1 // SPDX-License-Identifier: GPL-2.0+
3 * Freescale FSL CAAM support for crypto API over QI backend.
6 * Copyright 2013-2016 Freescale Semiconductor, Inc.
7 * Copyright 2016-2019 NXP
14 #include "desc_constr.h"
20 #include "caamalg_desc.h"
25 #define CAAM_CRA_PRIORITY 2000
26 /* max key is sum of AES_MAX_KEY_SIZE, max split key size */
27 #define CAAM_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + \
28 SHA512_DIGEST_SIZE * 2)
30 #define DESC_MAX_USED_BYTES (DESC_QI_AEAD_GIVENC_LEN + \
32 #define DESC_MAX_USED_LEN (DESC_MAX_USED_BYTES / CAAM_CMD_SZ)
34 struct caam_alg_entry {
42 struct caam_aead_alg {
44 struct caam_alg_entry caam;
48 struct caam_skcipher_alg {
49 struct skcipher_alg skcipher;
50 struct caam_alg_entry caam;
59 u32 sh_desc_enc[DESC_MAX_USED_LEN];
60 u32 sh_desc_dec[DESC_MAX_USED_LEN];
61 u8 key[CAAM_MAX_KEY_SIZE];
63 enum dma_data_direction dir;
66 unsigned int authsize;
68 spinlock_t lock; /* Protects multiple init of driver context */
69 struct caam_drv_ctx *drv_ctx[NUM_OP];
72 static int aead_set_sh_desc(struct crypto_aead *aead)
74 struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
76 struct caam_ctx *ctx = crypto_aead_ctx(aead);
77 unsigned int ivsize = crypto_aead_ivsize(aead);
80 unsigned int data_len[2];
82 const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
83 OP_ALG_AAI_CTR_MOD128);
84 const bool is_rfc3686 = alg->caam.rfc3686;
85 struct caam_drv_private *ctrlpriv = dev_get_drvdata(ctx->jrdev->parent);
87 if (!ctx->cdata.keylen || !ctx->authsize)
91 * AES-CTR needs to load IV in CONTEXT1 reg
92 * at an offset of 128bits (16bytes)
93 * CONTEXT1[255:128] = IV
100 * CONTEXT1[255:128] = {NONCE, IV, COUNTER}
103 ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
104 nonce = (u32 *)((void *)ctx->key + ctx->adata.keylen_pad +
105 ctx->cdata.keylen - CTR_RFC3686_NONCE_SIZE);
108 data_len[0] = ctx->adata.keylen_pad;
109 data_len[1] = ctx->cdata.keylen;
114 /* aead_encrypt shared descriptor */
115 if (desc_inline_query(DESC_QI_AEAD_ENC_LEN +
116 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
117 DESC_JOB_IO_LEN, data_len, &inl_mask,
118 ARRAY_SIZE(data_len)) < 0)
122 ctx->adata.key_virt = ctx->key;
124 ctx->adata.key_dma = ctx->key_dma;
127 ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad;
129 ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
131 ctx->adata.key_inline = !!(inl_mask & 1);
132 ctx->cdata.key_inline = !!(inl_mask & 2);
134 cnstr_shdsc_aead_encap(ctx->sh_desc_enc, &ctx->cdata, &ctx->adata,
135 ivsize, ctx->authsize, is_rfc3686, nonce,
136 ctx1_iv_off, true, ctrlpriv->era);
139 /* aead_decrypt shared descriptor */
140 if (desc_inline_query(DESC_QI_AEAD_DEC_LEN +
141 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
142 DESC_JOB_IO_LEN, data_len, &inl_mask,
143 ARRAY_SIZE(data_len)) < 0)
147 ctx->adata.key_virt = ctx->key;
149 ctx->adata.key_dma = ctx->key_dma;
152 ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad;
154 ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
156 ctx->adata.key_inline = !!(inl_mask & 1);
157 ctx->cdata.key_inline = !!(inl_mask & 2);
159 cnstr_shdsc_aead_decap(ctx->sh_desc_dec, &ctx->cdata, &ctx->adata,
160 ivsize, ctx->authsize, alg->caam.geniv,
161 is_rfc3686, nonce, ctx1_iv_off, true,
164 if (!alg->caam.geniv)
167 /* aead_givencrypt shared descriptor */
168 if (desc_inline_query(DESC_QI_AEAD_GIVENC_LEN +
169 (is_rfc3686 ? DESC_AEAD_CTR_RFC3686_LEN : 0),
170 DESC_JOB_IO_LEN, data_len, &inl_mask,
171 ARRAY_SIZE(data_len)) < 0)
175 ctx->adata.key_virt = ctx->key;
177 ctx->adata.key_dma = ctx->key_dma;
180 ctx->cdata.key_virt = ctx->key + ctx->adata.keylen_pad;
182 ctx->cdata.key_dma = ctx->key_dma + ctx->adata.keylen_pad;
184 ctx->adata.key_inline = !!(inl_mask & 1);
185 ctx->cdata.key_inline = !!(inl_mask & 2);
187 cnstr_shdsc_aead_givencap(ctx->sh_desc_enc, &ctx->cdata, &ctx->adata,
188 ivsize, ctx->authsize, is_rfc3686, nonce,
189 ctx1_iv_off, true, ctrlpriv->era);
195 static int aead_setauthsize(struct crypto_aead *authenc, unsigned int authsize)
197 struct caam_ctx *ctx = crypto_aead_ctx(authenc);
199 ctx->authsize = authsize;
200 aead_set_sh_desc(authenc);
205 static int aead_setkey(struct crypto_aead *aead, const u8 *key,
208 struct caam_ctx *ctx = crypto_aead_ctx(aead);
209 struct device *jrdev = ctx->jrdev;
210 struct caam_drv_private *ctrlpriv = dev_get_drvdata(jrdev->parent);
211 struct crypto_authenc_keys keys;
214 if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
217 dev_dbg(jrdev, "keylen %d enckeylen %d authkeylen %d\n",
218 keys.authkeylen + keys.enckeylen, keys.enckeylen,
220 print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
221 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
224 * If DKP is supported, use it in the shared descriptor to generate
227 if (ctrlpriv->era >= 6) {
228 ctx->adata.keylen = keys.authkeylen;
229 ctx->adata.keylen_pad = split_key_len(ctx->adata.algtype &
232 if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE)
235 memcpy(ctx->key, keys.authkey, keys.authkeylen);
236 memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey,
238 dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
239 ctx->adata.keylen_pad +
240 keys.enckeylen, ctx->dir);
244 ret = gen_split_key(jrdev, ctx->key, &ctx->adata, keys.authkey,
245 keys.authkeylen, CAAM_MAX_KEY_SIZE -
250 /* postpend encryption key to auth split key */
251 memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
252 dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
253 ctx->adata.keylen_pad + keys.enckeylen,
256 print_hex_dump(KERN_ERR, "ctx.key@" __stringify(__LINE__)": ",
257 DUMP_PREFIX_ADDRESS, 16, 4, ctx->key,
258 ctx->adata.keylen_pad + keys.enckeylen, 1);
262 ctx->cdata.keylen = keys.enckeylen;
264 ret = aead_set_sh_desc(aead);
268 /* Now update the driver contexts with the new shared descriptor */
269 if (ctx->drv_ctx[ENCRYPT]) {
270 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
273 dev_err(jrdev, "driver enc context update failed\n");
278 if (ctx->drv_ctx[DECRYPT]) {
279 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
282 dev_err(jrdev, "driver dec context update failed\n");
287 memzero_explicit(&keys, sizeof(keys));
290 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
291 memzero_explicit(&keys, sizeof(keys));
295 static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
298 struct crypto_authenc_keys keys;
302 err = crypto_authenc_extractkeys(&keys, key, keylen);
307 if (keys.enckeylen != DES3_EDE_KEY_SIZE)
310 flags = crypto_aead_get_flags(aead);
311 err = __des3_verify_key(&flags, keys.enckey);
313 crypto_aead_set_flags(aead, flags);
317 err = aead_setkey(aead, key, keylen);
320 memzero_explicit(&keys, sizeof(keys));
324 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
328 static int gcm_set_sh_desc(struct crypto_aead *aead)
330 struct caam_ctx *ctx = crypto_aead_ctx(aead);
331 unsigned int ivsize = crypto_aead_ivsize(aead);
332 int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN -
335 if (!ctx->cdata.keylen || !ctx->authsize)
339 * Job Descriptor and Shared Descriptor
340 * must fit into the 64-word Descriptor h/w Buffer
342 if (rem_bytes >= DESC_QI_GCM_ENC_LEN) {
343 ctx->cdata.key_inline = true;
344 ctx->cdata.key_virt = ctx->key;
346 ctx->cdata.key_inline = false;
347 ctx->cdata.key_dma = ctx->key_dma;
350 cnstr_shdsc_gcm_encap(ctx->sh_desc_enc, &ctx->cdata, ivsize,
351 ctx->authsize, true);
354 * Job Descriptor and Shared Descriptor
355 * must fit into the 64-word Descriptor h/w Buffer
357 if (rem_bytes >= DESC_QI_GCM_DEC_LEN) {
358 ctx->cdata.key_inline = true;
359 ctx->cdata.key_virt = ctx->key;
361 ctx->cdata.key_inline = false;
362 ctx->cdata.key_dma = ctx->key_dma;
365 cnstr_shdsc_gcm_decap(ctx->sh_desc_dec, &ctx->cdata, ivsize,
366 ctx->authsize, true);
371 static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize)
373 struct caam_ctx *ctx = crypto_aead_ctx(authenc);
375 ctx->authsize = authsize;
376 gcm_set_sh_desc(authenc);
381 static int gcm_setkey(struct crypto_aead *aead,
382 const u8 *key, unsigned int keylen)
384 struct caam_ctx *ctx = crypto_aead_ctx(aead);
385 struct device *jrdev = ctx->jrdev;
388 print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
389 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
391 memcpy(ctx->key, key, keylen);
392 dma_sync_single_for_device(jrdev->parent, ctx->key_dma, keylen,
394 ctx->cdata.keylen = keylen;
396 ret = gcm_set_sh_desc(aead);
400 /* Now update the driver contexts with the new shared descriptor */
401 if (ctx->drv_ctx[ENCRYPT]) {
402 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
405 dev_err(jrdev, "driver enc context update failed\n");
410 if (ctx->drv_ctx[DECRYPT]) {
411 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
414 dev_err(jrdev, "driver dec context update failed\n");
422 static int rfc4106_set_sh_desc(struct crypto_aead *aead)
424 struct caam_ctx *ctx = crypto_aead_ctx(aead);
425 unsigned int ivsize = crypto_aead_ivsize(aead);
426 int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN -
429 if (!ctx->cdata.keylen || !ctx->authsize)
432 ctx->cdata.key_virt = ctx->key;
435 * Job Descriptor and Shared Descriptor
436 * must fit into the 64-word Descriptor h/w Buffer
438 if (rem_bytes >= DESC_QI_RFC4106_ENC_LEN) {
439 ctx->cdata.key_inline = true;
441 ctx->cdata.key_inline = false;
442 ctx->cdata.key_dma = ctx->key_dma;
445 cnstr_shdsc_rfc4106_encap(ctx->sh_desc_enc, &ctx->cdata, ivsize,
446 ctx->authsize, true);
449 * Job Descriptor and Shared Descriptor
450 * must fit into the 64-word Descriptor h/w Buffer
452 if (rem_bytes >= DESC_QI_RFC4106_DEC_LEN) {
453 ctx->cdata.key_inline = true;
455 ctx->cdata.key_inline = false;
456 ctx->cdata.key_dma = ctx->key_dma;
459 cnstr_shdsc_rfc4106_decap(ctx->sh_desc_dec, &ctx->cdata, ivsize,
460 ctx->authsize, true);
465 static int rfc4106_setauthsize(struct crypto_aead *authenc,
466 unsigned int authsize)
468 struct caam_ctx *ctx = crypto_aead_ctx(authenc);
470 ctx->authsize = authsize;
471 rfc4106_set_sh_desc(authenc);
476 static int rfc4106_setkey(struct crypto_aead *aead,
477 const u8 *key, unsigned int keylen)
479 struct caam_ctx *ctx = crypto_aead_ctx(aead);
480 struct device *jrdev = ctx->jrdev;
486 print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
487 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
489 memcpy(ctx->key, key, keylen);
491 * The last four bytes of the key material are used as the salt value
492 * in the nonce. Update the AES key length.
