Path: blob/master/drivers/crypto/inside-secure/safexcel_hash.c
26282 views
// SPDX-License-Identifier: GPL-2.01/*2* Copyright (C) 2017 Marvell3*4* Antoine Tenart <[email protected]>5*/67#include <crypto/aes.h>8#include <crypto/hmac.h>9#include <crypto/md5.h>10#include <crypto/sha1.h>11#include <crypto/sha2.h>12#include <crypto/sha3.h>13#include <crypto/skcipher.h>14#include <crypto/sm3.h>15#include <crypto/internal/cipher.h>16#include <linux/device.h>17#include <linux/dma-mapping.h>18#include <linux/dmapool.h>1920#include "safexcel.h"2122struct safexcel_ahash_ctx {23struct safexcel_context base;2425u32 alg;26u8 key_sz;27bool cbcmac;28bool do_fallback;29bool fb_init_done;30bool fb_do_setkey;3132struct crypto_aes_ctx *aes;33struct crypto_ahash *fback;34struct crypto_shash *shpre;35struct shash_desc *shdesc;36};3738struct safexcel_ahash_req {39bool last_req;40bool finish;41bool hmac;42bool needs_inv;43bool hmac_zlen;44bool len_is_le;45bool not_first;46bool xcbcmac;4748int nents;49dma_addr_t result_dma;5051u32 digest;5253u8 state_sz; /* expected state size, only set once */54u8 block_sz; /* block size, only set once */55u8 digest_sz; /* output digest size, only set once */56__le32 state[SHA3_512_BLOCK_SIZE /57sizeof(__le32)] __aligned(sizeof(__le32));5859u64 len;60u64 processed;6162u8 cache[HASH_CACHE_SIZE] __aligned(sizeof(u32));63dma_addr_t cache_dma;64unsigned int cache_sz;6566u8 cache_next[HASH_CACHE_SIZE] __aligned(sizeof(u32));67};6869static inline u64 safexcel_queued_len(struct safexcel_ahash_req *req)70{71return req->len - req->processed;72}7374static void safexcel_hash_token(struct safexcel_command_desc *cdesc,75u32 input_length, u32 result_length,76bool cbcmac)77{78struct safexcel_token *token =79(struct safexcel_token *)cdesc->control_data.token;8081token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;82token[0].packet_length = input_length;83token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;8485input_length &= 15;86if (unlikely(cbcmac && input_length)) {87token[0].stat = 0;88token[1].opcode = EIP197_TOKEN_OPCODE_INSERT;89token[1].packet_length = 16 - input_length;90token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;91token[1].instructions = EIP197_TOKEN_INS_TYPE_HASH;92} else {93token[0].stat = EIP197_TOKEN_STAT_LAST_HASH;94eip197_noop_token(&token[1]);95}9697token[2].opcode = EIP197_TOKEN_OPCODE_INSERT;98token[2].stat = EIP197_TOKEN_STAT_LAST_HASH |99EIP197_TOKEN_STAT_LAST_PACKET;100token[2].packet_length = result_length;101token[2].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT |102EIP197_TOKEN_INS_INSERT_HASH_DIGEST;103104eip197_noop_token(&token[3]);105}106107static void safexcel_context_control(struct safexcel_ahash_ctx *ctx,108struct safexcel_ahash_req *req,109struct safexcel_command_desc *cdesc)110{111struct safexcel_crypto_priv *priv = ctx->base.priv;112u64 count = 0;113114cdesc->control_data.control0 = ctx->alg;115cdesc->control_data.control1 = 0;116117/*118* Copy the input digest if needed, and setup the context119* fields. Do this now as we need it to setup the first command120* descriptor.121*/122if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM)) {123if (req->xcbcmac)124memcpy(ctx->base.ctxr->data, &ctx->base.ipad, ctx->key_sz);125else126memcpy(ctx->base.ctxr->data, req->state, req->state_sz);127128if (!req->finish && req->xcbcmac)129cdesc->control_data.control0 |=130CONTEXT_CONTROL_DIGEST_XCM |131CONTEXT_CONTROL_TYPE_HASH_OUT |132CONTEXT_CONTROL_NO_FINISH_HASH |133CONTEXT_CONTROL_SIZE(req->state_sz /134sizeof(u32));135else136cdesc->control_data.control0 |=137CONTEXT_CONTROL_DIGEST_XCM |138CONTEXT_CONTROL_TYPE_HASH_OUT |139CONTEXT_CONTROL_SIZE(req->state_sz /140sizeof(u32));141return;142} else if (!req->processed) {143/* First - and possibly only - block of basic hash only */144if (req->finish)145cdesc->control_data.control0 |= req->digest |146CONTEXT_CONTROL_TYPE_HASH_OUT |147CONTEXT_CONTROL_RESTART_HASH |148/* ensure its not 0! */149CONTEXT_CONTROL_SIZE(1);150else151cdesc->control_data.control0 |= req->digest |152CONTEXT_CONTROL_TYPE_HASH_OUT |153CONTEXT_CONTROL_RESTART_HASH |154CONTEXT_CONTROL_NO_FINISH_HASH |155/* ensure its not 0! */156CONTEXT_CONTROL_SIZE(1);157return;158}159160/* Hash continuation or HMAC, setup (inner) digest from state */161memcpy(ctx->base.ctxr->data, req->state, req->state_sz);162163if (req->finish) {164/* Compute digest count for hash/HMAC finish operations */165if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||166req->hmac_zlen || (req->processed != req->block_sz)) {167count = req->processed / EIP197_COUNTER_BLOCK_SIZE;168169/* This is a hardware limitation, as the170* counter must fit into an u32. This represents171* a fairly big amount of input data, so we172* shouldn't see this.173*/174if (unlikely(count & 0xffffffff00000000ULL)) {175dev_warn(priv->dev,176"Input data is too big\n");177return;178}179}180181if ((req->digest == CONTEXT_CONTROL_DIGEST_PRECOMPUTED) ||182/* Special case: zero length HMAC */183req->hmac_zlen ||184/* PE HW < 4.4 cannot do HMAC continue, fake using hash */185(req->processed != req->block_sz)) {186/* Basic hash continue operation, need digest + cnt */187cdesc->control_data.control0 |=188CONTEXT_CONTROL_SIZE((req->state_sz >> 2) + 1) |189CONTEXT_CONTROL_TYPE_HASH_OUT |190CONTEXT_CONTROL_DIGEST_PRECOMPUTED;191/* For zero-len HMAC, don't finalize, already padded! */192if (req->hmac_zlen)193cdesc->control_data.control0 |=194CONTEXT_CONTROL_NO_FINISH_HASH;195cdesc->control_data.control1 |=196CONTEXT_CONTROL_DIGEST_CNT;197ctx->base.ctxr->data[req->state_sz >> 2] =198cpu_to_le32(count);199req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;200201/* Clear zero-length HMAC flag for next operation! */202req->hmac_zlen = false;203} else { /* HMAC */204/* Need outer digest for HMAC finalization */205memcpy(ctx->base.ctxr->data + (req->state_sz >> 2),206&ctx->base.opad, req->state_sz);207208/* Single pass HMAC - no digest count */209cdesc->control_data.control0 |=210CONTEXT_CONTROL_SIZE(req->state_sz >> 1) |211CONTEXT_CONTROL_TYPE_HASH_OUT |212CONTEXT_CONTROL_DIGEST_HMAC;213}214} else { /* Hash continuation, do not finish yet */215cdesc->control_data.control0 |=216CONTEXT_CONTROL_SIZE(req->state_sz >> 2) |217CONTEXT_CONTROL_DIGEST_PRECOMPUTED |218CONTEXT_CONTROL_TYPE_HASH_OUT |219CONTEXT_CONTROL_NO_FINISH_HASH;220}221}222223static int safexcel_ahash_enqueue(struct ahash_request *areq);224225static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv,226int ring,227struct crypto_async_request *async,228bool *should_complete, int *ret)229{230struct safexcel_result_desc *rdesc;231struct ahash_request *areq = ahash_request_cast(async);232struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);233struct safexcel_ahash_req *sreq = ahash_request_ctx_dma(areq);234struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);235u64 cache_len;236237*ret = 0;238239rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);240if (IS_ERR(rdesc)) {241dev_err(priv->dev,242"hash: result: could not retrieve the result descriptor\n");243*ret = PTR_ERR(rdesc);244} else {245*ret = safexcel_rdesc_check_errors(priv, rdesc);246}247248safexcel_complete(priv, ring);249250if (sreq->nents) {251dma_unmap_sg(priv->dev, areq->src,252sg_nents_for_len(areq->src, areq->nbytes),253DMA_TO_DEVICE);254sreq->nents = 0;255}256257if (sreq->result_dma) {258dma_unmap_single(priv->dev, sreq->result_dma, sreq->digest_sz,259DMA_FROM_DEVICE);260sreq->result_dma = 0;261}262263if (sreq->cache_dma) {264dma_unmap_single(priv->dev, sreq->cache_dma, sreq->cache_sz,265DMA_TO_DEVICE);266sreq->cache_dma = 0;267sreq->cache_sz = 0;268}269270if (sreq->finish) {271if (sreq->hmac &&272(sreq->digest != CONTEXT_CONTROL_DIGEST_HMAC)) {273/* Faking HMAC using hash - need to do outer hash */274memcpy(sreq->cache, sreq->state,275crypto_ahash_digestsize(ahash));276277memcpy(sreq->state, &ctx->base.opad, sreq->digest_sz);278279sreq->len = sreq->block_sz +280crypto_ahash_digestsize(ahash);281sreq->processed = sreq->block_sz;282sreq->hmac = 0;283284if (priv->flags & EIP197_TRC_CACHE)285ctx->base.needs_inv = true;286areq->nbytes = 0;287safexcel_ahash_enqueue(areq);288289*should_complete = false; /* Not done yet */290return 1;291}292293memcpy(areq->result, sreq->state,294crypto_ahash_digestsize(ahash));295}296297cache_len = safexcel_queued_len(sreq);298if (cache_len)299memcpy(sreq->cache, sreq->cache_next, cache_len);300301*should_complete = true;302303return 1;304}305306static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,307int *commands, int *results)308{309struct ahash_request *areq = ahash_request_cast(async);310struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);311struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));312struct safexcel_crypto_priv *priv = ctx->base.priv;313struct safexcel_command_desc *cdesc, *first_cdesc = NULL;314struct safexcel_result_desc *rdesc;315struct scatterlist *sg;316struct safexcel_token *dmmy;317int i, extra = 0, n_cdesc = 0, ret = 0, cache_len, skip = 0;318u64 queued, len;319320queued = safexcel_queued_len(req);321if (queued <= HASH_CACHE_SIZE)322cache_len = queued;323else324cache_len = queued - areq->nbytes;325326if (!req->finish && !req->last_req) {327/* If this is not the last request and the queued data does not328* fit into full cache blocks, cache it for the next send call.329*/330extra = queued & (HASH_CACHE_SIZE - 1);331332/* If this is not the last request and the queued data333* is a multiple of a block, cache the last one for now.334*/335if (!extra)336extra = HASH_CACHE_SIZE;337338sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),339req->cache_next, extra,340areq->nbytes - extra);341342queued -= extra;343344if (!queued) {345*commands = 0;346*results = 0;347return 0;348}349350extra = 0;351}352353if (unlikely(req->xcbcmac && req->processed > AES_BLOCK_SIZE)) {354if (unlikely(cache_len < AES_BLOCK_SIZE)) {355/*356* Cache contains less than 1 full block, complete.357*/358extra = AES_BLOCK_SIZE - cache_len;359if (queued > cache_len) {360/* More data follows: borrow