec = CIPH_ENCR | MOD_AES | MOD_CTR,
1392	}, {
1393	.crypto = {
1394	.base.cra_name = "rfc3686(ctr(aes))",
1395	.base.cra_blocksize = 1,
1396
1397	.min_keysize = AES_MIN_KEY_SIZE,
1398	.max_keysize = AES_MAX_KEY_SIZE,
1399	.ivsize = AES_BLOCK_SIZE,
1400	.setkey = ablk_rfc3686_setkey,
1401	.encrypt = ablk_rfc3686_crypt,
1402	.decrypt = ablk_rfc3686_crypt,
1403	},
1404	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_CTR,
1405	.cfg_dec = CIPH_ENCR | MOD_AES | MOD_CTR,
1406	} };
1407
1408	static struct ixp_aead_alg ixp4xx_aeads[] = {
1409	{
1410	.crypto = {
1411	.base = {
1412	.cra_name = "authenc(hmac(md5),cbc(des))",
1413	.cra_blocksize = DES_BLOCK_SIZE,
1414	},
1415	.ivsize = DES_BLOCK_SIZE,
1416	.maxauthsize = MD5_DIGEST_SIZE,
1417	},
1418	.hash = &hash_alg_md5,
1419	.cfg_enc = CIPH_ENCR | MOD_DES | MOD_CBC_ENC | KEYLEN_192,
1420	.cfg_dec = CIPH_DECR | MOD_DES | MOD_CBC_DEC | KEYLEN_192,
1421	}, {
1422	.crypto = {
1423	.base = {
1424	.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
1425	.cra_blocksize = DES3_EDE_BLOCK_SIZE,
1426	},
1427	.ivsize = DES3_EDE_BLOCK_SIZE,
1428	.maxauthsize = MD5_DIGEST_SIZE,
1429	.setkey = des3_aead_setkey,
1430	},
1431	.hash = &hash_alg_md5,
1432	.cfg_enc = CIPH_ENCR | MOD_3DES | MOD_CBC_ENC | KEYLEN_192,
1433	.cfg_dec = CIPH_DECR | MOD_3DES | MOD_CBC_DEC | KEYLEN_192,
1434	}, {
1435	.crypto = {
1436	.base = {
1437	.cra_name = "authenc(hmac(sha1),cbc(des))",
1438	.cra_blocksize = DES_BLOCK_SIZE,
1439	},
1440	.ivsize = DES_BLOCK_SIZE,
1441	.maxauthsize = SHA1_DIGEST_SIZE,
1442	},
1443	.hash = &hash_alg_sha1,
1444	.cfg_enc = CIPH_ENCR | MOD_DES | MOD_CBC_ENC | KEYLEN_192,
1445	.cfg_dec = CIPH_DECR | MOD_DES | MOD_CBC_DEC | KEYLEN_192,
1446	}, {
1447	.crypto = {
1448	.base = {
1449	.cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
1450	.cra_blocksize = DES3_EDE_BLOCK_SIZE,
1451	},
1452	.ivsize = DES3_EDE_BLOCK_SIZE,
1453	.maxauthsize = SHA1_DIGEST_SIZE,
1454	.setkey = des3_aead_setkey,
1455	},
1456	.hash = &hash_alg_sha1,
1457	.cfg_enc = CIPH_ENCR | MOD_3DES | MOD_CBC_ENC | KEYLEN_192,
1458	.cfg_dec = CIPH_DECR | MOD_3DES | MOD_CBC_DEC | KEYLEN_192,
1459	}, {
1460	.crypto = {
1461	.base = {
1462	.cra_name = "authenc(hmac(md5),cbc(aes))",
1463	.cra_blocksize = AES_BLOCK_SIZE,
1464	},
1465	.ivsize = AES_BLOCK_SIZE,
1466	.maxauthsize = MD5_DIGEST_SIZE,
1467	},
1468	.hash = &hash_alg_md5,
1469	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_CBC_ENC,
1470	.cfg_dec = CIPH_DECR | MOD_AES | MOD_CBC_DEC,
1471	}, {
1472	.crypto = {
1473	.base = {
1474	.cra_name = "authenc(hmac(sha1),cbc(aes))",
1475	.cra_blocksize = AES_BLOCK_SIZE,
1476	},
1477	.ivsize = AES_BLOCK_SIZE,
1478	.maxauthsize = SHA1_DIGEST_SIZE,
1479	},
1480	.hash = &hash_alg_sha1,
1481	.cfg_enc = CIPH_ENCR | MOD_AES | MOD_CBC_ENC,
1482	.cfg_dec = CIPH_DECR | MOD_AES | MOD_CBC_DEC,
1483	} };
1484
1485	#define IXP_POSTFIX "-ixp4xx"
1486
1487	static int ixp_crypto_probe(struct platform_device *_pdev)
1488	{
1489	struct device *dev = &_pdev->dev;
1490	int num = ARRAY_SIZE(ixp4xx_algos);
1491	int i, err;
1492
1493	pdev = _pdev;
1494
1495	err = init_ixp_crypto(dev);
1496	if (err)
1497	return err;
1498
1499	for (i = 0; i < num; i++) {
1500	struct skcipher_alg *cra = &ixp4xx_algos[i].crypto;