494 ctx->cdata.keylen = keylen - 4;
495 dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
496 ctx->cdata.keylen, ctx->dir);
498 ret = rfc4106_set_sh_desc(aead);
502 /* Now update the driver contexts with the new shared descriptor */
503 if (ctx->drv_ctx[ENCRYPT]) {
504 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
507 dev_err(jrdev, "driver enc context update failed\n");
512 if (ctx->drv_ctx[DECRYPT]) {
513 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
516 dev_err(jrdev, "driver dec context update failed\n");
524 static int rfc4543_set_sh_desc(struct crypto_aead *aead)
526 struct caam_ctx *ctx = crypto_aead_ctx(aead);
527 unsigned int ivsize = crypto_aead_ivsize(aead);
528 int rem_bytes = CAAM_DESC_BYTES_MAX - DESC_JOB_IO_LEN -
531 if (!ctx->cdata.keylen || !ctx->authsize)
534 ctx->cdata.key_virt = ctx->key;
537 * Job Descriptor and Shared Descriptor
538 * must fit into the 64-word Descriptor h/w Buffer
540 if (rem_bytes >= DESC_QI_RFC4543_ENC_LEN) {
541 ctx->cdata.key_inline = true;
543 ctx->cdata.key_inline = false;
544 ctx->cdata.key_dma = ctx->key_dma;
547 cnstr_shdsc_rfc4543_encap(ctx->sh_desc_enc, &ctx->cdata, ivsize,
548 ctx->authsize, true);
551 * Job Descriptor and Shared Descriptor
552 * must fit into the 64-word Descriptor h/w Buffer
554 if (rem_bytes >= DESC_QI_RFC4543_DEC_LEN) {
555 ctx->cdata.key_inline = true;
557 ctx->cdata.key_inline = false;
558 ctx->cdata.key_dma = ctx->key_dma;
561 cnstr_shdsc_rfc4543_decap(ctx->sh_desc_dec, &ctx->cdata, ivsize,
562 ctx->authsize, true);
567 static int rfc4543_setauthsize(struct crypto_aead *authenc,
568 unsigned int authsize)
570 struct caam_ctx *ctx = crypto_aead_ctx(authenc);
572 ctx->authsize = authsize;
573 rfc4543_set_sh_desc(authenc);
578 static int rfc4543_setkey(struct crypto_aead *aead,
579 const u8 *key, unsigned int keylen)
581 struct caam_ctx *ctx = crypto_aead_ctx(aead);
582 struct device *jrdev = ctx->jrdev;
588 print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
589 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
591 memcpy(ctx->key, key, keylen);
593 * The last four bytes of the key material are used as the salt value
594 * in the nonce. Update the AES key length.
596 ctx->cdata.keylen = keylen - 4;
597 dma_sync_single_for_device(jrdev->parent, ctx->key_dma,
598 ctx->cdata.keylen, ctx->dir);
600 ret = rfc4543_set_sh_desc(aead);
604 /* Now update the driver contexts with the new shared descriptor */
605 if (ctx->drv_ctx[ENCRYPT]) {
606 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
609 dev_err(jrdev, "driver enc context update failed\n");
614 if (ctx->drv_ctx[DECRYPT]) {
615 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
618 dev_err(jrdev, "driver dec context update failed\n");
626 static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
629 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
630 struct caam_skcipher_alg *alg =
631 container_of(crypto_skcipher_alg(skcipher), typeof(*alg),
633 struct device *jrdev = ctx->jrdev;
634 unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
636 const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
637 OP_ALG_AAI_CTR_MOD128);
638 const bool is_rfc3686 = alg->caam.rfc3686;
641 print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
642 DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
645 * AES-CTR needs to load IV in CONTEXT1 reg
646 * at an offset of 128bits (16bytes)
647 * CONTEXT1[255:128] = IV
654 * | CONTEXT1[255:128] = {NONCE, IV, COUNTER}
655 * | *key = {KEY, NONCE}
658 ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
659 keylen -= CTR_RFC3686_NONCE_SIZE;
662 ctx->cdata.keylen = keylen;
663 ctx->cdata.key_virt = key;
664 ctx->cdata.key_inline = true;
666 /* skcipher encrypt, decrypt shared descriptors */
667 cnstr_shdsc_skcipher_encap(ctx->sh_desc_enc, &ctx->cdata, ivsize,
668 is_rfc3686, ctx1_iv_off);
669 cnstr_shdsc_skcipher_decap(ctx->sh_desc_dec, &ctx->cdata, ivsize,
670 is_rfc3686, ctx1_iv_off);
672 /* Now update the driver contexts with the new shared descriptor */
673 if (ctx->drv_ctx[ENCRYPT]) {
674 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
677 dev_err(jrdev, "driver enc context update failed\n");
682 if (ctx->drv_ctx[DECRYPT]) {
683 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
686 dev_err(jrdev, "driver dec context update failed\n");
693 crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
697 static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
698 const u8 *key, unsigned int keylen)
700 return unlikely(des3_verify_key(skcipher, key)) ?:
701 skcipher_setkey(skcipher, key, keylen);
704 static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
707 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
708 struct device *jrdev = ctx->jrdev;
711 if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) {
712 dev_err(jrdev, "key size mismatch\n");
716 ctx->cdata.keylen = keylen;
717 ctx->cdata.key_virt = key;
718 ctx->cdata.key_inline = true;
720 /* xts skcipher encrypt, decrypt shared descriptors */
721 cnstr_shdsc_xts_skcipher_encap(ctx->sh_desc_enc, &ctx->cdata);
722 cnstr_shdsc_xts_skcipher_decap(ctx->sh_desc_dec, &ctx->cdata);
724 /* Now update the driver contexts with the new shared descriptor */
725 if (ctx->drv_ctx[ENCRYPT]) {
726 ret = caam_drv_ctx_update(ctx->drv_ctx[ENCRYPT],
729 dev_err(jrdev, "driver enc context update failed\n");
734 if (ctx->drv_ctx[DECRYPT]) {
735 ret = caam_drv_ctx_update(ctx->drv_ctx[DECRYPT],
738 dev_err(jrdev, "driver dec context update failed\n");
745 crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
750 * aead_edesc - s/w-extended aead descriptor
751 * @src_nents: number of segments in input scatterlist
752 * @dst_nents: number of segments in output scatterlist
753 * @iv_dma: dma address of iv for checking continuity and link table
754 * @qm_sg_bytes: length of dma mapped h/w link table
755 * @qm_sg_dma: bus physical mapped address of h/w link table
756 * @assoclen: associated data length, in CAAM endianness
757 * @assoclen_dma: bus physical mapped address of req->assoclen
758 * @drv_req: driver-specific request structure
759 * @sgt: the h/w link table, followed by IV
766 dma_addr_t qm_sg_dma;
767 unsigned int assoclen;
768 dma_addr_t assoclen_dma;
769 struct caam_drv_req drv_req;
770 struct qm_sg_entry sgt[0];
774 * skcipher_edesc - s/w-extended skcipher descriptor
775 * @src_nents: number of segments in input scatterlist
776 * @dst_nents: number of segments in output scatterlist
777 * @iv_dma: dma address of iv for checking continuity and link table
778 * @qm_sg_bytes: length of dma mapped h/w link table
779 * @qm_sg_dma: bus physical mapped address of h/w link table
780 * @drv_req: driver-specific request structure
781 * @sgt: the h/w link table, followed by IV
783 struct skcipher_edesc {
788 dma_addr_t qm_sg_dma;
789 struct caam_drv_req drv_req;
790 struct qm_sg_entry sgt[0];
793 static struct caam_drv_ctx *get_drv_ctx(struct caam_ctx *ctx,
797 * This function is called on the fast path with values of 'type'
798 * known at compile time. Invalid arguments are not expected and
799 * thus no checks are made.