bytes */361u64 tmp = queued - cache_len;362363skip = min_t(u64, tmp, extra);364sg_pcopy_to_buffer(areq->src,365sg_nents(areq->src),366req->cache + cache_len,367skip, 0);368}369extra -= skip;370memset(req->cache + cache_len + skip, 0, extra);371if (!ctx->cbcmac && extra) {372// 10- padding for XCBCMAC & CMAC373req->cache[cache_len + skip] = 0x80;374// HW will use K2 iso K3 - compensate!375for (i = 0; i < AES_BLOCK_SIZE / 4; i++) {376u32 *cache = (void *)req->cache;377u32 *ipad = ctx->base.ipad.word;378u32 x;379380x = ipad[i] ^ ipad[i + 4];381cache[i] ^= swab32(x);382}383}384cache_len = AES_BLOCK_SIZE;385queued = queued + extra;386}387388/* XCBC continue: XOR previous result into 1st word */389crypto_xor(req->cache, (const u8 *)req->state, AES_BLOCK_SIZE);390}391392len = queued;393/* Add a command descriptor for the cached data, if any */394if (cache_len) {395req->cache_dma = dma_map_single(priv->dev, req->cache,396cache_len, DMA_TO_DEVICE);397if (dma_mapping_error(priv->dev, req->cache_dma))398return -EINVAL;399400req->cache_sz = cache_len;401first_cdesc = safexcel_add_cdesc(priv, ring, 1,402(cache_len == len),403req->cache_dma, cache_len,404len, ctx->base.ctxr_dma,405&dmmy);406if (IS_ERR(first_cdesc)) {407ret = PTR_ERR(first_cdesc);408goto unmap_cache;409}410n_cdesc++;411412queued -= cache_len;413if (!queued)414goto send_command;415}416417/* Now handle the current ahash request buffer(s) */418req->nents = dma_map_sg(priv->dev, areq->src,419sg_nents_for_len(areq->src,420areq->nbytes),421DMA_TO_DEVICE);422if (!req->nents) {423ret = -ENOMEM;424goto cdesc_rollback;425}426427for_each_sg(areq->src, sg, req->nents, i) {428int sglen = sg_dma_len(sg);429430if (unlikely(sglen <= skip)) {431skip -= sglen;432continue;433}434435/* Do not overflow the request */436if ((queued + skip) <= sglen)437sglen = queued;438else439sglen -= skip;440441cdesc = safexcel_add_cdesc(priv, ring, !n_cdesc,442!(queued - sglen),443sg_dma_address(sg) + skip, sglen,444len, ctx->base.ctxr_dma, &dmmy);445if (IS_ERR(cdesc)) {446ret = PTR_ERR(cdesc);447goto unmap_sg;448}449450if (!n_cdesc)451first_cdesc = cdesc;452n_cdesc++;453454queued -= sglen;455if (!queued)456break;457skip = 0;458}459460send_command:461/* Setup the context options */462safexcel_context_control(ctx, req, first_cdesc);463464/* Add the token */465safexcel_hash_token(first_cdesc, len, req->digest_sz, ctx->cbcmac);466467req->result_dma = dma_map_single(priv->dev, req->state, req->digest_sz,468DMA_FROM_DEVICE);469if (dma_mapping_error(priv->dev, req->result_dma)) {470ret = -EINVAL;471goto unmap_sg;472}473474/* Add a result descriptor */475rdesc = safexcel_add_rdesc(priv, ring, 1, 1, req->result_dma,476req->digest_sz);477if (IS_ERR(rdesc)) {478ret = PTR_ERR(rdesc);479goto unmap_result;480}481482safexcel_rdr_req_set(priv, ring, rdesc, &areq->base);483484req->processed += len - extra;485486*commands = n_cdesc;487*results = 1;488return 0;489490unmap_result:491dma_unmap_single(priv->dev, req->result_dma, req->digest_sz,492DMA_FROM_DEVICE);493unmap_sg:494if (req->nents) {495dma_unmap_sg(priv->dev, areq->src,496sg_nents_for_len(areq->src, areq->nbytes),497DMA_TO_DEVICE);498req->nents = 0;499}500cdesc_rollback:501for (i = 0; i < n_cdesc; i++)502safexcel_ring_rollback_wptr(priv, &priv->ring[ring].cdr);503unmap_cache:504if (req->cache_dma) {505dma_unmap_single(priv->dev, req->cache_dma, req->cache_sz,506DMA_TO_DEVICE);507req->cache_dma = 0;508req->cache_sz = 0;509}510511return ret;512}513514static int safexcel_handle_inv_result(struct safexcel_crypto_priv *priv,515int ring,516struct crypto_async_request *async,517bool *should_complete, int *ret)518{519struct safexcel_result_desc *rdesc;520struct ahash_request *areq = ahash_request_cast(async);521struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);522struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(ahash);523int enq_ret;524525*ret = 0;526527rdesc = safexcel_ring_next_rptr(priv, &priv->ring[ring].rdr);528if (IS_ERR(rdesc)) {529dev_err(priv->dev,530"hash: invalidate: could not retrieve the result descriptor\n");531*ret = PTR_ERR(rdesc);532} else {533*ret = safexcel_rdesc_check_errors(priv, rdesc);534}535536safexcel_complete(priv, ring);537538if (ctx->base.exit_inv) {539dma_pool_free(priv->context_pool, ctx->base.ctxr,540ctx->base.ctxr_dma);541542*should_complete = true;543return 1;544}545546ring = safexcel_select_ring(priv);547ctx->base.ring = ring;548549spin_lock_bh(&priv->ring[ring].queue_lock);550enq_ret = crypto_enqueue_request(&priv->ring[ring].queue, async);551spin_unlock_bh(&priv->ring[ring].queue_lock);552553if (enq_ret != -EINPROGRESS)554*ret = enq_ret;555556queue_work(priv->ring[ring].workqueue,557&priv->ring[ring].work_data.work);558559*should_complete = false;560561return 1;562}563564static int safexcel_handle_result(struct safexcel_crypto_priv *priv, int ring,565struct crypto_async_request *async,566bool *should_complete, int *ret)567{568struct ahash_request *areq = ahash_request_cast(async);569struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);570int err;571572BUG_ON(!(priv->flags & EIP197_TRC_CACHE) && req->needs_inv);573574if (req->needs_inv) {575req->needs_inv = false;576err = safexcel_handle_inv_result(priv, ring, async,577should_complete, ret);578} else {579err = safexcel_handle_req_result(priv, ring, async,580should_complete, ret);581}582583return err;584}585586static int safexcel_ahash_send_inv(struct crypto_async_request *async,587int ring, int *commands, int *results)588{589struct ahash_request *areq = ahash_request_cast(async);590struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));591int ret;592593ret = safexcel_invalidate_cache(async, ctx->base.priv,594ctx->base.ctxr_dma, ring);595if (unlikely(ret))596return ret;597598*commands = 1;599*results = 1;600601return 0;602}603604static int safexcel_ahash_send(struct crypto_async_request *async,605int ring, int *commands, int *results)606{607struct ahash_request *areq = ahash_request_cast(async);608struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);609int ret;610611if (req->needs_inv)612ret = safexcel_ahash_send_inv(async, ring, commands, results);613else614ret = safexcel_ahash_send_req(async, ring, commands, results);615616return ret;617}618619static int safexcel_ahash_exit_inv(struct crypto_tfm *tfm)620{621struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);622struct safexcel_crypto_priv *priv = ctx->base.priv;623EIP197_REQUEST_ON_STACK(req, ahash, EIP197_AHASH_REQ_SIZE);624struct safexcel_ahash_req *rctx = ahash_request_ctx_dma(req);625DECLARE_CRYPTO_WAIT(result);626int ring = ctx->base.ring;627int err;628629memset(req, 0, EIP197_AHASH_REQ_SIZE);630631/* create invalidation request */632init_completion(&result.completion);633ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,634crypto_req_done, &result);635636ahash_request_set_tfm(req, __crypto_ahash_cast(tfm));637ctx = crypto_tfm_ctx(req->base.tfm);638ctx->base.exit_inv = true;639rctx->needs_inv = true;640641spin_lock_bh(&priv->ring[ring].queue_lock);642crypto_enqueue_request(&priv->ring[ring].queue, &req->base);643spin_unlock_bh(&priv->ring[ring].queue_lock);644645queue_work(priv->ring[ring].workqueue,646&priv->ring[ring].work_data.work);647648err = crypto_wait_req(-EINPROGRESS, &result);649650if (err) {651dev_warn(priv->dev, "hash: completion error (%d)\n", err);652return err;653}654655return 0;656}657658/* safexcel_ahash_cache: cache data until at least one request can be sent to659* the engine, aka. when there is at least 1 block size in the pipe.660*/661static int safexcel_ahash_cache(struct ahash_request *areq)662{663struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);664u64 cache_len;665666/* cache_len: everything accepted by the driver but not sent yet,667* tot sz handled by update() - last req sz - tot sz handled by send()668*/669cache_len = safexcel_queued_len(req);670671/*672* In case there isn't enough bytes to proceed (less than a673* block size), cache the data until we have enough.674*/675if (cache_len + areq->nbytes <= HASH_CACHE_SIZE) {676sg_pcopy_to_buffer(areq->src, sg_nents(areq->src),677req->cache + cache_len,678areq->nbytes, 0);679return 0;680}681682/* We couldn't cache all the data */683return -E2BIG;684}685686static int safexcel_ahash_enqueue(struct ahash_request *areq)687{688struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));689struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);690struct safexcel_crypto_priv *priv = ctx->base.priv;691int ret, ring;692693req->needs_inv = false;694695if (ctx->base.ctxr) {696if (priv->flags & EIP197_TRC_CACHE && !ctx->base.needs_inv &&697/* invalidate for *any* non-XCBC continuation */698((req->not_first && !req->xcbcmac) ||699/* invalidate if (i)digest changed */700memcmp(ctx->base.ctxr->data, req->state, req->state_sz) ||701/* invalidate for HMAC finish with odigest changed */702(req->finish && req->hmac &&703memcmp(ctx->base.ctxr->data + (req->state_sz>>2),704&ctx->base.opad, req->state_sz))))705/*706* We're still setting needs_inv here, even though it is707* cleared right away, because the needs_inv flag can be708* set in other functions and we want to keep the same709* logic.710*/711ctx->base.needs_inv = true;712713if (ctx->base.needs_inv) {714ctx->base.needs_inv = false;715req->needs_inv = true;716}717} else {718ctx->base.ring = safexcel_select_ring(priv);719ctx->base.ctxr = dma_pool_zalloc(priv->context_pool,720EIP197_GFP_FLAGS(areq->base),721&ctx->base.ctxr_dma);722if (!ctx->base.ctxr)723return -ENOMEM;724}725req->not_first = true;726727ring = ctx->base.ring;728729spin_lock_bh(&priv->ring[ring].queue_lock);730ret = crypto_enqueue_request(&priv->ring[ring].queue, &areq->base);731spin_unlock_bh(&priv->ring[ring].queue_lock);732733queue_work(priv->ring[ring].workqueue,734&priv->ring[ring].work_data.work);735736return ret;737}738739static int safexcel_ahash_update(struct ahash_request *areq)740{741struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);742int ret;743744/* If the request is 0 length, do nothing */745if (!areq->nbytes)746return 0;747748/* Add