1501
1502	if (snprintf(buf: cra->base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
1503	fmt: "%s"IXP_POSTFIX, cra->base.cra_name) >=
1504	CRYPTO_MAX_ALG_NAME)
1505	continue;
1506	if (!support_aes && (ixp4xx_algos[i].cfg_enc & MOD_AES))
1507	continue;
1508
1509	/* block ciphers */
1510	cra->base.cra_flags = CRYPTO_ALG_KERN_DRIVER_ONLY |
1511	CRYPTO_ALG_ASYNC |
1512	CRYPTO_ALG_ALLOCATES_MEMORY |
1513	CRYPTO_ALG_NEED_FALLBACK;
1514	if (!cra->setkey)
1515	cra->setkey = ablk_setkey;
1516	if (!cra->encrypt)
1517	cra->encrypt = ablk_encrypt;
1518	if (!cra->decrypt)
1519	cra->decrypt = ablk_decrypt;
1520	cra->init = init_tfm_ablk;
1521	cra->exit = exit_tfm_ablk;
1522
1523	cra->base.cra_ctxsize = sizeof(struct ixp_ctx);
1524	cra->base.cra_module = THIS_MODULE;
1525	cra->base.cra_alignmask = 3;
1526	cra->base.cra_priority = 300;
1527	if (crypto_register_skcipher(alg: cra))
1528	dev_err(&pdev->dev, "Failed to register '%s'\n",
1529	cra->base.cra_name);
1530	else
1531	ixp4xx_algos[i].registered = 1;
1532	}
1533
1534	for (i = 0; i < ARRAY_SIZE(ixp4xx_aeads); i++) {
1535	struct aead_alg *cra = &ixp4xx_aeads[i].crypto;
1536
1537	if (snprintf(buf: cra->base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
1538	fmt: "%s"IXP_POSTFIX, cra->base.cra_name) >=
1539	CRYPTO_MAX_ALG_NAME)
1540	continue;
1541	if (!support_aes && (ixp4xx_algos[i].cfg_enc & MOD_AES))
1542	continue;
1543
1544	/* authenc */
1545	cra->base.cra_flags = CRYPTO_ALG_KERN_DRIVER_ONLY |
1546	CRYPTO_ALG_ASYNC |
1547	CRYPTO_ALG_ALLOCATES_MEMORY;
1548	cra->setkey = cra->setkey ?: aead_setkey;
1549	cra->setauthsize = aead_setauthsize;
1550	cra->encrypt = aead_encrypt;
1551	cra->decrypt = aead_decrypt;
1552	cra->init = init_tfm_aead;
1553	cra->exit = exit_tfm_aead;
1554
1555	cra->base.cra_ctxsize = sizeof(struct ixp_ctx);
1556	cra->base.cra_module = THIS_MODULE;
1557	cra->base.cra_alignmask = 3;
1558	cra->base.cra_priority = 300;
1559
1560	if (crypto_register_aead(alg: cra))
1561	dev_err(&pdev->dev, "Failed to register '%s'\n",
1562	cra->base.cra_driver_name);
1563	else
1564	ixp4xx_aeads[i].registered = 1;
1565	}
1566	return 0;
1567	}
1568
1569	static void ixp_crypto_remove(struct platform_device *pdev)
1570	{
1571	int num = ARRAY_SIZE(ixp4xx_algos);
1572	int i;
1573
1574	for (i = 0; i < ARRAY_SIZE(ixp4xx_aeads); i++) {
1575	if (ixp4xx_aeads[i].registered)
1576	crypto_unregister_aead(alg: &ixp4xx_aeads[i].crypto);
1577	}
1578
1579	for (i = 0; i < num; i++) {
1580	if (ixp4xx_algos[i].registered)
1581	crypto_unregister_skcipher(alg: &ixp4xx_algos[i].crypto);
1582	}
1583	release_ixp_crypto(dev: &pdev->dev);
1584	}
1585	static const struct of_device_id ixp4xx_crypto_of_match[] = {
1586	{
1587	.compatible = "intel,ixp4xx-crypto",
1588	},
1589	{},
1590	};
1591
1592	static struct platform_driver ixp_crypto_driver = {
1593	.probe = ixp_crypto_probe,
1594	.remove = ixp_crypto_remove,
1595	.driver = {
1596	.name = "ixp4xx_crypto",
1597	.of_match_table = ixp4xx_crypto_of_match,
1598	},
1599	};
1600	module_platform_driver(ixp_crypto_driver);
1601
1602	MODULE_LICENSE("GPL");
1603	MODULE_AUTHOR("Christian Hohnstaedt <chohnstaedt@innominate.com>");
1604	MODULE_DESCRIPTION("IXP4xx hardware crypto");
1605
1606