801 struct caam_drv_ctx *drv_ctx = ctx->drv_ctx[type];
804 if (unlikely(!drv_ctx)) {
805 spin_lock(&ctx->lock);
807 /* Read again to check if some other core init drv_ctx */
808 drv_ctx = ctx->drv_ctx[type];
813 desc = ctx->sh_desc_enc;
814 else /* (type == DECRYPT) */
815 desc = ctx->sh_desc_dec;
817 cpu = smp_processor_id();
818 drv_ctx = caam_drv_ctx_init(ctx->qidev, &cpu, desc);
819 if (!IS_ERR_OR_NULL(drv_ctx))
820 drv_ctx->op_type = type;
822 ctx->drv_ctx[type] = drv_ctx;
825 spin_unlock(&ctx->lock);
831 static void caam_unmap(struct device *dev, struct scatterlist *src,
832 struct scatterlist *dst, int src_nents,
833 int dst_nents, dma_addr_t iv_dma, int ivsize,
834 enum dma_data_direction iv_dir, dma_addr_t qm_sg_dma,
839 dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE);
841 dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE);
843 dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL);
847 dma_unmap_single(dev, iv_dma, ivsize, iv_dir);
849 dma_unmap_single(dev, qm_sg_dma, qm_sg_bytes, DMA_TO_DEVICE);
852 static void aead_unmap(struct device *dev,
853 struct aead_edesc *edesc,
854 struct aead_request *req)
856 struct crypto_aead *aead = crypto_aead_reqtfm(req);
857 int ivsize = crypto_aead_ivsize(aead);
859 caam_unmap(dev, req->src, req->dst, edesc->src_nents, edesc->dst_nents,
860 edesc->iv_dma, ivsize, DMA_TO_DEVICE, edesc->qm_sg_dma,
862 dma_unmap_single(dev, edesc->assoclen_dma, 4, DMA_TO_DEVICE);
865 static void skcipher_unmap(struct device *dev, struct skcipher_edesc *edesc,
866 struct skcipher_request *req)
868 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
869 int ivsize = crypto_skcipher_ivsize(skcipher);
871 caam_unmap(dev, req->src, req->dst, edesc->src_nents, edesc->dst_nents,
872 edesc->iv_dma, ivsize, DMA_BIDIRECTIONAL, edesc->qm_sg_dma,
876 static void aead_done(struct caam_drv_req *drv_req, u32 status)
878 struct device *qidev;
879 struct aead_edesc *edesc;
880 struct aead_request *aead_req = drv_req->app_ctx;
881 struct crypto_aead *aead = crypto_aead_reqtfm(aead_req);
882 struct caam_ctx *caam_ctx = crypto_aead_ctx(aead);
885 qidev = caam_ctx->qidev;
887 if (unlikely(status)) {
888 u32 ssrc = status & JRSTA_SSRC_MASK;
889 u8 err_id = status & JRSTA_CCBERR_ERRID_MASK;
891 caam_jr_strstatus(qidev, status);
893 * verify hw auth check passed else return -EBADMSG
895 if (ssrc == JRSTA_SSRC_CCB_ERROR &&
896 err_id == JRSTA_CCBERR_ERRID_ICVCHK)
902 edesc = container_of(drv_req, typeof(*edesc), drv_req);
903 aead_unmap(qidev, edesc, aead_req);
905 aead_request_complete(aead_req, ecode);
906 qi_cache_free(edesc);
910 * allocate and map the aead extended descriptor
912 static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
915 struct crypto_aead *aead = crypto_aead_reqtfm(req);
916 struct caam_ctx *ctx = crypto_aead_ctx(aead);
917 struct caam_aead_alg *alg = container_of(crypto_aead_alg(aead),
919 struct device *qidev = ctx->qidev;
920 gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
921 GFP_KERNEL : GFP_ATOMIC;
922 int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
923 int src_len, dst_len = 0;
924 struct aead_edesc *edesc;
925 dma_addr_t qm_sg_dma, iv_dma = 0;
927 unsigned int authsize = ctx->authsize;
928 int qm_sg_index = 0, qm_sg_ents = 0, qm_sg_bytes;
930 struct qm_sg_entry *sg_table, *fd_sgt;
931 struct caam_drv_ctx *drv_ctx;
933 drv_ctx = get_drv_ctx(ctx, encrypt ? ENCRYPT : DECRYPT);
934 if (IS_ERR_OR_NULL(drv_ctx))
935 return (struct aead_edesc *)drv_ctx;
937 /* allocate space for base edesc and hw desc commands, link tables */
938 edesc = qi_cache_alloc(GFP_DMA | flags);
939 if (unlikely(!edesc)) {
940 dev_err(qidev, "could not allocate extended descriptor\n");
941 return ERR_PTR(-ENOMEM);
944 if (likely(req->src == req->dst)) {
945 src_len = req->assoclen + req->cryptlen +
946 (encrypt ? authsize : 0);
948 src_nents = sg_nents_for_len(req->src, src_len);
949 if (unlikely(src_nents < 0)) {
950 dev_err(qidev, "Insufficient bytes (%d) in src S/G\n",
952 qi_cache_free(edesc);
953 return ERR_PTR(src_nents);
956 mapped_src_nents = dma_map_sg(qidev, req->src, src_nents,
958 if (unlikely(!mapped_src_nents)) {
959 dev_err(qidev, "unable to map source\n");
960 qi_cache_free(edesc);
961 return ERR_PTR(-ENOMEM);
964 src_len = req->assoclen + req->cryptlen;
965 dst_len = src_len + (encrypt ? authsize : (-authsize));
967 src_nents = sg_nents_for_len(req->src, src_len);
968 if (unlikely(src_nents < 0)) {
969 dev_err(qidev, "Insufficient bytes (%d) in src S/G\n",
971 qi_cache_free(edesc);
972 return ERR_PTR(src_nents);
975 dst_nents = sg_nents_for_len(req->dst, dst_len);
976 if (unlikely(dst_nents < 0)) {
977 dev_err(qidev, "Insufficient bytes (%d) in dst S/G\n",
979 qi_cache_free(edesc);
980 return ERR_PTR(dst_nents);
984 mapped_src_nents = dma_map_sg(qidev, req->src,
985 src_nents, DMA_TO_DEVICE);
986 if (unlikely(!mapped_src_nents)) {
987 dev_err(qidev, "unable to map source\n");
988 qi_cache_free(edesc);
989 return ERR_PTR(-ENOMEM);
992 mapped_src_nents = 0;
996 mapped_dst_nents = dma_map_sg(qidev, req->dst,
999 if (unlikely(!mapped_dst_nents)) {
1000 dev_err(qidev, "unable to map destination\n");
1001 dma_unmap_sg(qidev, req->src, src_nents,
1003 qi_cache_free(edesc);
1004 return ERR_PTR(-ENOMEM);
1007 mapped_dst_nents = 0;
1011 if ((alg->caam.rfc3686 && encrypt) || !alg->caam.geniv)
1012 ivsize = crypto_aead_ivsize(aead);
1015 * Create S/G table: req->assoclen, [IV,] req->src [, req->dst].
1016 * Input is not contiguous.
1017 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
1018 * the end of the table by allocating more S/G entries. Logic:
1019 * if (src != dst && output S/G)
1020 * pad output S/G, if needed
1021 * else if (src == dst && S/G)
1022 * overlapping S/Gs; pad one of them
1023 * else if (input S/G) ...