request to the cache if it fits */749ret = safexcel_ahash_cache(areq);750751/* Update total request length */752req->len += areq->nbytes;753754/* If not all data could fit into the cache, go process the excess.755* Also go process immediately for an HMAC IV precompute, which756* will never be finished at all, but needs to be processed anyway.757*/758if ((ret && !req->finish) || req->last_req)759return safexcel_ahash_enqueue(areq);760761return 0;762}763764static int safexcel_ahash_final(struct ahash_request *areq)765{766struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);767struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));768769req->finish = true;770771if (unlikely(!req->len && !areq->nbytes)) {772/*773* If we have an overall 0 length *hash* request:774* The HW cannot do 0 length hash, so we provide the correct775* result directly here.776*/777if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5)778memcpy(areq->result, md5_zero_message_hash,779MD5_DIGEST_SIZE);780else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA1)781memcpy(areq->result, sha1_zero_message_hash,782SHA1_DIGEST_SIZE);783else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA224)784memcpy(areq->result, sha224_zero_message_hash,785SHA224_DIGEST_SIZE);786else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA256)787memcpy(areq->result, sha256_zero_message_hash,788SHA256_DIGEST_SIZE);789else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA384)790memcpy(areq->result, sha384_zero_message_hash,791SHA384_DIGEST_SIZE);792else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SHA512)793memcpy(areq->result, sha512_zero_message_hash,794SHA512_DIGEST_SIZE);795else if (ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_SM3) {796memcpy(areq->result,797EIP197_SM3_ZEROM_HASH, SM3_DIGEST_SIZE);798}799800return 0;801} else if (unlikely(req->digest == CONTEXT_CONTROL_DIGEST_XCM &&802ctx->alg == CONTEXT_CONTROL_CRYPTO_ALG_MD5 &&803req->len == sizeof(u32) && !areq->nbytes)) {804/* Zero length CRC32 */805memcpy(areq->result, &ctx->base.ipad, sizeof(u32));806return 0;807} else if (unlikely(ctx->cbcmac && req->len == AES_BLOCK_SIZE &&808!areq->nbytes)) {809/* Zero length CBC MAC */810memset(areq->result, 0, AES_BLOCK_SIZE);811return 0;812} else if (unlikely(req->xcbcmac && req->len == AES_BLOCK_SIZE &&813!areq->nbytes)) {814/* Zero length (X)CBC/CMAC */815int i;816817for (i = 0; i < AES_BLOCK_SIZE / sizeof(u32); i++) {818u32 *result = (void *)areq->result;819820/* K3 */821result[i] = swab32(ctx->base.ipad.word[i + 4]);822}823areq->result[0] ^= 0x80; // 10- padding824aes_encrypt(ctx->aes, areq->result, areq->result);825return 0;826} else if (unlikely(req->hmac &&827(req->len == req->block_sz) &&828!areq->nbytes)) {829/*830* If we have an overall 0 length *HMAC* request:831* For HMAC, we need to finalize the inner digest832* and then perform the outer hash.833*/834835/* generate pad block in the cache */836/* start with a hash block of all zeroes */837memset(req->cache, 0, req->block_sz);838/* set the first byte to 0x80 to 'append a 1 bit' */839req->cache[0] = 0x80;840/* add the length in bits in the last 2 bytes */841if (req->len_is_le) {842/* Little endian length word (e.g. MD5) */843req->cache[req->block_sz-8] = (req->block_sz << 3) &844255;845req->cache[req->block_sz-7] = (req->block_sz >> 5);846} else {847/* Big endian length word (e.g. any SHA) */848req->cache[req->block_sz-2] = (req->block_sz >> 5);849req->cache[req->block_sz-1] = (req->block_sz << 3) &850255;851}852853req->len += req->block_sz; /* plus 1 hash block */854855/* Set special zero-length HMAC flag */856req->hmac_zlen = true;857858/* Finalize HMAC */859req->digest = CONTEXT_CONTROL_DIGEST_HMAC;860} else if (req->hmac) {861/* Finalize HMAC */862req->digest = CONTEXT_CONTROL_DIGEST_HMAC;863}864865return safexcel_ahash_enqueue(areq);866}867868static int safexcel_ahash_finup(struct ahash_request *areq)869{870struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);871872req->finish = true;873874safexcel_ahash_update(areq);875return safexcel_ahash_final(areq);876}877878static int safexcel_ahash_export(struct ahash_request *areq, void *out)879{880struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);881struct safexcel_ahash_export_state *export = out;882883export->len = req->len;884export->processed = req->processed;885886export->digest = req->digest;887888memcpy(export->state, req->state, req->state_sz);889memcpy(export->cache, req->cache, HASH_CACHE_SIZE);890891return 0;892}893894static int safexcel_ahash_import(struct ahash_request *areq, const void *in)895{896struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);897const struct safexcel_ahash_export_state *export = in;898int ret;899900ret = crypto_ahash_init(areq);901if (ret)902return ret;903904req->len = export->len;905req->processed = export->processed;906907req->digest = export->digest;908909memcpy(req->cache, export->cache, HASH_CACHE_SIZE);910memcpy(req->state, export->state, req->state_sz);911912return 0;913}914915static int safexcel_ahash_cra_init(struct crypto_tfm *tfm)916{917struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);918struct safexcel_alg_template *tmpl =919container_of(__crypto_ahash_alg(tfm->__crt_alg),920struct safexcel_alg_template, alg.ahash);921922ctx->base.priv = tmpl->priv;923ctx->base.send = safexcel_ahash_send;924ctx->base.handle_result = safexcel_handle_result;925ctx->fb_do_setkey = false;926927crypto_ahash_set_reqsize_dma(__crypto_ahash_cast(tfm),928sizeof(struct safexcel_ahash_req));929return 0;930}931932static int safexcel_sha1_init(struct ahash_request *areq)933{934struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));935struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);936937memset(req, 0, sizeof(*req));938939ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;940req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;941req->state_sz = SHA1_DIGEST_SIZE;942req->digest_sz = SHA1_DIGEST_SIZE;943req->block_sz = SHA1_BLOCK_SIZE;944945return 0;946}947948static int safexcel_sha1_digest(struct ahash_request *areq)949{950int ret = safexcel_sha1_init(areq);951952if (ret)953return ret;954955return safexcel_ahash_finup(areq);956}957958static void safexcel_ahash_cra_exit(struct crypto_tfm *tfm)959{960struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);961struct safexcel_crypto_priv *priv = ctx->base.priv;962int ret;963964/* context not allocated, skip invalidation */965if (!ctx->base.ctxr)966return;967968if (priv->flags & EIP197_TRC_CACHE) {969ret = safexcel_ahash_exit_inv(tfm);970if (ret)971dev_warn(priv->dev, "hash: invalidation error %d\n", ret);972} else {973dma_pool_free(priv->context_pool, ctx->base.ctxr,974ctx->base.ctxr_dma);975}976}977978struct safexcel_alg_template safexcel_alg_sha1 = {979.type = SAFEXCEL_ALG_TYPE_AHASH,980.algo_mask = SAFEXCEL_ALG_SHA1,981.alg.ahash = {982.init = safexcel_sha1_init,983.update = safexcel_ahash_update,984.final = safexcel_ahash_final,985.finup = safexcel_ahash_finup,986.digest = safexcel_sha1_digest,987.export = safexcel_ahash_export,988.import = safexcel_ahash_import,989.halg = {990.digestsize = SHA1_DIGEST_SIZE,991.statesize = sizeof(struct safexcel_ahash_export_state),992.base = {993.cra_name = "sha1",994.cra_driver_name = "safexcel-sha1",995.cra_priority = SAFEXCEL_CRA_PRIORITY,996.cra_flags = CRYPTO_ALG_ASYNC |997CRYPTO_ALG_ALLOCATES_MEMORY |998CRYPTO_ALG_KERN_DRIVER_ONLY,999.cra_blocksize = SHA1_BLOCK_SIZE,1000.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1001.cra_init = safexcel_ahash_cra_init,1002.cra_exit = safexcel_ahash_cra_exit,1003.cra_module = THIS_MODULE,1004},1005},1006},1007};10081009static int safexcel_hmac_sha1_init(struct ahash_request *areq)1010{1011struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1012struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);10131014memset(req, 0, sizeof(*req));10151016/* Start from ipad precompute */1017memcpy(req->state, &ctx->base.ipad, SHA1_DIGEST_SIZE);1018/* Already processed the key^ipad part now! */1019req->len = SHA1_BLOCK_SIZE;1020req->processed = SHA1_BLOCK_SIZE;10211022ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA1;1023req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1024req->state_sz = SHA1_DIGEST_SIZE;1025req->digest_sz = SHA1_DIGEST_SIZE;1026req->block_sz = SHA1_BLOCK_SIZE;1027req->hmac = true;10281029return 0;1030}10311032static int safexcel_hmac_sha1_digest(struct ahash_request *areq)1033{1034int ret = safexcel_hmac_sha1_init(areq);10351036if (ret)1037return ret;10381039return safexcel_ahash_finup(areq);1040}10411042static int safexcel_hmac_init_pad(struct ahash_request *areq,1043unsigned int blocksize, const u8 *key,1044unsigned int keylen, u8 *ipad, u8 *opad)1045{1046DECLARE_CRYPTO_WAIT(result);1047struct scatterlist sg;1048int ret, i;1049u8 *keydup;10501051if (keylen <= blocksize) {1052memcpy(ipad, key, keylen);1053} else {1054keydup = kmemdup(key, keylen, GFP_KERNEL);1055if (!keydup)1056return -ENOMEM;10571058ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,1059crypto_req_done, &result);1060sg_init_one(&sg, keydup, keylen);1061ahash_request_set_crypt(areq, &sg, ipad, keylen);10621063ret = crypto_ahash_digest(areq);1064ret = crypto_wait_req(ret, &result);10651066/* Avoid leaking */1067kfree_sensitive(keydup);10681069if (ret)1070return ret;10711072keylen = crypto_ahash_digestsize(crypto_ahash_reqtfm(areq));1073}10741075memset(ipad + keylen, 0, blocksize - keylen);1076memcpy(opad, ipad, blocksize);10771078for (i = 0; i < blocksize; i++) {1079ipad[i] ^= HMAC_IPAD_VALUE;1080opad[i] ^= HMAC_OPAD_VALUE;1081}10821083return 0;1084}10851086static int safexcel_hmac_init_iv(struct ahash_request *areq,1087unsigned int blocksize, u8 *pad, void *state)1088{1089struct safexcel_ahash_req *req;1090DECLARE_CRYPTO_WAIT(result);1091struct scatterlist sg;1092int ret;10931094ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_BACKLOG,1095crypto_req_done, &result);1096sg_init_one(&sg, pad, blocksize);1097ahash_request_set_crypt(areq, &sg, pad, blocksize);10981099ret = crypto_ahash_init(areq);1100if (ret)1101return ret;11021103req = ahash_request_ctx_dma(areq);1104req->hmac = true;1105req->last_req = true;11061107ret = crypto_ahash_update(areq);1108ret = crypto_wait_req(ret, &result);11091110return ret ?: crypto_ahash_export(areq, state);1111}11121113static int __safexcel_hmac_setkey(const char *alg, const u8 *key,1114unsigned int keylen,1115void *istate, void *ostate)1116{1117struct ahash_request *areq;1118struct crypto_ahash *tfm;1119unsigned int blocksize;1120u8 *ipad, *opad;1121int ret;11221123tfm = crypto_alloc_ahash(alg, 0, 0);1124if (IS_ERR(tfm))1125return PTR_ERR(tfm);11261127areq = ahash_request_alloc(tfm, GFP_KERNEL);1128if (!areq) {1129ret = -ENOMEM;1130goto free_ahash;1131}11321133crypto_ahash_clear_flags(tfm, ~0);1134blocksize = crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));11351136ipad = kcalloc(2, blocksize, GFP_KERNEL);1137if (!ipad) {1138ret = -ENOMEM;1139goto free_request;1140}11411142opad = ipad + blocksize;11431144ret = safexcel_hmac_init_pad(areq, blocksize, key, keylen, ipad, opad);1145if (ret)1146goto free_ipad;11471148ret = safexcel_hmac_init_iv(areq, blocksize, ipad, istate);1149if (ret)1150goto free_ipad;11511152ret = safexcel_hmac_init_iv(areq, blocksize, opad, ostate);11531154free_ipad:1155kfree(ipad);1156free_request:1157ahash_request_free(areq);1158free_ahash:1159crypto_free_ahash(tfm);11601161return ret;1162}11631164int safexcel_hmac_setkey(struct safexcel_context *base, const u8 *key,1165unsigned int keylen, const char *alg,1166unsigned int state_sz)1167{1168struct safexcel_crypto_priv *priv = base->priv;1169struct safexcel_ahash_export_state istate, ostate;1170int ret;11711172ret = __safexcel_hmac_setkey(alg, key, keylen, &istate, &ostate);1173if (ret)1174return ret;11751176if (priv->flags & EIP197_TRC_CACHE && base->ctxr &&1177(memcmp(&base->ipad, istate.state, state_sz) ||1178memcmp(&base->opad, ostate.state, state_sz)))1179base->needs_inv = true;11801181memcpy(&base->ipad, &istate.state, state_sz);1182memcpy(&base->opad, &ostate.state, state_sz);11831184return 0;1185}11861187static int safexcel_hmac_alg_setkey(struct crypto_ahash *tfm, const u8 *key,1188unsigned int keylen, const char *alg,1189unsigned int state_sz)1190{1191struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);11921193return safexcel_hmac_setkey(&ctx->base, key, keylen, alg, state_sz);1194}11951196static int safexcel_hmac_sha1_setkey(struct crypto_ahash *tfm, const u8 *key,1197unsigned int keylen)1198{1199return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha1",1200SHA1_DIGEST_SIZE);1201}12021203struct safexcel_alg_template safexcel_alg_hmac_sha1 = {1204.type = SAFEXCEL_ALG_TYPE_AHASH,1205.algo_mask = SAFEXCEL_ALG_SHA1,1206.alg.ahash = {1207.init = safexcel_hmac_sha1_init,1208.update = safexcel_ahash_update,1209.final = safexcel_ahash_final,1210.finup = safexcel_ahash_finup,1211.digest = safexcel_hmac_sha1_digest,1212.setkey = safexcel_hmac_sha1_setkey,1213.export = safexcel_ahash_export,1214.import = safexcel_ahash_import,1215.halg = {1216.digestsize = SHA1_DIGEST_SIZE,1217.statesize = sizeof(struct safexcel_ahash_export_state),1218.base = {1219.cra_name = "hmac(sha1)",1220.cra_driver_name = "safexcel-hmac-sha1",1221.cra_priority = SAFEXCEL_CRA_PRIORITY,1222.cra_flags = CRYPTO_ALG_ASYNC |1223CRYPTO_ALG_ALLOCATES_MEMORY |1224CRYPTO_ALG_KERN_DRIVER_ONLY,1225.cra_blocksize = SHA1_BLOCK_SIZE,1226.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1227.cra_init = safexcel_ahash_cra_init,1228.cra_exit = safexcel_ahash_cra_exit,1229.cra_module = THIS_MODULE,1230},1231},1232},1233};12341235static int safexcel_sha256_init(struct ahash_request *areq)1236{1237struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1238struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);12391240memset(req, 0, sizeof(*req));12411242ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;1243req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1244req->state_sz = SHA256_DIGEST_SIZE;1245req->digest_sz = SHA256_DIGEST_SIZE;1246req->block_sz = SHA256_BLOCK_SIZE;12471248return 0;1249}12501251static int safexcel_sha256_digest(struct ahash_request *areq)1252{1253int ret = safexcel_sha256_init(areq);12541255if (ret)1256return ret;12571258return safexcel_ahash_finup(areq);1259}12601261struct safexcel_alg_template safexcel_alg_sha256 = {1262.type = SAFEXCEL_ALG_TYPE_AHASH,1263.algo_mask = SAFEXCEL_ALG_SHA2_256,1264.alg.ahash = {1265.init = safexcel_sha256_init,1266.update = safexcel_ahash_update,1267.final = safexcel_ahash_final,1268.finup = safexcel_ahash_finup,1269.digest = safexcel_sha256_digest,1270.export = safexcel_ahash_export,1271.import = safexcel_ahash_import,1272.halg = {1273.digestsize = SHA256_DIGEST_SIZE,1274.statesize = sizeof(struct safexcel_ahash_export_state),1275.base = {1276.cra_name = "sha256",1277.cra_driver_name = "safexcel-sha256",1278.cra_priority = SAFEXCEL_CRA_PRIORITY,1279.cra_flags = CRYPTO_ALG_ASYNC |1280CRYPTO_ALG_ALLOCATES_MEMORY |1281CRYPTO_ALG_KERN_DRIVER_ONLY,1282.cra_blocksize = SHA256_BLOCK_SIZE,1283.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1284.cra_init = safexcel_ahash_cra_init,1285.cra_exit = safexcel_ahash_cra_exit,1286.cra_module = THIS_MODULE,1287},1288},1289},1290};12911292static int safexcel_sha224_init(struct ahash_request *areq)1293{1294struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1295struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);12961297memset(req, 0, sizeof(*req));12981299ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;1300req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1301req->state_sz = SHA256_DIGEST_SIZE;1302req->digest_sz = SHA256_DIGEST_SIZE;1303req->block_sz = SHA256_BLOCK_SIZE;13041305return 0;1306}13071308static int safexcel_sha224_digest(struct ahash_request *areq)1309{1310int ret = safexcel_sha224_init(areq);13111312if (ret)1313return ret;13141315return safexcel_ahash_finup(areq);1316}13171318struct safexcel_alg_template safexcel_alg_sha224 = {1319.type = SAFEXCEL_ALG_TYPE_AHASH,1320.algo_mask = SAFEXCEL_ALG_SHA2_256,1321.alg.ahash = {1322.init = safexcel_sha224_init,1323.update = safexcel_ahash_update,1324.final = safexcel_ahash_final,1325.finup = safexcel_ahash_finup,1326.digest = safexcel_sha224_digest,1327.export = safexcel_ahash_export,1328.import = safexcel_ahash_import,1329.halg = {1330.digestsize = SHA224_DIGEST_SIZE,1331.statesize = sizeof(struct safexcel_ahash_export_state),1332.base = {1333.cra_name = "sha224",1334.cra_driver_name = "safexcel-sha224",1335.cra_priority = SAFEXCEL_CRA_PRIORITY,1336.cra_flags = CRYPTO_ALG_ASYNC |1337CRYPTO_ALG_ALLOCATES_MEMORY |1338CRYPTO_ALG_KERN_DRIVER_ONLY,1339.cra_blocksize = SHA224_BLOCK_SIZE,1340.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1341.cra_init = safexcel_ahash_cra_init,1342.cra_exit = safexcel_ahash_cra_exit,1343.cra_module = THIS_MODULE,1344},1345},1346},1347};13481349static int safexcel_hmac_sha224_setkey(struct crypto_ahash *tfm, const u8 *key,1350unsigned int keylen)1351{1352return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha224",1353SHA256_DIGEST_SIZE);1354}13551356static int safexcel_hmac_sha224_init(struct ahash_request *areq)1357{1358struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1359struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);13601361memset(req, 0, sizeof(*req));13621363/* Start from ipad precompute */1364memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);1365/* Already processed the key^ipad part now! */1366req->len = SHA256_BLOCK_SIZE;1367req->processed = SHA256_BLOCK_SIZE;13681369ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA224;1370req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1371req->state_sz = SHA256_DIGEST_SIZE;1372req->digest_sz = SHA256_DIGEST_SIZE;1373req->block_sz = SHA256_BLOCK_SIZE;1374req->hmac = true;13751376return 0;1377}13781379static int safexcel_hmac_sha224_digest(struct ahash_request *areq)1380{1381int ret = safexcel_hmac_sha224_init(areq);13821383if (ret)1384return ret;13851386return safexcel_ahash_finup(areq);1387}13881389struct safexcel_alg_template safexcel_alg_hmac_sha224 = {1390.type = SAFEXCEL_ALG_TYPE_AHASH,1391.algo_mask = SAFEXCEL_ALG_SHA2_256,1392.alg.ahash = {1393.init = safexcel_hmac_sha224_init,1394.update = safexcel_ahash_update,1395.final = safexcel_ahash_final,1396.finup = safexcel_ahash_finup,1397.digest = safexcel_hmac_sha224_digest,1398.setkey = safexcel_hmac_sha224_setkey,1399.export = safexcel_ahash_export,1400.import = safexcel_ahash_import,1401.halg = {1402.digestsize = SHA224_DIGEST_SIZE,1403.statesize = sizeof(struct safexcel_ahash_export_state),1404.base = {1405.cra_name = "hmac(sha224)",1406.cra_driver_name = "safexcel-hmac-sha224",1407.cra_priority = SAFEXCEL_CRA_PRIORITY,1408.cra_flags = CRYPTO_ALG_ASYNC |1409CRYPTO_ALG_ALLOCATES_MEMORY |1410CRYPTO_ALG_KERN_DRIVER_ONLY,1411.cra_blocksize = SHA224_BLOCK_SIZE,1412.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1413.cra_init = safexcel_ahash_cra_init,1414.cra_exit = safexcel_ahash_cra_exit,1415.cra_module = THIS_MODULE,1416},1417},1418},1419};14201421static int safexcel_hmac_sha256_setkey(struct crypto_ahash *tfm, const u8 *key,1422unsigned int keylen)1423{1424return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha256",1425SHA256_DIGEST_SIZE);1426}14271428static int safexcel_hmac_sha256_init(struct ahash_request *areq)1429{1430struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1431struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);14321433memset(req, 0, sizeof(*req));14341435/* Start from ipad precompute */1436memcpy(req->state, &ctx->base.ipad, SHA256_DIGEST_SIZE);1437/* Already processed the key^ipad part now! */1438req->len = SHA256_BLOCK_SIZE;1439req->processed = SHA256_BLOCK_SIZE;14401441ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA256;1442req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1443req->state_sz = SHA256_DIGEST_SIZE;1444req->digest_sz = SHA256_DIGEST_SIZE;1445req->block_sz = SHA256_BLOCK_SIZE;1446req->hmac = true;14471448return 0;1449}14501451static int safexcel_hmac_sha256_digest(struct ahash_request *areq)1452{1453int ret = safexcel_hmac_sha256_init(areq);14541455if (ret)1456return ret;14571458return safexcel_ahash_finup(areq);1459}14601461struct safexcel_alg_template safexcel_alg_hmac_sha256 = {1462.type = SAFEXCEL_ALG_TYPE_AHASH,1463.algo_mask = SAFEXCEL_ALG_SHA2_256,1464.alg.ahash = {1465.init = safexcel_hmac_sha256_init,1466.update = safexcel_ahash_update,1467.final = safexcel_ahash_final,1468.finup = safexcel_ahash_finup,1469.digest = safexcel_hmac_sha256_digest,1470.setkey = safexcel_hmac_sha256_setkey,1471.export = safexcel_ahash_export,1472.import = safexcel_ahash_import,1473.halg = {1474.digestsize = SHA256_DIGEST_SIZE,1475.statesize = sizeof(struct safexcel_ahash_export_state),1476.base = {1477.cra_name = "hmac(sha256)",1478.cra_driver_name = "safexcel-hmac-sha256",1479.cra_priority = SAFEXCEL_CRA_PRIORITY,1480.cra_flags = CRYPTO_ALG_ASYNC |1481CRYPTO_ALG_ALLOCATES_MEMORY |1482CRYPTO_ALG_KERN_DRIVER_ONLY,1483.cra_blocksize = SHA256_BLOCK_SIZE,1484.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1485.cra_init = safexcel_ahash_cra_init,1486.cra_exit = safexcel_ahash_cra_exit,1487.cra_module = THIS_MODULE,1488},1489},1490},1491};14921493static int safexcel_sha512_init(struct ahash_request *areq)1494{1495struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1496struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);14971498memset(req, 0, sizeof(*req));14991500ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;1501req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1502req->state_sz = SHA512_DIGEST_SIZE;1503req->digest_sz = SHA512_DIGEST_SIZE;1504req->block_sz = SHA512_BLOCK_SIZE;15051506return 0;1507}15081509static int safexcel_sha512_digest(struct ahash_request *areq)1510{1511int ret = safexcel_sha512_init(areq);15121513if (ret)1514return ret;15151516return safexcel_ahash_finup(areq);1517}15181519struct safexcel_alg_template safexcel_alg_sha512 = {1520.type = SAFEXCEL_ALG_TYPE_AHASH,1521.algo_mask = SAFEXCEL_ALG_SHA2_512,1522.alg.ahash = {1523.init = safexcel_sha512_init,1524.update = safexcel_ahash_update,1525.final = safexcel_ahash_final,1526.finup = safexcel_ahash_finup,1527.digest = safexcel_sha512_digest,1528.export = safexcel_ahash_export,1529.import = safexcel_ahash_import,1530.halg = {1531.digestsize = SHA512_DIGEST_SIZE,1532.statesize = sizeof(struct safexcel_ahash_export_state),1533.base = {1534.cra_name = "sha512",1535.cra_driver_name = "safexcel-sha512",1536.cra_priority = SAFEXCEL_CRA_PRIORITY,1537.cra_flags = CRYPTO_ALG_ASYNC |1538CRYPTO_ALG_ALLOCATES_MEMORY |1539CRYPTO_ALG_KERN_DRIVER_ONLY,1540.cra_blocksize = SHA512_BLOCK_SIZE,1541.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1542.cra_init = safexcel_ahash_cra_init,1543.cra_exit = safexcel_ahash_cra_exit,1544.cra_module = THIS_MODULE,1545},1546},1547},1548};15491550static int safexcel_sha384_init(struct ahash_request *areq)1551{1552struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1553struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);15541555memset(req, 0, sizeof(*req));15561557ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;1558req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1559req->state_sz = SHA512_DIGEST_SIZE;1560req->digest_sz = SHA512_DIGEST_SIZE;1561req->block_sz = SHA512_BLOCK_SIZE;15621563return 0;1564}15651566static int safexcel_sha384_digest(struct ahash_request *areq)1567{1568int ret = safexcel_sha384_init(areq);15691570if (ret)1571return ret;15721573return safexcel_ahash_finup(areq);1574}15751576struct safexcel_alg_template safexcel_alg_sha384 = {1577.type = SAFEXCEL_ALG_TYPE_AHASH,1578.algo_mask = SAFEXCEL_ALG_SHA2_512,1579.alg.ahash = {1580.init = safexcel_sha384_init,1581.update = safexcel_ahash_update,1582.final = safexcel_ahash_final,1583.finup = safexcel_ahash_finup,1584.digest = safexcel_sha384_digest,1585.export = safexcel_ahash_export,1586.import = safexcel_ahash_import,1587.halg = {1588.digestsize = SHA384_DIGEST_SIZE,1589.statesize = sizeof(struct safexcel_ahash_export_state),1590.base = {1591.cra_name = "sha384",1592.cra_driver_name = "safexcel-sha384",1593.cra_priority = SAFEXCEL_CRA_PRIORITY,1594.cra_flags = CRYPTO_ALG_ASYNC |1595CRYPTO_ALG_ALLOCATES_MEMORY |1596CRYPTO_ALG_KERN_DRIVER_ONLY,1597.cra_blocksize = SHA384_BLOCK_SIZE,1598.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1599.cra_init = safexcel_ahash_cra_init,1600.cra_exit = safexcel_ahash_cra_exit,1601.cra_module = THIS_MODULE,1602},1603},1604},1605};16061607static int safexcel_hmac_sha512_setkey(struct crypto_ahash *tfm, const u8 *key,1608unsigned int keylen)1609{1610return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha512",1611SHA512_DIGEST_SIZE);1612}16131614static int safexcel_hmac_sha512_init(struct ahash_request *areq)1615{1616struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1617struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);16181619memset(req, 0, sizeof(*req));16201621/* Start from ipad precompute */1622memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);1623/* Already processed the key^ipad part now! */1624req->len = SHA512_BLOCK_SIZE;1625req->processed = SHA512_BLOCK_SIZE;16261627ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA512;1628req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1629req->state_sz = SHA512_DIGEST_SIZE;1630req->digest_sz = SHA512_DIGEST_SIZE;1631req->block_sz = SHA512_BLOCK_SIZE;1632req->hmac = true;16331634return 0;1635}16361637static int safexcel_hmac_sha512_digest(struct ahash_request *areq)1638{1639int ret = safexcel_hmac_sha512_init(areq);16401641if (ret)1642return ret;16431644return safexcel_ahash_finup(areq);1645}16461647struct safexcel_alg_template safexcel_alg_hmac_sha512 = {1648.type = SAFEXCEL_ALG_TYPE_AHASH,1649.algo_mask = SAFEXCEL_ALG_SHA2_512,1650.alg.ahash = {1651.init = safexcel_hmac_sha512_init,1652.update = safexcel_ahash_update,1653.final = safexcel_ahash_final,1654.finup = safexcel_ahash_finup,1655.digest = safexcel_hmac_sha512_digest,1656.setkey = safexcel_hmac_sha512_setkey,1657.export = safexcel_ahash_export,1658.import = safexcel_ahash_import,1659.halg = {1660.digestsize = SHA512_DIGEST_SIZE,1661.statesize = sizeof(struct safexcel_ahash_export_state),1662.base = {1663.cra_name = "hmac(sha512)",1664.cra_driver_name = "safexcel-hmac-sha512",1665.cra_priority = SAFEXCEL_CRA_PRIORITY,1666.cra_flags = CRYPTO_ALG_ASYNC |1667CRYPTO_ALG_ALLOCATES_MEMORY |1668CRYPTO_ALG_KERN_DRIVER_ONLY,1669.cra_blocksize = SHA512_BLOCK_SIZE,1670.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1671.cra_init = safexcel_ahash_cra_init,1672.cra_exit = safexcel_ahash_cra_exit,1673.cra_module = THIS_MODULE,1674},1675},1676},1677};16781679static int safexcel_hmac_sha384_setkey(struct crypto_ahash *tfm, const u8 *key,1680unsigned int keylen)1681{1682return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sha384",1683SHA512_DIGEST_SIZE);1684}16851686static int safexcel_hmac_sha384_init(struct ahash_request *areq)1687{1688struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1689struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);16901691memset(req, 0, sizeof(*req));16921693/* Start from ipad precompute */1694memcpy(req->state, &ctx->base.ipad, SHA512_DIGEST_SIZE);1695/* Already processed the key^ipad part now! */1696req->len = SHA512_BLOCK_SIZE;1697req->processed = SHA512_BLOCK_SIZE;16981699ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA384;1700req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1701req->state_sz = SHA512_DIGEST_SIZE;1702req->digest_sz = SHA512_DIGEST_SIZE;1703req->block_sz = SHA512_BLOCK_SIZE;1704req->hmac = true;17051706return 0;1707}17081709static int safexcel_hmac_sha384_digest(struct ahash_request *areq)1710{1711int ret = safexcel_hmac_sha384_init(areq);17121713if (ret)1714return ret;17151716return safexcel_ahash_finup(areq);1717}17181719struct safexcel_alg_template safexcel_alg_hmac_sha384 = {1720.type = SAFEXCEL_ALG_TYPE_AHASH,1721.algo_mask = SAFEXCEL_ALG_SHA2_512,1722.alg.ahash = {1723.init = safexcel_hmac_sha384_init,1724.update = safexcel_ahash_update,1725.final = safexcel_ahash_final,1726.finup = safexcel_ahash_finup,1727.digest = safexcel_hmac_sha384_digest,1728.setkey = safexcel_hmac_sha384_setkey,1729.export = safexcel_ahash_export,1730.import = safexcel_ahash_import,1731.halg = {1732.digestsize = SHA384_DIGEST_SIZE,1733.statesize = sizeof(struct safexcel_ahash_export_state),1734.base = {1735.cra_name = "hmac(sha384)",1736.cra_driver_name = "safexcel-hmac-sha384",1737.cra_priority = SAFEXCEL_CRA_PRIORITY,1738.cra_flags = CRYPTO_ALG_ASYNC |1739CRYPTO_ALG_ALLOCATES_MEMORY |1740CRYPTO_ALG_KERN_DRIVER_ONLY,1741.cra_blocksize = SHA384_BLOCK_SIZE,1742.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1743.cra_init = safexcel_ahash_cra_init,1744.cra_exit = safexcel_ahash_cra_exit,1745.cra_module = THIS_MODULE,1746},1747},1748},1749};17501751static int safexcel_md5_init(struct ahash_request *areq)1752{1753struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1754struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);17551756memset(req, 0, sizeof(*req));17571758ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;1759req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1760req->state_sz = MD5_DIGEST_SIZE;1761req->digest_sz = MD5_DIGEST_SIZE;1762req->block_sz = MD5_HMAC_BLOCK_SIZE;17631764return 0;1765}17661767static int safexcel_md5_digest(struct ahash_request *areq)1768{1769int ret = safexcel_md5_init(areq);17701771if (ret)1772return ret;17731774return safexcel_ahash_finup(areq);1775}17761777struct safexcel_alg_template safexcel_alg_md5 = {1778.type = SAFEXCEL_ALG_TYPE_AHASH,1779.algo_mask = SAFEXCEL_ALG_MD5,1780.alg.ahash = {1781.init = safexcel_md5_init,1782.update = safexcel_ahash_update,1783.final = safexcel_ahash_final,1784.finup = safexcel_ahash_finup,1785.digest = safexcel_md5_digest,1786.export = safexcel_ahash_export,1787.import = safexcel_ahash_import,1788.halg = {1789.digestsize = MD5_DIGEST_SIZE,1790.statesize = sizeof(struct safexcel_ahash_export_state),1791.base = {1792.cra_name = "md5",1793.cra_driver_name = "safexcel-md5",1794.cra_priority = SAFEXCEL_CRA_PRIORITY,1795.cra_flags = CRYPTO_ALG_ASYNC |1796CRYPTO_ALG_ALLOCATES_MEMORY |1797CRYPTO_ALG_KERN_DRIVER_ONLY,1798.cra_blocksize = MD5_HMAC_BLOCK_SIZE,1799.