1024 * pad input S/G, if needed
1026 qm_sg_ents = 1 + !!ivsize + mapped_src_nents;
1027 if (mapped_dst_nents > 1)
1028 qm_sg_ents += pad_sg_nents(mapped_dst_nents);
1029 else if ((req->src == req->dst) && (mapped_src_nents > 1))
1030 qm_sg_ents = max(pad_sg_nents(qm_sg_ents),
1031 1 + !!ivsize + pad_sg_nents(mapped_src_nents));
1033 qm_sg_ents = pad_sg_nents(qm_sg_ents);
1035 sg_table = &edesc->sgt[0];
1036 qm_sg_bytes = qm_sg_ents * sizeof(*sg_table);
1037 if (unlikely(offsetof(struct aead_edesc, sgt) + qm_sg_bytes + ivsize >
1038 CAAM_QI_MEMCACHE_SIZE)) {
1039 dev_err(qidev, "No space for %d S/G entries and/or %dB IV\n",
1040 qm_sg_ents, ivsize);
1041 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0,
1043 qi_cache_free(edesc);
1044 return ERR_PTR(-ENOMEM);
1048 u8 *iv = (u8 *)(sg_table + qm_sg_ents);
1050 /* Make sure IV is located in a DMAable area */
1051 memcpy(iv, req->iv, ivsize);
1053 iv_dma = dma_map_single(qidev, iv, ivsize, DMA_TO_DEVICE);
1054 if (dma_mapping_error(qidev, iv_dma)) {
1055 dev_err(qidev, "unable to map IV\n");
1056 caam_unmap(qidev, req->src, req->dst, src_nents,
1057 dst_nents, 0, 0, DMA_NONE, 0, 0);
1058 qi_cache_free(edesc);
1059 return ERR_PTR(-ENOMEM);
1063 edesc->src_nents = src_nents;
1064 edesc->dst_nents = dst_nents;
1065 edesc->iv_dma = iv_dma;
1066 edesc->drv_req.app_ctx = req;
1067 edesc->drv_req.cbk = aead_done;
1068 edesc->drv_req.drv_ctx = drv_ctx;
1070 edesc->assoclen = cpu_to_caam32(req->assoclen);
1071 edesc->assoclen_dma = dma_map_single(qidev, &edesc->assoclen, 4,
1073 if (dma_mapping_error(qidev, edesc->assoclen_dma)) {
1074 dev_err(qidev, "unable to map assoclen\n");
1075 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents,
1076 iv_dma, ivsize, DMA_TO_DEVICE, 0, 0);
1077 qi_cache_free(edesc);
1078 return ERR_PTR(-ENOMEM);
1081 dma_to_qm_sg_one(sg_table, edesc->assoclen_dma, 4, 0);
1084 dma_to_qm_sg_one(sg_table + qm_sg_index, iv_dma, ivsize, 0);
1087 sg_to_qm_sg_last(req->src, src_len, sg_table + qm_sg_index, 0);
1088 qm_sg_index += mapped_src_nents;
1090 if (mapped_dst_nents > 1)
1091 sg_to_qm_sg_last(req->dst, dst_len, sg_table + qm_sg_index, 0);
1093 qm_sg_dma = dma_map_single(qidev, sg_table, qm_sg_bytes, DMA_TO_DEVICE);
1094 if (dma_mapping_error(qidev, qm_sg_dma)) {
1095 dev_err(qidev, "unable to map S/G table\n");
1096 dma_unmap_single(qidev, edesc->assoclen_dma, 4, DMA_TO_DEVICE);
1097 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents,
1098 iv_dma, ivsize, DMA_TO_DEVICE, 0, 0);
1099 qi_cache_free(edesc);
1100 return ERR_PTR(-ENOMEM);
1103 edesc->qm_sg_dma = qm_sg_dma;
1104 edesc->qm_sg_bytes = qm_sg_bytes;
1106 out_len = req->assoclen + req->cryptlen +
1107 (encrypt ? ctx->authsize : (-ctx->authsize));
1108 in_len = 4 + ivsize + req->assoclen + req->cryptlen;
1110 fd_sgt = &edesc->drv_req.fd_sgt[0];
1111 dma_to_qm_sg_one_last_ext(&fd_sgt[1], qm_sg_dma, in_len, 0);
1113 if (req->dst == req->src) {
1114 if (mapped_src_nents == 1)
1115 dma_to_qm_sg_one(&fd_sgt[0], sg_dma_address(req->src),
1118 dma_to_qm_sg_one_ext(&fd_sgt[0], qm_sg_dma +
1119 (1 + !!ivsize) * sizeof(*sg_table),
1121 } else if (mapped_dst_nents <= 1) {
1122 dma_to_qm_sg_one(&fd_sgt[0], sg_dma_address(req->dst), out_len,
1125 dma_to_qm_sg_one_ext(&fd_sgt[0], qm_sg_dma + sizeof(*sg_table) *
1126 qm_sg_index, out_len, 0);
1132 static inline int aead_crypt(struct aead_request *req, bool encrypt)
1134 struct aead_edesc *edesc;
1135 struct crypto_aead *aead = crypto_aead_reqtfm(req);
1136 struct caam_ctx *ctx = crypto_aead_ctx(aead);
1139 if (unlikely(caam_congested))
1142 /* allocate extended descriptor */
1143 edesc = aead_edesc_alloc(req, encrypt);
1144 if (IS_ERR_OR_NULL(edesc))
1145 return PTR_ERR(edesc);
1147 /* Create and submit job descriptor */
1148 ret = caam_qi_enqueue(ctx->qidev, &edesc->drv_req);
1152 aead_unmap(ctx->qidev, edesc, req);
1153 qi_cache_free(edesc);
1159 static int aead_encrypt(struct aead_request *req)
1161 return aead_crypt(req, true);
1164 static int aead_decrypt(struct aead_request *req)
1166 return aead_crypt(req, false);
1169 static int ipsec_gcm_encrypt(struct aead_request *req)
1171 if (req->assoclen < 8)
1174 return aead_crypt(req, true);
1177 static int ipsec_gcm_decrypt(struct aead_request *req)
1179 if (req->assoclen < 8)
1182 return aead_crypt(req, false);
1185 static void skcipher_done(struct caam_drv_req *drv_req, u32 status)
1187 struct skcipher_edesc *edesc;
1188 struct skcipher_request *req = drv_req->app_ctx;
1189 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1190 struct caam_ctx *caam_ctx = crypto_skcipher_ctx(skcipher);
1191 struct device *qidev = caam_ctx->qidev;
1192 int ivsize = crypto_skcipher_ivsize(skcipher);
1194 dev_dbg(qidev, "%s %d: status 0x%x\n", __func__, __LINE__, status);
1196 edesc = container_of(drv_req, typeof(*edesc), drv_req);
1199 caam_jr_strstatus(qidev, status);
1201 print_hex_dump_debug("dstiv @" __stringify(__LINE__)": ",
1202 DUMP_PREFIX_ADDRESS, 16, 4, req->iv,
1203 edesc->src_nents > 1 ? 100 : ivsize, 1);
1204 caam_dump_sg("dst @" __stringify(__LINE__)": ",
1205 DUMP_PREFIX_ADDRESS, 16, 4, req->dst,
1206 edesc->dst_nents > 1 ? 100 : req->cryptlen, 1);
1208 skcipher_unmap(qidev, edesc, req);
1211 * The crypto API expects us to set the IV (req->iv) to the last
1212 * ciphertext block (CBC mode) or last counter (CTR mode).
1213 * This is used e.g. by the CTS mode.
1215 memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes, ivsize);
1217 qi_cache_free(edesc);
1218 skcipher_request_complete(req, status);
1221 static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,
1224 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1225 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
1226 struct device *qidev = ctx->qidev;
1227 gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
1228 GFP_KERNEL : GFP_ATOMIC;
1229 int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
1230 struct skcipher_edesc *edesc;
1233 int ivsize = crypto_skcipher_ivsize(skcipher);
1234 int dst_sg_idx, qm_sg_ents, qm_sg_bytes;
1235 struct qm_sg_entry *sg_table, *fd_sgt;
1236 struct caam_drv_ctx *drv_ctx;
1238 drv_ctx = get_drv_ctx(ctx, encrypt ? ENCRYPT : DECRYPT);
1239 if (IS_ERR_OR_NULL(drv_ctx))
1240 return (struct skcipher_edesc *)drv_ctx;
1242 src_nents = sg_nents_for_len(req->src, req->cryptlen);
1243 if (unlikely(src_nents < 0)) {
1244 dev_err(qidev, "Insufficient bytes (%d) in src S/G\n",
1246 return ERR_PTR(src_nents);
1249 if (unlikely(req->src != req->dst)) {
1250 dst_nents = sg_nents_for_len(req->dst, req->cryptlen);
1251 if (unlikely(dst_nents < 0)) {
1252 dev_err(qidev, "Insufficient bytes (%d) in dst S/G\n",
1254 return ERR_PTR(dst_nents);
1257 mapped_src_nents = dma_map_sg(qidev, req->src, src_nents,
1259 if (unlikely(!mapped_src_nents)) {
1260 dev_err(qidev, "unable to map source\n");
1261 return ERR_PTR(-ENOMEM);
1264 mapped_dst_nents = dma_map_sg(qidev, req->dst, dst_nents,
1266 if (unlikely(!mapped_dst_nents)) {
1267 dev_err(qidev, "unable to map destination\n");
1268 dma_unmap_sg(qidev, req->src, src_nents, DMA_TO_DEVICE);
1269 return ERR_PTR(-ENOMEM);
1272 mapped_src_nents = dma_map_sg(qidev, req->src, src_nents,
1274 if (unlikely(!mapped_src_nents)) {
1275 dev_err(qidev, "unable to map source\n");
1276 return ERR_PTR(-ENOMEM);
1280 qm_sg_ents = 1 + mapped_src_nents;
1281 dst_sg_idx = qm_sg_ents;
1284 * Input, output HW S/G tables: [IV, src][dst, IV]
1285 * IV entries point to the same buffer
1286 * If src == dst, S/G entries are reused (S/G tables overlap)
1288 * HW reads 4 S/G entries at a time; make sure the reads don't go beyond
1289 * the end of the table by allocating more S/G entries.