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1800.cra_init = safexcel_ahash_cra_init,1801.cra_exit = safexcel_ahash_cra_exit,1802.cra_module = THIS_MODULE,1803},1804},1805},1806};18071808static int safexcel_hmac_md5_init(struct ahash_request *areq)1809{1810struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1811struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);18121813memset(req, 0, sizeof(*req));18141815/* Start from ipad precompute */1816memcpy(req->state, &ctx->base.ipad, MD5_DIGEST_SIZE);1817/* Already processed the key^ipad part now! */1818req->len = MD5_HMAC_BLOCK_SIZE;1819req->processed = MD5_HMAC_BLOCK_SIZE;18201821ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_MD5;1822req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;1823req->state_sz = MD5_DIGEST_SIZE;1824req->digest_sz = MD5_DIGEST_SIZE;1825req->block_sz = MD5_HMAC_BLOCK_SIZE;1826req->len_is_le = true; /* MD5 is little endian! ... */1827req->hmac = true;18281829return 0;1830}18311832static int safexcel_hmac_md5_setkey(struct crypto_ahash *tfm, const u8 *key,1833unsigned int keylen)1834{1835return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-md5",1836MD5_DIGEST_SIZE);1837}18381839static int safexcel_hmac_md5_digest(struct ahash_request *areq)1840{1841int ret = safexcel_hmac_md5_init(areq);18421843if (ret)1844return ret;18451846return safexcel_ahash_finup(areq);1847}18481849struct safexcel_alg_template safexcel_alg_hmac_md5 = {1850.type = SAFEXCEL_ALG_TYPE_AHASH,1851.algo_mask = SAFEXCEL_ALG_MD5,1852.alg.ahash = {1853.init = safexcel_hmac_md5_init,1854.update = safexcel_ahash_update,1855.final = safexcel_ahash_final,1856.finup = safexcel_ahash_finup,1857.digest = safexcel_hmac_md5_digest,1858.setkey = safexcel_hmac_md5_setkey,1859.export = safexcel_ahash_export,1860.import = safexcel_ahash_import,1861.halg = {1862.digestsize = MD5_DIGEST_SIZE,1863.statesize = sizeof(struct safexcel_ahash_export_state),1864.base = {1865.cra_name = "hmac(md5)",1866.cra_driver_name = "safexcel-hmac-md5",1867.cra_priority = SAFEXCEL_CRA_PRIORITY,1868.cra_flags = CRYPTO_ALG_ASYNC |1869CRYPTO_ALG_ALLOCATES_MEMORY |1870CRYPTO_ALG_KERN_DRIVER_ONLY,1871.cra_blocksize = MD5_HMAC_BLOCK_SIZE,1872.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1873.cra_init = safexcel_ahash_cra_init,1874.cra_exit = safexcel_ahash_cra_exit,1875.cra_module = THIS_MODULE,1876},1877},1878},1879};18801881static int safexcel_cbcmac_init(struct ahash_request *areq)1882{1883struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));1884struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);18851886memset(req, 0, sizeof(*req));18871888/* Start from loaded keys */1889memcpy(req->state, &ctx->base.ipad, ctx->key_sz);1890/* Set processed to non-zero to enable invalidation detection */1891req->len = AES_BLOCK_SIZE;1892req->processed = AES_BLOCK_SIZE;18931894req->digest = CONTEXT_CONTROL_DIGEST_XCM;1895req->state_sz = ctx->key_sz;1896req->digest_sz = AES_BLOCK_SIZE;1897req->block_sz = AES_BLOCK_SIZE;1898req->xcbcmac = true;18991900return 0;1901}19021903static int safexcel_cbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,1904unsigned int len)1905{1906struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));1907struct crypto_aes_ctx aes;1908int ret, i;19091910ret = aes_expandkey(&aes, key, len);1911if (ret)1912return ret;19131914memset(&ctx->base.ipad, 0, 2 * AES_BLOCK_SIZE);1915for (i = 0; i < len / sizeof(u32); i++)1916ctx->base.ipad.be[i + 8] = cpu_to_be32(aes.key_enc[i]);19171918if (len == AES_KEYSIZE_192) {1919ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;1920ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;1921} else if (len == AES_KEYSIZE_256) {1922ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;1923ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;1924} else {1925ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;1926ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;1927}1928ctx->cbcmac = true;19291930memzero_explicit(&aes, sizeof(aes));1931return 0;1932}19331934static int safexcel_cbcmac_digest(struct ahash_request *areq)1935{1936return safexcel_cbcmac_init(areq) ?: safexcel_ahash_finup(areq);1937}19381939struct safexcel_alg_template safexcel_alg_cbcmac = {1940.type = SAFEXCEL_ALG_TYPE_AHASH,1941.algo_mask = 0,1942.alg.ahash = {1943.init = safexcel_cbcmac_init,1944.update = safexcel_ahash_update,1945.final = safexcel_ahash_final,1946.finup = safexcel_ahash_finup,1947.digest = safexcel_cbcmac_digest,1948.setkey = safexcel_cbcmac_setkey,1949.export = safexcel_ahash_export,1950.import = safexcel_ahash_import,1951.halg = {1952.digestsize = AES_BLOCK_SIZE,1953.statesize = sizeof(struct safexcel_ahash_export_state),1954.base = {1955.cra_name = "cbcmac(aes)",1956.cra_driver_name = "safexcel-cbcmac-aes",1957.cra_priority = SAFEXCEL_CRA_PRIORITY,1958.cra_flags = CRYPTO_ALG_ASYNC |1959CRYPTO_ALG_ALLOCATES_MEMORY |1960CRYPTO_ALG_KERN_DRIVER_ONLY,1961.cra_blocksize = AES_BLOCK_SIZE,1962.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),1963.cra_init = safexcel_ahash_cra_init,1964.cra_exit = safexcel_ahash_cra_exit,1965.cra_module = THIS_MODULE,1966},1967},1968},1969};19701971static int safexcel_xcbcmac_setkey(struct crypto_ahash *tfm, const u8 *key,1972unsigned int len)1973{1974struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));1975u32 key_tmp[3 * AES_BLOCK_SIZE / sizeof(u32)];1976int ret, i;19771978ret = aes_expandkey(ctx->aes, key, len);1979if (ret)1980return ret;19811982/* precompute the XCBC key material */1983aes_encrypt(ctx->aes, (u8 *)key_tmp + 2 * AES_BLOCK_SIZE,1984"\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1\x1");1985aes_encrypt(ctx->aes, (u8 *)key_tmp,1986"\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2\x2");1987aes_encrypt(ctx->aes, (u8 *)key_tmp + AES_BLOCK_SIZE,1988"\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3");1989for (i = 0; i < 3 * AES_BLOCK_SIZE / sizeof(u32); i++)1990ctx->base.ipad.word[i] = swab32(key_tmp[i]);19911992ret = aes_expandkey(ctx->aes,1993(u8 *)key_tmp + 2 * AES_BLOCK_SIZE,1994AES_MIN_KEY_SIZE);1995if (ret)1996return ret;19971998ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;1999ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;2000ctx->cbcmac = false;20012002return 0;2003}20042005static int safexcel_xcbcmac_cra_init(struct crypto_tfm *tfm)2006{2007struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);20082009safexcel_ahash_cra_init(tfm);2010ctx->aes = kmalloc(sizeof(*ctx->aes), GFP_KERNEL);2011return ctx->aes == NULL ? -ENOMEM : 0;2012}20132014static void safexcel_xcbcmac_cra_exit(struct crypto_tfm *tfm)2015{2016struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);20172018kfree(ctx->aes);2019safexcel_ahash_cra_exit(tfm);2020}20212022struct safexcel_alg_template safexcel_alg_xcbcmac = {2023.type = SAFEXCEL_ALG_TYPE_AHASH,2024.algo_mask = 0,2025.alg.ahash = {2026.init = safexcel_cbcmac_init,2027.update = safexcel_ahash_update,2028.final = safexcel_ahash_final,2029.finup = safexcel_ahash_finup,2030.digest = safexcel_cbcmac_digest,2031.setkey = safexcel_xcbcmac_setkey,2032.export = safexcel_ahash_export,2033.import = safexcel_ahash_import,2034.halg = {2035.digestsize = AES_BLOCK_SIZE,2036.statesize = sizeof(struct safexcel_ahash_export_state),2037.base = {2038.cra_name = "xcbc(aes)",2039.cra_driver_name = "safexcel-xcbc-aes",2040.cra_priority = SAFEXCEL_CRA_PRIORITY,2041.cra_flags = CRYPTO_ALG_ASYNC |2042CRYPTO_ALG_ALLOCATES_MEMORY |2043CRYPTO_ALG_KERN_DRIVER_ONLY,2044.cra_blocksize = AES_BLOCK_SIZE,2045.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2046.cra_init = safexcel_xcbcmac_cra_init,2047.cra_exit = safexcel_xcbcmac_cra_exit,2048.cra_module = THIS_MODULE,2049},2050},2051},2052};20532054static int safexcel_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,2055unsigned int len)2056{2057struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));2058__be64 consts[4];2059u64 _const[2];2060u8 msb_mask, gfmask;2061int ret, i;20622063/* precompute the CMAC key material */2064ret = aes_expandkey(ctx->aes, key, len);2065if (ret)2066return ret;20672068for (i = 0; i < len / sizeof(u32); i++)2069ctx->base.ipad.word[i + 8] = swab32(ctx->aes->key_enc[i]);20702071/* code below borrowed from crypto/cmac.c */2072/* encrypt the zero block */2073memset(consts, 0, AES_BLOCK_SIZE);2074aes_encrypt(ctx->aes, (u8 *)consts, (u8 *)consts);20752076gfmask = 0x87;2077_const[0] = be64_to_cpu(consts[1]);2078_const[1] = be64_to_cpu(consts[0]);20792080/* gf(2^128) multiply zero-ciphertext with u and u^2 */2081for (i = 0; i < 4; i += 2) {2082msb_mask = ((s64)_const[1] >> 63) & gfmask;2083_const[1] = (_const[1] << 1) | (_const[0] >> 63);2084_const[0] = (_const[0] << 1) ^ msb_mask;20852086consts[i + 0] = cpu_to_be64(_const[1]);2087consts[i + 1] = cpu_to_be64(_const[0]);2088}2089/* end of code borrowed from crypto/cmac.c */20902091for (i = 0; i < 2 * AES_BLOCK_SIZE / sizeof(u32); i++)2092ctx->base.ipad.be[i] = cpu_to_be32(((u32 *)consts)[i]);20932094if (len == AES_KEYSIZE_192) {2095ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC192;2096ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;2097} else if (len == AES_KEYSIZE_256) {2098ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC256;2099ctx->key_sz = AES_MAX_KEY_SIZE + 2 * AES_BLOCK_SIZE;2100} else {2101ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_XCBC128;2102ctx->key_sz = AES_MIN_KEY_SIZE + 2 * AES_BLOCK_SIZE;2103}2104ctx->cbcmac = false;21052106return 0;2107}21082109struct safexcel_alg_template safexcel_alg_cmac = {2110.type = SAFEXCEL_ALG_TYPE_AHASH,2111.algo_mask = 0,2112.alg.ahash = {2113.init = safexcel_cbcmac_init,2114.update = safexcel_ahash_update,2115.final = safexcel_ahash_final,2116.finup = safexcel_ahash_finup,2117.digest = safexcel_cbcmac_digest,2118.setkey = safexcel_cmac_setkey,2119.export = safexcel_ahash_export,2120.import = safexcel_ahash_import,2121.halg = {2122.digestsize = AES_BLOCK_SIZE,2123.statesize = sizeof(struct safexcel_ahash_export_state),2124.base = {2125.cra_name = "cmac(aes)",2126.cra_driver_name = "safexcel-cmac-aes",2127.cra_priority = SAFEXCEL_CRA_PRIORITY,2128.cra_flags = CRYPTO_ALG_ASYNC |2129CRYPTO_ALG_ALLOCATES_MEMORY |2130CRYPTO_ALG_KERN_DRIVER_ONLY,2131.cra_blocksize = AES_BLOCK_SIZE,2132.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2133.cra_init = safexcel_xcbcmac_cra_init,2134.cra_exit = safexcel_xcbcmac_cra_exit,2135.cra_module = THIS_MODULE,2136},2137},2138},2139};21402141static int safexcel_sm3_init(struct ahash_request *areq)2142{2143struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));2144struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);21452146memset(req, 0, sizeof(*req));21472148ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;2149req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;2150req->state_sz = SM3_DIGEST_SIZE;2151req->digest_sz = SM3_DIGEST_SIZE;2152req->block_sz = SM3_BLOCK_SIZE;21532154return 0;2155}21562157static int safexcel_sm3_digest(struct ahash_request *areq)2158{2159int ret = safexcel_sm3_init(areq);21602161if (ret)2162return ret;21632164return safexcel_ahash_finup(areq);2165}21662167struct safexcel_alg_template safexcel_alg_sm3 = {2168.type = SAFEXCEL_ALG_TYPE_AHASH,2169.algo_mask = SAFEXCEL_ALG_SM3,2170.alg.ahash = {2171.init = safexcel_sm3_init,2172.update = safexcel_ahash_update,2173.final = safexcel_ahash_final,2174.finup = safexcel_ahash_finup,2175.digest = safexcel_sm3_digest,2176.export = safexcel_ahash_export,2177.import = safexcel_ahash_import,2178.halg = {2179.digestsize = SM3_DIGEST_SIZE,2180.statesize = sizeof(struct safexcel_ahash_export_state),2181.base = {2182.cra_name = "sm3",2183.cra_driver_name = "safexcel-sm3",2184.cra_priority = SAFEXCEL_CRA_PRIORITY,2185.cra_flags = CRYPTO_ALG_ASYNC |2186CRYPTO_ALG_ALLOCATES_MEMORY |2187CRYPTO_ALG_KERN_DRIVER_ONLY,2188.cra_blocksize = SM3_BLOCK_SIZE,2189.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2190.cra_init = safexcel_ahash_cra_init,2191.cra_exit = safexcel_ahash_cra_exit,2192.cra_module = THIS_MODULE,2193},2194},2195},2196};21972198static int safexcel_hmac_sm3_setkey(struct crypto_ahash *tfm, const u8 *key,2199unsigned int keylen)2200{2201return safexcel_hmac_alg_setkey(tfm, key, keylen, "safexcel-sm3",2202SM3_DIGEST_SIZE);2203}22042205static int safexcel_hmac_sm3_init(struct ahash_request *areq)2206{2207struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));2208struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);22092210memset(req, 0, sizeof(*req));22112212/* Start from ipad precompute */2213memcpy(req->state, &ctx->base.ipad, SM3_DIGEST_SIZE);2214/* Already processed the key^ipad part now! */2215req->len = SM3_BLOCK_SIZE;2216req->processed = SM3_BLOCK_SIZE;22172218ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SM3;2219req->digest = CONTEXT_CONTROL_DIGEST_PRECOMPUTED;2220req->state_sz = SM3_DIGEST_SIZE;2221req->digest_sz = SM3_DIGEST_SIZE;2222req->block_sz = SM3_BLOCK_SIZE;2223req->hmac = true;22242225return 0;2226}22272228static int safexcel_hmac_sm3_digest(struct ahash_request *areq)2229{2230int ret = safexcel_hmac_sm3_init(areq);22312232if (ret)2233return ret;22342235return safexcel_ahash_finup(areq);2236}22372238struct safexcel_alg_template safexcel_alg_hmac_sm3 = {2239.type = SAFEXCEL_ALG_TYPE_AHASH,2240.algo_mask = SAFEXCEL_ALG_SM3,2241.alg.ahash = {2242.init = safexcel_hmac_sm3_init,2243.update = safexcel_ahash_update,2244.final = safexcel_ahash_final,2245.finup = safexcel_ahash_finup,2246.digest = safexcel_hmac_sm3_digest,2247.setkey = safexcel_hmac_sm3_setkey,2248.export = safexcel_ahash_export,2249.import = safexcel_ahash_import,2250.halg = {2251.digestsize = SM3_DIGEST_SIZE,2252.statesize = sizeof(struct safexcel_ahash_export_state),2253.base = {2254.cra_name = "hmac(sm3)",2255.cra_driver_name = "safexcel-hmac-sm3",2256.cra_priority = SAFEXCEL_CRA_PRIORITY,2257.cra_flags = CRYPTO_ALG_ASYNC |2258CRYPTO_ALG_ALLOCATES_MEMORY |2259CRYPTO_ALG_KERN_DRIVER_ONLY,2260.cra_blocksize = SM3_BLOCK_SIZE,2261.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2262.cra_init = safexcel_ahash_cra_init,2263.cra_exit = safexcel_ahash_cra_exit,2264.cra_module = THIS_MODULE,2265},2266},2267},2268};22692270static int safexcel_sha3_224_init(struct ahash_request *areq)2271{2272struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2273struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2274struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);22752276memset(req, 0, sizeof(*req));22772278ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;2279req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;2280req->state_sz = SHA3_224_DIGEST_SIZE;2281req->digest_sz = SHA3_224_DIGEST_SIZE;2282req->block_sz = SHA3_224_BLOCK_SIZE;2283ctx->do_fallback = false;2284ctx->fb_init_done = false;2285return 0;2286}22872288static int safexcel_sha3_fbcheck(struct ahash_request *req)2289{2290struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2291struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2292struct ahash_request *subreq = ahash_request_ctx_dma(req);2293int ret = 0;22942295if (ctx->do_fallback) {2296ahash_request_set_tfm(subreq, ctx->fback);2297ahash_request_set_callback(subreq, req->base.flags,2298req->base.complete, req->base.data);2299ahash_request_set_crypt(subreq, req->src, req->result,2300req->nbytes);2301if (!ctx->fb_init_done) {2302if (ctx->fb_do_setkey) {2303/* Set fallback cipher HMAC key */2304u8 key[SHA3_224_BLOCK_SIZE];23052306memcpy(key, &ctx->base.ipad,2307crypto_ahash_blocksize(ctx->fback) / 2);2308memcpy(key +2309crypto_ahash_blocksize(ctx->fback) / 2,2310&ctx->base.opad,2311crypto_ahash_blocksize(ctx->fback) / 2);2312ret = crypto_ahash_setkey(ctx->fback, key,2313crypto_ahash_blocksize(ctx->fback));2314memzero_explicit(key,2315crypto_ahash_blocksize(ctx->fback));2316ctx->fb_do_setkey = false;2317}2318ret = ret ?: crypto_ahash_init(subreq);2319ctx->fb_init_done = true;2320}2321}2322return ret;2323}23242325static int safexcel_sha3_update(struct ahash_request *req)2326{2327struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2328struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2329struct ahash_request *subreq = ahash_request_ctx_dma(req);23302331ctx->do_fallback = true;2332return safexcel_sha3_fbcheck(req) ?: crypto_ahash_update(subreq);2333}23342335static int safexcel_sha3_final(struct ahash_request *req)2336{2337struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2338struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2339struct ahash_request *subreq = ahash_request_ctx_dma(req);23402341ctx->do_fallback = true;2342return safexcel_sha3_fbcheck(req) ?: crypto_ahash_final(subreq);2343}23442345static int safexcel_sha3_finup(struct ahash_request *req)2346{2347struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2348struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2349struct ahash_request *subreq = ahash_request_ctx_dma(req);23502351ctx->do_fallback |= !req->nbytes;2352if (ctx->do_fallback)2353/* Update or ex/import happened or len 0, cannot use the HW */2354return safexcel_sha3_fbcheck(req) ?:2355crypto_ahash_finup(subreq);2356else2357return safexcel_ahash_finup(req);2358}23592360static int safexcel_sha3_digest_fallback(struct ahash_request *req)2361{2362struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2363struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2364struct ahash_request *subreq = ahash_request_ctx_dma(req);23652366ctx->do_fallback = true;2367ctx->fb_init_done = false;2368return safexcel_sha3_fbcheck(req) ?: crypto_ahash_finup(subreq);2369}23702371static int safexcel_sha3_224_digest(struct ahash_request *req)2372{2373if (req->nbytes)2374return safexcel_sha3_224_init(req) ?: safexcel_ahash_finup(req);23752376/* HW cannot do zero length hash, use fallback instead */2377return safexcel_sha3_digest_fallback(req);2378}23792380static int safexcel_sha3_export(struct ahash_request *req, void *out)2381{2382struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2383struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2384struct ahash_request *subreq = ahash_request_ctx_dma(req);23852386ctx->do_fallback = true;2387return safexcel_sha3_fbcheck(req) ?: crypto_ahash_export(subreq, out);2388}23892390static int safexcel_sha3_import(struct ahash_request *req, const void *in)2391{2392struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);2393struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2394struct ahash_request *subreq = ahash_request_ctx_dma(req);23952396ctx->do_fallback = true;2397return safexcel_sha3_fbcheck(req) ?: crypto_ahash_import(subreq, in);2398// return safexcel_ahash_import(req, in);2399}24002401static int safexcel_sha3_cra_init(struct crypto_tfm *tfm)2402{2403struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);2404struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);24052406safexcel_ahash_cra_init(tfm);24072408/* Allocate fallback implementation */2409ctx->fback = crypto_alloc_ahash(crypto_tfm_alg_name(tfm), 0,2410CRYPTO_ALG_ASYNC |2411CRYPTO_ALG_NEED_FALLBACK);2412if (IS_ERR(ctx->fback))2413return PTR_ERR(ctx->fback);24142415/* Update statesize from fallback algorithm! */2416crypto_hash_alg_common(ahash)->statesize =2417crypto_ahash_statesize(ctx->fback);2418crypto_ahash_set_reqsize_dma(2419ahash, max(sizeof(struct safexcel_ahash_req),2420sizeof(struct ahash_request) +2421crypto_ahash_reqsize(ctx->fback)));2422return 0;2423}24242425static void safexcel_sha3_cra_exit(struct crypto_tfm *tfm)2426{2427struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);24282429crypto_free_ahash(ctx->fback);2430safexcel_ahash_cra_exit(tfm);2431}24322433struct safexcel_alg_template safexcel_alg_sha3_224 = {2434.type = SAFEXCEL_ALG_TYPE_AHASH,2435.algo_mask = SAFEXCEL_ALG_SHA3,2436.alg.ahash = {2437.init = safexcel_sha3_224_init,2438.update = safexcel_sha3_update,2439.final = safexcel_sha3_final,2440.finup = safexcel_sha3_finup,2441.digest = safexcel_sha3_224_digest,2442.export = safexcel_sha3_export,2443.import = safexcel_sha3_import,2444.halg = {2445.digestsize = SHA3_224_DIGEST_SIZE,2446.statesize = sizeof(struct safexcel_ahash_export_state),2447.base = {2448.cra_name = "sha3-224",2449.cra_driver_name = "safexcel-sha3-224",2450.cra_priority = SAFEXCEL_CRA_PRIORITY,2451.cra_flags = CRYPTO_ALG_ASYNC |2452CRYPTO_ALG_KERN_DRIVER_ONLY |2453CRYPTO_ALG_NEED_FALLBACK,2454.cra_blocksize = SHA3_224_BLOCK_SIZE,2455.