1291 if (req->src != req->dst)
1292 qm_sg_ents += pad_sg_nents(mapped_dst_nents + 1);
1294 qm_sg_ents = 1 + pad_sg_nents(qm_sg_ents);
1296 qm_sg_bytes = qm_sg_ents * sizeof(struct qm_sg_entry);
1297 if (unlikely(offsetof(struct skcipher_edesc, sgt) + qm_sg_bytes +
1298 ivsize > CAAM_QI_MEMCACHE_SIZE)) {
1299 dev_err(qidev, "No space for %d S/G entries and/or %dB IV\n",
1300 qm_sg_ents, ivsize);
1301 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0,
1303 return ERR_PTR(-ENOMEM);
1306 /* allocate space for base edesc, link tables and IV */
1307 edesc = qi_cache_alloc(GFP_DMA | flags);
1308 if (unlikely(!edesc)) {
1309 dev_err(qidev, "could not allocate extended descriptor\n");
1310 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0,
1312 return ERR_PTR(-ENOMEM);
1315 /* Make sure IV is located in a DMAable area */
1316 sg_table = &edesc->sgt[0];
1317 iv = (u8 *)(sg_table + qm_sg_ents);
1318 memcpy(iv, req->iv, ivsize);
1320 iv_dma = dma_map_single(qidev, iv, ivsize, DMA_BIDIRECTIONAL);
1321 if (dma_mapping_error(qidev, iv_dma)) {
1322 dev_err(qidev, "unable to map IV\n");
1323 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents, 0,
1325 qi_cache_free(edesc);
1326 return ERR_PTR(-ENOMEM);
1329 edesc->src_nents = src_nents;
1330 edesc->dst_nents = dst_nents;
1331 edesc->iv_dma = iv_dma;
1332 edesc->qm_sg_bytes = qm_sg_bytes;
1333 edesc->drv_req.app_ctx = req;
1334 edesc->drv_req.cbk = skcipher_done;
1335 edesc->drv_req.drv_ctx = drv_ctx;
1337 dma_to_qm_sg_one(sg_table, iv_dma, ivsize, 0);
1338 sg_to_qm_sg(req->src, req->cryptlen, sg_table + 1, 0);
1340 if (req->src != req->dst)
1341 sg_to_qm_sg(req->dst, req->cryptlen, sg_table + dst_sg_idx, 0);
1343 dma_to_qm_sg_one(sg_table + dst_sg_idx + mapped_dst_nents, iv_dma,
1346 edesc->qm_sg_dma = dma_map_single(qidev, sg_table, edesc->qm_sg_bytes,
1348 if (dma_mapping_error(qidev, edesc->qm_sg_dma)) {
1349 dev_err(qidev, "unable to map S/G table\n");
1350 caam_unmap(qidev, req->src, req->dst, src_nents, dst_nents,
1351 iv_dma, ivsize, DMA_BIDIRECTIONAL, 0, 0);
1352 qi_cache_free(edesc);
1353 return ERR_PTR(-ENOMEM);
1356 fd_sgt = &edesc->drv_req.fd_sgt[0];
1358 dma_to_qm_sg_one_last_ext(&fd_sgt[1], edesc->qm_sg_dma,
1359 ivsize + req->cryptlen, 0);
1361 if (req->src == req->dst)
1362 dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma +
1363 sizeof(*sg_table), req->cryptlen + ivsize,
1366 dma_to_qm_sg_one_ext(&fd_sgt[0], edesc->qm_sg_dma + dst_sg_idx *
1367 sizeof(*sg_table), req->cryptlen + ivsize,
1373 static inline int skcipher_crypt(struct skcipher_request *req, bool encrypt)
1375 struct skcipher_edesc *edesc;
1376 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
1377 struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
1380 if (unlikely(caam_congested))
1383 /* allocate extended descriptor */
1384 edesc = skcipher_edesc_alloc(req, encrypt);
1386 return PTR_ERR(edesc);
1388 ret = caam_qi_enqueue(ctx->qidev, &edesc->drv_req);
1392 skcipher_unmap(ctx->qidev, edesc, req);
1393 qi_cache_free(edesc);
1399 static int skcipher_encrypt(struct skcipher_request *req)
1401 return skcipher_crypt(req, true);
1404 static int skcipher_decrypt(struct skcipher_request *req)
1406 return skcipher_crypt(req, false);
1409 static struct caam_skcipher_alg driver_algs[] = {
1413 .cra_name = "cbc(aes)",
1414 .cra_driver_name = "cbc-aes-caam-qi",
1415 .cra_blocksize = AES_BLOCK_SIZE,
1417 .setkey = skcipher_setkey,
1418 .encrypt = skcipher_encrypt,
1419 .decrypt = skcipher_decrypt,
1420 .min_keysize = AES_MIN_KEY_SIZE,
1421 .max_keysize = AES_MAX_KEY_SIZE,
1422 .ivsize = AES_BLOCK_SIZE,
1424 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1429 .cra_name = "cbc(des3_ede)",
1430 .cra_driver_name = "cbc-3des-caam-qi",
1431 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1433 .setkey = des3_skcipher_setkey,
1434 .encrypt = skcipher_encrypt,
1435 .decrypt = skcipher_decrypt,
1436 .min_keysize = DES3_EDE_KEY_SIZE,
1437 .max_keysize = DES3_EDE_KEY_SIZE,
1438 .ivsize = DES3_EDE_BLOCK_SIZE,
1440 .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1445 .cra_name = "cbc(des)",
1446 .cra_driver_name = "cbc-des-caam-qi",
1447 .cra_blocksize = DES_BLOCK_SIZE,
1449 .setkey = skcipher_setkey,
1450 .encrypt = skcipher_encrypt,
1451 .decrypt = skcipher_decrypt,
1452 .min_keysize = DES_KEY_SIZE,
1453 .max_keysize = DES_KEY_SIZE,
1454 .ivsize = DES_BLOCK_SIZE,
1456 .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
1461 .cra_name = "ctr(aes)",
1462 .cra_driver_name = "ctr-aes-caam-qi",
1465 .setkey = skcipher_setkey,
1466 .encrypt = skcipher_encrypt,
1467 .decrypt = skcipher_decrypt,
1468 .min_keysize = AES_MIN_KEY_SIZE,
1469 .max_keysize = AES_MAX_KEY_SIZE,
1470 .ivsize = AES_BLOCK_SIZE,
1471 .chunksize = AES_BLOCK_SIZE,
1473 .caam.class1_alg_type = OP_ALG_ALGSEL_AES |
1474 OP_ALG_AAI_CTR_MOD128,
1479 .cra_name = "rfc3686(ctr(aes))",
1480 .cra_driver_name = "rfc3686-ctr-aes-caam-qi",
1483 .setkey = skcipher_setkey,
1484 .encrypt = skcipher_encrypt,
1485 .decrypt = skcipher_decrypt,
1486 .min_keysize = AES_MIN_KEY_SIZE +
1487 CTR_RFC3686_NONCE_SIZE,
1488 .max_keysize = AES_MAX_KEY_SIZE +
1489 CTR_RFC3686_NONCE_SIZE,
1490 .ivsize = CTR_RFC3686_IV_SIZE,
1491 .chunksize = AES_BLOCK_SIZE,
1494 .class1_alg_type = OP_ALG_ALGSEL_AES |
1495 OP_ALG_AAI_CTR_MOD128,
1502 .cra_name = "xts(aes)",
1503 .cra_driver_name = "xts-aes-caam-qi",
1504 .cra_blocksize = AES_BLOCK_SIZE,
1506 .setkey = xts_skcipher_setkey,
1507 .encrypt = skcipher_encrypt,
1508 .decrypt = skcipher_decrypt,
1509 .min_keysize = 2 * AES_MIN_KEY_SIZE,
1510 .max_keysize = 2 * AES_MAX_KEY_SIZE,
1511 .ivsize = AES_BLOCK_SIZE,
1513 .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XTS,
1517 static struct caam_aead_alg driver_aeads[] = {
1521 .cra_name = "rfc4106(gcm(aes))",
1522 .cra_driver_name = "rfc4106-gcm-aes-caam-qi",
1525 .setkey = rfc4106_setkey,
1526 .setauthsize = rfc4106_setauthsize,
1527 .encrypt = ipsec_gcm_encrypt,
1528 .decrypt = ipsec_gcm_decrypt,
1530 .maxauthsize = AES_BLOCK_SIZE,
1533 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
1540 .cra_name = "rfc4543(gcm(aes))",
1541 .cra_driver_name = "rfc4543-gcm-aes-caam-qi",
1544 .setkey = rfc4543_setkey,
1545 .setauthsize = rfc4543_setauthsize,
1546 .encrypt = ipsec_gcm_encrypt,
1547 .decrypt = ipsec_gcm_decrypt,
1549 .maxauthsize = AES_BLOCK_SIZE,
1552 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
1556 /* Galois Counter Mode */
1560 .cra_name = "gcm(aes)",
1561 .cra_driver_name = "gcm-aes-caam-qi",
1564 .setkey = gcm_setkey,
1565 .setauthsize = gcm_setauthsize,
1566 .encrypt = aead_encrypt,
1567 .decrypt = aead_decrypt,
1569 .maxauthsize = AES_BLOCK_SIZE,
1572 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_GCM,
1576 /* single-pass ipsec_esp descriptor */
1580 .cra_name = "authenc(hmac(md5),cbc(aes))",
1581 .cra_driver_name = "authenc-hmac-md5-"
1583 .cra_blocksize = AES_BLOCK_SIZE,
1585 .setkey = aead_setkey,
1586 .setauthsize = aead_setauthsize,
1587 .encrypt = aead_encrypt,
1588 .decrypt = aead_decrypt,
1589 .ivsize = AES_BLOCK_SIZE,
1590 .maxauthsize = MD5_DIGEST_SIZE,
1593 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1594 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
1595 OP_ALG_AAI_HMAC_PRECOMP,
1601 .cra_name = "echainiv(authenc(hmac(md5),"
1603 .cra_driver_name = "echainiv-authenc-hmac-md5-"
1605 .cra_blocksize = AES_BLOCK_SIZE,
1607 .setkey = aead_setkey,
1608 .setauthsize = aead_setauthsize,
1609 .encrypt = aead_encrypt,
1610 .decrypt = aead_decrypt,
1611 .ivsize = AES_BLOCK_SIZE,
1612 .maxauthsize = MD5_DIGEST_SIZE,
1615 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1616 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
1617 OP_ALG_AAI_HMAC_PRECOMP,
1624 .cra_name = "authenc(hmac(sha1),cbc(aes))",
1625 .cra_driver_name = "authenc-hmac-sha1-"
1627 .cra_blocksize = AES_BLOCK_SIZE,
1629 .setkey = aead_setkey,
1630 .setauthsize = aead_setauthsize,
1631 .encrypt = aead_encrypt,
1632 .decrypt = aead_decrypt,
1633 .ivsize = AES_BLOCK_SIZE,
1634 .maxauthsize = SHA1_DIGEST_SIZE,
1637 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1638 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
1639 OP_ALG_AAI_HMAC_PRECOMP,
1645 .cra_name = "echainiv(authenc(hmac(sha1),"
1647 .cra_driver_name = "echainiv-authenc-"
1648 "hmac-sha1-cbc-aes-caam-qi",
1649 .cra_blocksize = AES_BLOCK_SIZE,
1651 .setkey = aead_setkey,
1652 .setauthsize = aead_setauthsize,
1653 .encrypt = aead_encrypt,
1654 .decrypt = aead_decrypt,
1655 .ivsize = AES_BLOCK_SIZE,
1656 .maxauthsize = SHA1_DIGEST_SIZE,
1659 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1660 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
1661 OP_ALG_AAI_HMAC_PRECOMP,
1668 .cra_name = "authenc(hmac(sha224),cbc(aes))",
1669 .cra_driver_name = "authenc-hmac-sha224-"
1671 .cra_blocksize = AES_BLOCK_SIZE,
1673 .setkey = aead_setkey,
1674 .setauthsize = aead_setauthsize,
1675 .encrypt = aead_encrypt,
1676 .decrypt = aead_decrypt,
1677 .ivsize = AES_BLOCK_SIZE,
1678 .maxauthsize = SHA224_DIGEST_SIZE,
1681 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1682 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1683 OP_ALG_AAI_HMAC_PRECOMP,
1689 .cra_name = "echainiv(authenc(hmac(sha224),"
1691 .cra_driver_name = "echainiv-authenc-"
1692 "hmac-sha224-cbc-aes-caam-qi",
1693 .cra_blocksize = AES_BLOCK_SIZE,
1695 .setkey = aead_setkey,
1696 .setauthsize = aead_setauthsize,
1697 .encrypt = aead_encrypt,
1698 .decrypt = aead_decrypt,
1699 .ivsize = AES_BLOCK_SIZE,
1700 .maxauthsize = SHA224_DIGEST_SIZE,
1703 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1704 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1705 OP_ALG_AAI_HMAC_PRECOMP,
1712 .cra_name = "authenc(hmac(sha256),cbc(aes))",
1713 .cra_driver_name = "authenc-hmac-sha256-"
1715 .cra_blocksize = AES_BLOCK_SIZE,
1717 .setkey = aead_setkey,
1718 .setauthsize = aead_setauthsize,
1719 .encrypt = aead_encrypt,
1720 .decrypt = aead_decrypt,
1721 .ivsize = AES_BLOCK_SIZE,
1722 .maxauthsize = SHA256_DIGEST_SIZE,
1725 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1726 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
1727 OP_ALG_AAI_HMAC_PRECOMP,
1733 .cra_name = "echainiv(authenc(hmac(sha256),"
1735 .cra_driver_name = "echainiv-authenc-"
1736 "hmac-sha256-cbc-aes-"
1738 .cra_blocksize = AES_BLOCK_SIZE,
1740 .setkey = aead_setkey,
1741 .setauthsize = aead_setauthsize,
1742 .encrypt = aead_encrypt,
1743 .decrypt = aead_decrypt,
1744 .ivsize = AES_BLOCK_SIZE,
1745 .maxauthsize = SHA256_DIGEST_SIZE,
1748 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1749 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
1750 OP_ALG_AAI_HMAC_PRECOMP,
1757 .cra_name = "authenc(hmac(sha384),cbc(aes))",
1758 .cra_driver_name = "authenc-hmac-sha384-"
1760 .cra_blocksize = AES_BLOCK_SIZE,
1762 .setkey = aead_setkey,
1763 .setauthsize = aead_setauthsize,
1764 .encrypt = aead_encrypt,
1765 .decrypt = aead_decrypt,
1766 .ivsize = AES_BLOCK_SIZE,
1767 .maxauthsize = SHA384_DIGEST_SIZE,
1770 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1771 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
1772 OP_ALG_AAI_HMAC_PRECOMP,
1778 .cra_name = "echainiv(authenc(hmac(sha384),"
1780 .cra_driver_name = "echainiv-authenc-"
1781 "hmac-sha384-cbc-aes-"
1783 .cra_blocksize = AES_BLOCK_SIZE,
1785 .setkey = aead_setkey,
1786 .setauthsize = aead_setauthsize,
1787 .encrypt = aead_encrypt,
1788 .decrypt = aead_decrypt,
1789 .ivsize = AES_BLOCK_SIZE,
1790 .maxauthsize = SHA384_DIGEST_SIZE,
1793 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1794 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
1795 OP_ALG_AAI_HMAC_PRECOMP,
1802 .cra_name = "authenc(hmac(sha512),cbc(aes))",
1803 .cra_driver_name = "authenc-hmac-sha512-"
1805 .cra_blocksize = AES_BLOCK_SIZE,
1807 .setkey = aead_setkey,
1808 .setauthsize = aead_setauthsize,
1809 .encrypt = aead_encrypt,
1810 .decrypt = aead_decrypt,
1811 .ivsize = AES_BLOCK_SIZE,
1812 .maxauthsize = SHA512_DIGEST_SIZE,
1815 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1816 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
1817 OP_ALG_AAI_HMAC_PRECOMP,
1823 .cra_name = "echainiv(authenc(hmac(sha512),"
1825 .cra_driver_name = "echainiv-authenc-"
1826 "hmac-sha512-cbc-aes-"
1828 .cra_blocksize = AES_BLOCK_SIZE,
1830 .setkey = aead_setkey,
1831 .setauthsize = aead_setauthsize,
1832 .encrypt = aead_encrypt,
1833 .decrypt = aead_decrypt,
1834 .ivsize = AES_BLOCK_SIZE,
1835 .maxauthsize = SHA512_DIGEST_SIZE,
1838 .class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CBC,
1839 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
1840 OP_ALG_AAI_HMAC_PRECOMP,
1847 .cra_name = "authenc(hmac(md5),cbc(des3_ede))",
1848 .cra_driver_name = "authenc-hmac-md5-"
1849 "cbc-des3_ede-caam-qi",
1850 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1852 .setkey = des3_aead_setkey,
1853 .setauthsize = aead_setauthsize,
1854 .encrypt = aead_encrypt,
1855 .decrypt = aead_decrypt,
1856 .ivsize = DES3_EDE_BLOCK_SIZE,
1857 .maxauthsize = MD5_DIGEST_SIZE,
1860 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1861 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
1862 OP_ALG_AAI_HMAC_PRECOMP,
1868 .cra_name = "echainiv(authenc(hmac(md5),"
1870 .cra_driver_name = "echainiv-authenc-hmac-md5-"
1871 "cbc-des3_ede-caam-qi",
1872 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1874 .setkey = des3_aead_setkey,
1875 .setauthsize = aead_setauthsize,
1876 .encrypt = aead_encrypt,
1877 .decrypt = aead_decrypt,
1878 .ivsize = DES3_EDE_BLOCK_SIZE,
1879 .maxauthsize = MD5_DIGEST_SIZE,
1882 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1883 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
1884 OP_ALG_AAI_HMAC_PRECOMP,
1891 .cra_name = "authenc(hmac(sha1),"
1893 .cra_driver_name = "authenc-hmac-sha1-"
1894 "cbc-des3_ede-caam-qi",
1895 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1897 .setkey = des3_aead_setkey,
1898 .setauthsize = aead_setauthsize,
1899 .encrypt = aead_encrypt,
1900 .decrypt = aead_decrypt,
1901 .ivsize = DES3_EDE_BLOCK_SIZE,
1902 .maxauthsize = SHA1_DIGEST_SIZE,
1905 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1906 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
1907 OP_ALG_AAI_HMAC_PRECOMP,
1913 .cra_name = "echainiv(authenc(hmac(sha1),"
1915 .cra_driver_name = "echainiv-authenc-"
1917 "cbc-des3_ede-caam-qi",
1918 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1920 .setkey = des3_aead_setkey,
1921 .setauthsize = aead_setauthsize,
1922 .encrypt = aead_encrypt,
1923 .decrypt = aead_decrypt,
1924 .ivsize = DES3_EDE_BLOCK_SIZE,
1925 .maxauthsize = SHA1_DIGEST_SIZE,
1928 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1929 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
1930 OP_ALG_AAI_HMAC_PRECOMP,
1937 .cra_name = "authenc(hmac(sha224),"
1939 .cra_driver_name = "authenc-hmac-sha224-"
1940 "cbc-des3_ede-caam-qi",
1941 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1943 .setkey = des3_aead_setkey,
1944 .setauthsize = aead_setauthsize,
1945 .encrypt = aead_encrypt,
1946 .decrypt = aead_decrypt,
1947 .ivsize = DES3_EDE_BLOCK_SIZE,
1948 .maxauthsize = SHA224_DIGEST_SIZE,
1951 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1952 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1953 OP_ALG_AAI_HMAC_PRECOMP,
1959 .cra_name = "echainiv(authenc(hmac(sha224),"
1961 .cra_driver_name = "echainiv-authenc-"
1963 "cbc-des3_ede-caam-qi",
1964 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1966 .setkey = des3_aead_setkey,
1967 .setauthsize = aead_setauthsize,
1968 .encrypt = aead_encrypt,
1969 .decrypt = aead_decrypt,
1970 .ivsize = DES3_EDE_BLOCK_SIZE,
1971 .maxauthsize = SHA224_DIGEST_SIZE,
1974 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1975 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
1976 OP_ALG_AAI_HMAC_PRECOMP,
1983 .cra_name = "authenc(hmac(sha256),"
1985 .cra_driver_name = "authenc-hmac-sha256-"
1986 "cbc-des3_ede-caam-qi",
1987 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
1989 .setkey = des3_aead_setkey,
1990 .setauthsize = aead_setauthsize,
1991 .encrypt = aead_encrypt,
1992 .decrypt = aead_decrypt,
1993 .ivsize = DES3_EDE_BLOCK_SIZE,
1994 .maxauthsize = SHA256_DIGEST_SIZE,
1997 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
1998 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
1999 OP_ALG_AAI_HMAC_PRECOMP,
2005 .cra_name = "echainiv(authenc(hmac(sha256),"
2007 .cra_driver_name = "echainiv-authenc-"
2009 "cbc-des3_ede-caam-qi",
2010 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
2012 .setkey = des3_aead_setkey,
2013 .setauthsize = aead_setauthsize,
2014 .encrypt = aead_encrypt,
2015 .decrypt = aead_decrypt,
2016 .ivsize = DES3_EDE_BLOCK_SIZE,
2017 .maxauthsize = SHA256_DIGEST_SIZE,
2020 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2021 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2022 OP_ALG_AAI_HMAC_PRECOMP,
2029 .cra_name = "authenc(hmac(sha384),"
2031 .cra_driver_name = "authenc-hmac-sha384-"
2032 "cbc-des3_ede-caam-qi",
2033 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
2035 .setkey = des3_aead_setkey,
2036 .setauthsize = aead_setauthsize,
2037 .encrypt = aead_encrypt,
2038 .decrypt = aead_decrypt,
2039 .ivsize = DES3_EDE_BLOCK_SIZE,
2040 .maxauthsize = SHA384_DIGEST_SIZE,
2043 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2044 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2045 OP_ALG_AAI_HMAC_PRECOMP,
2051 .cra_name = "echainiv(authenc(hmac(sha384),"
2053 .cra_driver_name = "echainiv-authenc-"
2055 "cbc-des3_ede-caam-qi",
2056 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
2058 .setkey = des3_aead_setkey,
2059 .setauthsize = aead_setauthsize,
2060 .encrypt = aead_encrypt,
2061 .decrypt = aead_decrypt,
2062 .ivsize = DES3_EDE_BLOCK_SIZE,
2063 .maxauthsize = SHA384_DIGEST_SIZE,
2066 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2067 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2068 OP_ALG_AAI_HMAC_PRECOMP,
2075 .cra_name = "authenc(hmac(sha512),"
2077 .cra_driver_name = "authenc-hmac-sha512-"
2078 "cbc-des3_ede-caam-qi",
2079 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
2081 .setkey = des3_aead_setkey,
2082 .setauthsize = aead_setauthsize,
2083 .encrypt = aead_encrypt,
2084 .decrypt = aead_decrypt,
2085 .ivsize = DES3_EDE_BLOCK_SIZE,
2086 .maxauthsize = SHA512_DIGEST_SIZE,
2089 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2090 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2091 OP_ALG_AAI_HMAC_PRECOMP,
2097 .cra_name = "echainiv(authenc(hmac(sha512),"
2099 .cra_driver_name = "echainiv-authenc-"
2101 "cbc-des3_ede-caam-qi",
2102 .cra_blocksize = DES3_EDE_BLOCK_SIZE,
2104 .setkey = des3_aead_setkey,
2105 .setauthsize = aead_setauthsize,
2106 .encrypt = aead_encrypt,
2107 .decrypt = aead_decrypt,
2108 .ivsize = DES3_EDE_BLOCK_SIZE,
2109 .maxauthsize = SHA512_DIGEST_SIZE,
2112 .class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_CBC,
2113 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2114 OP_ALG_AAI_HMAC_PRECOMP,
2121 .cra_name = "authenc(hmac(md5),cbc(des))",
2122 .cra_driver_name = "authenc-hmac-md5-"
2124 .cra_blocksize = DES_BLOCK_SIZE,
2126 .setkey = aead_setkey,
2127 .setauthsize = aead_setauthsize,
2128 .encrypt = aead_encrypt,
2129 .decrypt = aead_decrypt,
2130 .ivsize = DES_BLOCK_SIZE,
2131 .maxauthsize = MD5_DIGEST_SIZE,
2134 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2135 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
2136 OP_ALG_AAI_HMAC_PRECOMP,
2142 .cra_name = "echainiv(authenc(hmac(md5),"
2144 .cra_driver_name = "echainiv-authenc-hmac-md5-"
2146 .cra_blocksize = DES_BLOCK_SIZE,
2148 .setkey = aead_setkey,
2149 .setauthsize = aead_setauthsize,
2150 .encrypt = aead_encrypt,
2151 .decrypt = aead_decrypt,
2152 .ivsize = DES_BLOCK_SIZE,
2153 .maxauthsize = MD5_DIGEST_SIZE,
2156 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2157 .class2_alg_type = OP_ALG_ALGSEL_MD5 |
2158 OP_ALG_AAI_HMAC_PRECOMP,
2165 .cra_name = "authenc(hmac(sha1),cbc(des))",
2166 .cra_driver_name = "authenc-hmac-sha1-"
2168 .cra_blocksize = DES_BLOCK_SIZE,
2170 .setkey = aead_setkey,
2171 .setauthsize = aead_setauthsize,
2172 .encrypt = aead_encrypt,
2173 .decrypt = aead_decrypt,
2174 .ivsize = DES_BLOCK_SIZE,
2175 .maxauthsize = SHA1_DIGEST_SIZE,
2178 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2179 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2180 OP_ALG_AAI_HMAC_PRECOMP,
2186 .cra_name = "echainiv(authenc(hmac(sha1),"
2188 .cra_driver_name = "echainiv-authenc-"
2189 "hmac-sha1-cbc-des-caam-qi",
2190 .cra_blocksize = DES_BLOCK_SIZE,
2192 .setkey = aead_setkey,
2193 .setauthsize = aead_setauthsize,
2194 .encrypt = aead_encrypt,
2195 .decrypt = aead_decrypt,
2196 .ivsize = DES_BLOCK_SIZE,
2197 .maxauthsize = SHA1_DIGEST_SIZE,
2200 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2201 .class2_alg_type = OP_ALG_ALGSEL_SHA1 |
2202 OP_ALG_AAI_HMAC_PRECOMP,
2209 .cra_name = "authenc(hmac(sha224),cbc(des))",
2210 .cra_driver_name = "authenc-hmac-sha224-"
2212 .cra_blocksize = DES_BLOCK_SIZE,
2214 .setkey = aead_setkey,
2215 .setauthsize = aead_setauthsize,
2216 .encrypt = aead_encrypt,
2217 .decrypt = aead_decrypt,
2218 .ivsize = DES_BLOCK_SIZE,
2219 .maxauthsize = SHA224_DIGEST_SIZE,
2222 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2223 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2224 OP_ALG_AAI_HMAC_PRECOMP,
2230 .cra_name = "echainiv(authenc(hmac(sha224),"
2232 .cra_driver_name = "echainiv-authenc-"
2233 "hmac-sha224-cbc-des-"
2235 .cra_blocksize = DES_BLOCK_SIZE,
2237 .setkey = aead_setkey,
2238 .setauthsize = aead_setauthsize,
2239 .encrypt = aead_encrypt,
2240 .decrypt = aead_decrypt,
2241 .ivsize = DES_BLOCK_SIZE,
2242 .maxauthsize = SHA224_DIGEST_SIZE,
2245 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2246 .class2_alg_type = OP_ALG_ALGSEL_SHA224 |
2247 OP_ALG_AAI_HMAC_PRECOMP,
2254 .cra_name = "authenc(hmac(sha256),cbc(des))",
2255 .cra_driver_name = "authenc-hmac-sha256-"
2257 .cra_blocksize = DES_BLOCK_SIZE,
2259 .setkey = aead_setkey,
2260 .setauthsize = aead_setauthsize,
2261 .encrypt = aead_encrypt,
2262 .decrypt = aead_decrypt,
2263 .ivsize = DES_BLOCK_SIZE,
2264 .maxauthsize = SHA256_DIGEST_SIZE,
2267 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2268 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2269 OP_ALG_AAI_HMAC_PRECOMP,
2275 .cra_name = "echainiv(authenc(hmac(sha256),"
2277 .cra_driver_name = "echainiv-authenc-"
2278 "hmac-sha256-cbc-des-"
2280 .cra_blocksize = DES_BLOCK_SIZE,
2282 .setkey = aead_setkey,
2283 .setauthsize = aead_setauthsize,
2284 .encrypt = aead_encrypt,
2285 .decrypt = aead_decrypt,
2286 .ivsize = DES_BLOCK_SIZE,
2287 .maxauthsize = SHA256_DIGEST_SIZE,
2290 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2291 .class2_alg_type = OP_ALG_ALGSEL_SHA256 |
2292 OP_ALG_AAI_HMAC_PRECOMP,
2299 .cra_name = "authenc(hmac(sha384),cbc(des))",
2300 .cra_driver_name = "authenc-hmac-sha384-"
2302 .cra_blocksize = DES_BLOCK_SIZE,
2304 .setkey = aead_setkey,
2305 .setauthsize = aead_setauthsize,
2306 .encrypt = aead_encrypt,
2307 .decrypt = aead_decrypt,
2308 .ivsize = DES_BLOCK_SIZE,
2309 .maxauthsize = SHA384_DIGEST_SIZE,
2312 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2313 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2314 OP_ALG_AAI_HMAC_PRECOMP,
2320 .cra_name = "echainiv(authenc(hmac(sha384),"
2322 .cra_driver_name = "echainiv-authenc-"
2323 "hmac-sha384-cbc-des-"
2325 .cra_blocksize = DES_BLOCK_SIZE,
2327 .setkey = aead_setkey,
2328 .setauthsize = aead_setauthsize,
2329 .encrypt = aead_encrypt,
2330 .decrypt = aead_decrypt,
2331 .ivsize = DES_BLOCK_SIZE,
2332 .maxauthsize = SHA384_DIGEST_SIZE,
2335 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2336 .class2_alg_type = OP_ALG_ALGSEL_SHA384 |
2337 OP_ALG_AAI_HMAC_PRECOMP,
2344 .cra_name = "authenc(hmac(sha512),cbc(des))",
2345 .cra_driver_name = "authenc-hmac-sha512-"
2347 .cra_blocksize = DES_BLOCK_SIZE,
2349 .setkey = aead_setkey,
2350 .setauthsize = aead_setauthsize,
2351 .encrypt = aead_encrypt,
2352 .decrypt = aead_decrypt,
2353 .ivsize = DES_BLOCK_SIZE,
2354 .maxauthsize = SHA512_DIGEST_SIZE,
2357 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2358 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2359 OP_ALG_AAI_HMAC_PRECOMP,
2365 .cra_name = "echainiv(authenc(hmac(sha512),"
2367 .cra_driver_name = "echainiv-authenc-"
2368 "hmac-sha512-cbc-des-"
2370 .cra_blocksize = DES_BLOCK_SIZE,
2372 .setkey = aead_setkey,
2373 .setauthsize = aead_setauthsize,
2374 .encrypt = aead_encrypt,
2375 .decrypt = aead_decrypt,
2376 .ivsize = DES_BLOCK_SIZE,
2377 .maxauthsize = SHA512_DIGEST_SIZE,
2380 .class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_CBC,
2381 .class2_alg_type = OP_ALG_ALGSEL_SHA512 |
2382 OP_ALG_AAI_HMAC_PRECOMP,
2388 static int caam_init_common(struct caam_ctx *ctx, struct caam_alg_entry *caam,
2391 struct caam_drv_private *priv;
2395 * distribute tfms across job rings to ensure in-order
2396 * crypto request processing per tfm
2398 ctx->jrdev = caam_jr_alloc();
2399 if (IS_ERR(ctx->jrdev)) {
2400 pr_err("Job Ring Device allocation for transform failed\n");
2401 return PTR_ERR(ctx->jrdev);
2404 dev = ctx->jrdev->parent;
2405 priv = dev_get_drvdata(dev);
2406 if (priv->era >= 6 && uses_dkp)
2407 ctx->dir = DMA_BIDIRECTIONAL;
2409 ctx->dir = DMA_TO_DEVICE;
2411 ctx->key_dma = dma_map_single(dev, ctx->key, sizeof(ctx->key),
2413 if (dma_mapping_error(dev, ctx->key_dma)) {
2414 dev_err(dev, "unable to map key\n");
2415 caam_jr_free(ctx->jrdev);
2419 /* copy descriptor header template value */
2420 ctx->cdata.algtype = OP_TYPE_CLASS1_ALG | caam->class1_alg_type;
2421 ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam->class2_alg_type;
2425 spin_lock_init(&ctx->lock);
2426 ctx->drv_ctx[ENCRYPT] = NULL;
2427 ctx->drv_ctx[DECRYPT] = NULL;
2432 static int caam_cra_init(struct crypto_skcipher *tfm)
2434 struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
2435 struct caam_skcipher_alg *caam_alg =
2436 container_of(alg, typeof(*caam_alg), skcipher);
2438 return caam_init_common(crypto_skcipher_ctx(tfm), &caam_alg->caam,
2442 static int caam_aead_init(struct crypto_aead *tfm)
2444 struct aead_alg *alg = crypto_aead_alg(tfm);
2445 struct caam_aead_alg *caam_alg = container_of(alg, typeof(*caam_alg),
2447 struct caam_ctx *ctx = crypto_aead_ctx(tfm);
2449 return caam_init_common(ctx, &caam_alg->caam, !caam_alg->caam.nodkp);
2452 static void caam_exit_common(struct caam_ctx *ctx)
2454 caam_drv_ctx_rel(ctx->drv_ctx[ENCRYPT]);
2455 caam_drv_ctx_rel(ctx->drv_ctx[DECRYPT]);
2457 dma_unmap_single(ctx->jrdev->parent, ctx->key_dma, sizeof(ctx->key),
2460 caam_jr_free(ctx->jrdev);
2463 static void caam_cra_exit(struct crypto_skcipher *tfm)
2465 caam_exit_common(crypto_skcipher_ctx(tfm));
2468 static void caam_aead_exit(struct crypto_aead *tfm)
2470 caam_exit_common(crypto_aead_ctx(tfm));
2473 void caam_qi_algapi_exit(void)
2477 for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
2478 struct caam_aead_alg *t_alg = driver_aeads + i;
2480 if (t_alg->registered)
2481 crypto_unregister_aead(&t_alg->aead);
2484 for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
2485 struct caam_skcipher_alg *t_alg = driver_algs + i;
2487 if (t_alg->registered)
2488 crypto_unregister_skcipher(&t_alg->skcipher);
2492 static void caam_skcipher_alg_init(struct caam_skcipher_alg *t_alg)
2494 struct skcipher_alg *alg = &t_alg->skcipher;
2496 alg->base.cra_module = THIS_MODULE;
2497 alg->base.cra_priority = CAAM_CRA_PRIORITY;
2498 alg->base.cra_ctxsize = sizeof(struct caam_ctx);
2499 alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
2501 alg->init = caam_cra_init;
2502 alg->exit = caam_cra_exit;
2505 static void caam_aead_alg_init(struct caam_aead_alg *t_alg)
2507 struct aead_alg *alg = &t_alg->aead;
2509 alg->base.cra_module = THIS_MODULE;
2510 alg->base.cra_priority = CAAM_CRA_PRIORITY;
2511 alg->base.cra_ctxsize = sizeof(struct caam_ctx);
2512 alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
2514 alg->init = caam_aead_init;
2515 alg->exit = caam_aead_exit;
2518 int caam_qi_algapi_init(struct device *ctrldev)
2520 struct caam_drv_private *priv = dev_get_drvdata(ctrldev);
2522 u32 aes_vid, aes_inst, des_inst, md_vid, md_inst;
2523 unsigned int md_limit = SHA512_DIGEST_SIZE;
2524 bool registered = false;
2527 dev_info(ctrldev, "caam/qi frontend driver not suitable for DPAA 2.x, aborting...\n");
2532 * Register crypto algorithms the device supports.
2533 * First, detect presence and attributes of DES, AES, and MD blocks.
2535 if (priv->era < 10) {
2536 u32 cha_vid, cha_inst;
2538 cha_vid = rd_reg32(&priv->ctrl->perfmon.cha_id_ls);
2539 aes_vid = cha_vid & CHA_ID_LS_AES_MASK;
2540 md_vid = (cha_vid & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
2542 cha_inst = rd_reg32(&priv->ctrl->perfmon.cha_num_ls);
2543 des_inst = (cha_inst & CHA_ID_LS_DES_MASK) >>
2544 CHA_ID_LS_DES_SHIFT;
2545 aes_inst = cha_inst & CHA_ID_LS_AES_MASK;
2546 md_inst = (cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT;
2550 aesa = rd_reg32(&priv->ctrl->vreg.aesa);
2551 mdha = rd_reg32(&priv->ctrl->vreg.mdha);
2553 aes_vid = (aesa & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
2554 md_vid = (mdha & CHA_VER_VID_MASK) >> CHA_VER_VID_SHIFT;
2556 des_inst = rd_reg32(&priv->ctrl->vreg.desa) & CHA_VER_NUM_MASK;
2557 aes_inst = aesa & CHA_VER_NUM_MASK;
2558 md_inst = mdha & CHA_VER_NUM_MASK;
2561 /* If MD is present, limit digest size based on LP256 */
2562 if (md_inst && md_vid == CHA_VER_VID_MD_LP256)
2563 md_limit = SHA256_DIGEST_SIZE;
2565 for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
2566 struct caam_skcipher_alg *t_alg = driver_algs + i;
2567 u32 alg_sel = t_alg->caam.class1_alg_type & OP_ALG_ALGSEL_MASK;
2569 /* Skip DES algorithms if not supported by device */
2571 ((alg_sel == OP_ALG_ALGSEL_3DES) ||
2572 (alg_sel == OP_ALG_ALGSEL_DES)))
2575 /* Skip AES algorithms if not supported by device */
2576 if (!aes_inst && (alg_sel == OP_ALG_ALGSEL_AES))
2579 caam_skcipher_alg_init(t_alg);
2581 err = crypto_register_skcipher(&t_alg->skcipher);
2583 dev_warn(ctrldev, "%s alg registration failed\n",
2584 t_alg->skcipher.base.cra_driver_name);
2588 t_alg->registered = true;
2592 for (i = 0; i < ARRAY_SIZE(driver_aeads); i++) {
2593 struct caam_aead_alg *t_alg = driver_aeads + i;
2594 u32 c1_alg_sel = t_alg->caam.class1_alg_type &
2596 u32 c2_alg_sel = t_alg->caam.class2_alg_type &
2598 u32 alg_aai = t_alg->caam.class1_alg_type & OP_ALG_AAI_MASK;
2600 /* Skip DES algorithms if not supported by device */
2602 ((c1_alg_sel == OP_ALG_ALGSEL_3DES) ||
2603 (c1_alg_sel == OP_ALG_ALGSEL_DES)))
2606 /* Skip AES algorithms if not supported by device */
2607 if (!aes_inst && (c1_alg_sel == OP_ALG_ALGSEL_AES))
2611 * Check support for AES algorithms not available
2614 if (aes_vid == CHA_VER_VID_AES_LP && alg_aai == OP_ALG_AAI_GCM)
2618 * Skip algorithms requiring message digests
2619 * if MD or MD size is not supported by device.
2622 (!md_inst || (t_alg->aead.maxauthsize > md_limit)))
2625 caam_aead_alg_init(t_alg);
2627 err = crypto_register_aead(&t_alg->aead);
2629 pr_warn("%s alg registration failed\n",
2630 t_alg->aead.base.cra_driver_name);
2634 t_alg->registered = true;
2639 dev_info(ctrldev, "algorithms registered in /proc/crypto\n");