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2456.cra_init = safexcel_sha3_cra_init,2457.cra_exit = safexcel_sha3_cra_exit,2458.cra_module = THIS_MODULE,2459},2460},2461},2462};24632464static int safexcel_sha3_256_init(struct ahash_request *areq)2465{2466struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2467struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2468struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);24692470memset(req, 0, sizeof(*req));24712472ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;2473req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;2474req->state_sz = SHA3_256_DIGEST_SIZE;2475req->digest_sz = SHA3_256_DIGEST_SIZE;2476req->block_sz = SHA3_256_BLOCK_SIZE;2477ctx->do_fallback = false;2478ctx->fb_init_done = false;2479return 0;2480}24812482static int safexcel_sha3_256_digest(struct ahash_request *req)2483{2484if (req->nbytes)2485return safexcel_sha3_256_init(req) ?: safexcel_ahash_finup(req);24862487/* HW cannot do zero length hash, use fallback instead */2488return safexcel_sha3_digest_fallback(req);2489}24902491struct safexcel_alg_template safexcel_alg_sha3_256 = {2492.type = SAFEXCEL_ALG_TYPE_AHASH,2493.algo_mask = SAFEXCEL_ALG_SHA3,2494.alg.ahash = {2495.init = safexcel_sha3_256_init,2496.update = safexcel_sha3_update,2497.final = safexcel_sha3_final,2498.finup = safexcel_sha3_finup,2499.digest = safexcel_sha3_256_digest,2500.export = safexcel_sha3_export,2501.import = safexcel_sha3_import,2502.halg = {2503.digestsize = SHA3_256_DIGEST_SIZE,2504.statesize = sizeof(struct safexcel_ahash_export_state),2505.base = {2506.cra_name = "sha3-256",2507.cra_driver_name = "safexcel-sha3-256",2508.cra_priority = SAFEXCEL_CRA_PRIORITY,2509.cra_flags = CRYPTO_ALG_ASYNC |2510CRYPTO_ALG_KERN_DRIVER_ONLY |2511CRYPTO_ALG_NEED_FALLBACK,2512.cra_blocksize = SHA3_256_BLOCK_SIZE,2513.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2514.cra_init = safexcel_sha3_cra_init,2515.cra_exit = safexcel_sha3_cra_exit,2516.cra_module = THIS_MODULE,2517},2518},2519},2520};25212522static int safexcel_sha3_384_init(struct ahash_request *areq)2523{2524struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2525struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2526struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);25272528memset(req, 0, sizeof(*req));25292530ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;2531req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;2532req->state_sz = SHA3_384_DIGEST_SIZE;2533req->digest_sz = SHA3_384_DIGEST_SIZE;2534req->block_sz = SHA3_384_BLOCK_SIZE;2535ctx->do_fallback = false;2536ctx->fb_init_done = false;2537return 0;2538}25392540static int safexcel_sha3_384_digest(struct ahash_request *req)2541{2542if (req->nbytes)2543return safexcel_sha3_384_init(req) ?: safexcel_ahash_finup(req);25442545/* HW cannot do zero length hash, use fallback instead */2546return safexcel_sha3_digest_fallback(req);2547}25482549struct safexcel_alg_template safexcel_alg_sha3_384 = {2550.type = SAFEXCEL_ALG_TYPE_AHASH,2551.algo_mask = SAFEXCEL_ALG_SHA3,2552.alg.ahash = {2553.init = safexcel_sha3_384_init,2554.update = safexcel_sha3_update,2555.final = safexcel_sha3_final,2556.finup = safexcel_sha3_finup,2557.digest = safexcel_sha3_384_digest,2558.export = safexcel_sha3_export,2559.import = safexcel_sha3_import,2560.halg = {2561.digestsize = SHA3_384_DIGEST_SIZE,2562.statesize = sizeof(struct safexcel_ahash_export_state),2563.base = {2564.cra_name = "sha3-384",2565.cra_driver_name = "safexcel-sha3-384",2566.cra_priority = SAFEXCEL_CRA_PRIORITY,2567.cra_flags = CRYPTO_ALG_ASYNC |2568CRYPTO_ALG_KERN_DRIVER_ONLY |2569CRYPTO_ALG_NEED_FALLBACK,2570.cra_blocksize = SHA3_384_BLOCK_SIZE,2571.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2572.cra_init = safexcel_sha3_cra_init,2573.cra_exit = safexcel_sha3_cra_exit,2574.cra_module = THIS_MODULE,2575},2576},2577},2578};25792580static int safexcel_sha3_512_init(struct ahash_request *areq)2581{2582struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2583struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2584struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);25852586memset(req, 0, sizeof(*req));25872588ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;2589req->digest = CONTEXT_CONTROL_DIGEST_INITIAL;2590req->state_sz = SHA3_512_DIGEST_SIZE;2591req->digest_sz = SHA3_512_DIGEST_SIZE;2592req->block_sz = SHA3_512_BLOCK_SIZE;2593ctx->do_fallback = false;2594ctx->fb_init_done = false;2595return 0;2596}25972598static int safexcel_sha3_512_digest(struct ahash_request *req)2599{2600if (req->nbytes)2601return safexcel_sha3_512_init(req) ?: safexcel_ahash_finup(req);26022603/* HW cannot do zero length hash, use fallback instead */2604return safexcel_sha3_digest_fallback(req);2605}26062607struct safexcel_alg_template safexcel_alg_sha3_512 = {2608.type = SAFEXCEL_ALG_TYPE_AHASH,2609.algo_mask = SAFEXCEL_ALG_SHA3,2610.alg.ahash = {2611.init = safexcel_sha3_512_init,2612.update = safexcel_sha3_update,2613.final = safexcel_sha3_final,2614.finup = safexcel_sha3_finup,2615.digest = safexcel_sha3_512_digest,2616.export = safexcel_sha3_export,2617.import = safexcel_sha3_import,2618.halg = {2619.digestsize = SHA3_512_DIGEST_SIZE,2620.statesize = sizeof(struct safexcel_ahash_export_state),2621.base = {2622.cra_name = "sha3-512",2623.cra_driver_name = "safexcel-sha3-512",2624.cra_priority = SAFEXCEL_CRA_PRIORITY,2625.cra_flags = CRYPTO_ALG_ASYNC |2626CRYPTO_ALG_KERN_DRIVER_ONLY |2627CRYPTO_ALG_NEED_FALLBACK,2628.cra_blocksize = SHA3_512_BLOCK_SIZE,2629.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2630.cra_init = safexcel_sha3_cra_init,2631.cra_exit = safexcel_sha3_cra_exit,2632.cra_module = THIS_MODULE,2633},2634},2635},2636};26372638static int safexcel_hmac_sha3_cra_init(struct crypto_tfm *tfm, const char *alg)2639{2640struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);2641int ret;26422643ret = safexcel_sha3_cra_init(tfm);2644if (ret)2645return ret;26462647/* Allocate precalc basic digest implementation */2648ctx->shpre = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK);2649if (IS_ERR(ctx->shpre))2650return PTR_ERR(ctx->shpre);26512652ctx->shdesc = kmalloc(sizeof(*ctx->shdesc) +2653crypto_shash_descsize(ctx->shpre), GFP_KERNEL);2654if (!ctx->shdesc) {2655crypto_free_shash(ctx->shpre);2656return -ENOMEM;2657}2658ctx->shdesc->tfm = ctx->shpre;2659return 0;2660}26612662static void safexcel_hmac_sha3_cra_exit(struct crypto_tfm *tfm)2663{2664struct safexcel_ahash_ctx *ctx = crypto_tfm_ctx(tfm);26652666crypto_free_ahash(ctx->fback);2667crypto_free_shash(ctx->shpre);2668kfree(ctx->shdesc);2669safexcel_ahash_cra_exit(tfm);2670}26712672static int safexcel_hmac_sha3_setkey(struct crypto_ahash *tfm, const u8 *key,2673unsigned int keylen)2674{2675struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2676int ret = 0;26772678if (keylen > crypto_ahash_blocksize(tfm)) {2679/*2680* If the key is larger than the blocksize, then hash it2681* first using our fallback cipher2682*/2683ret = crypto_shash_digest(ctx->shdesc, key, keylen,2684ctx->base.ipad.byte);2685keylen = crypto_shash_digestsize(ctx->shpre);26862687/*2688* If the digest is larger than half the blocksize, we need to2689* move the rest to opad due to the way our HMAC infra works.2690*/2691if (keylen > crypto_ahash_blocksize(tfm) / 2)2692/* Buffers overlap, need to use memmove iso memcpy! */2693memmove(&ctx->base.opad,2694ctx->base.ipad.byte +2695crypto_ahash_blocksize(tfm) / 2,2696keylen - crypto_ahash_blocksize(tfm) / 2);2697} else {2698/*2699* Copy the key to our ipad & opad buffers2700* Note that ipad and opad each contain one half of the key,2701* to match the existing HMAC driver infrastructure.2702*/2703if (keylen <= crypto_ahash_blocksize(tfm) / 2) {2704memcpy(&ctx->base.ipad, key, keylen);2705} else {2706memcpy(&ctx->base.ipad, key,2707crypto_ahash_blocksize(tfm) / 2);2708memcpy(&ctx->base.opad,2709key + crypto_ahash_blocksize(tfm) / 2,2710keylen - crypto_ahash_blocksize(tfm) / 2);2711}2712}27132714/* Pad key with zeroes */2715if (keylen <= crypto_ahash_blocksize(tfm) / 2) {2716memset(ctx->base.ipad.byte + keylen, 0,2717crypto_ahash_blocksize(tfm) / 2 - keylen);2718memset(&ctx->base.opad, 0, crypto_ahash_blocksize(tfm) / 2);2719} else {2720memset(ctx->base.opad.byte + keylen -2721crypto_ahash_blocksize(tfm) / 2, 0,2722crypto_ahash_blocksize(tfm) - keylen);2723}27242725/* If doing fallback, still need to set the new key! */2726ctx->fb_do_setkey = true;2727return ret;2728}27292730static int safexcel_hmac_sha3_224_init(struct ahash_request *areq)2731{2732struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2733struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2734struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);27352736memset(req, 0, sizeof(*req));27372738/* Copy (half of) the key */2739memcpy(req->state, &ctx->base.ipad, SHA3_224_BLOCK_SIZE / 2);2740/* Start of HMAC should have len == processed == blocksize */2741req->len = SHA3_224_BLOCK_SIZE;2742req->processed = SHA3_224_BLOCK_SIZE;2743ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_224;2744req->digest = CONTEXT_CONTROL_DIGEST_HMAC;2745req->state_sz = SHA3_224_BLOCK_SIZE / 2;2746req->digest_sz = SHA3_224_DIGEST_SIZE;2747req->block_sz = SHA3_224_BLOCK_SIZE;2748req->hmac = true;2749ctx->do_fallback = false;2750ctx->fb_init_done = false;2751return 0;2752}27532754static int safexcel_hmac_sha3_224_digest(struct ahash_request *req)2755{2756if (req->nbytes)2757return safexcel_hmac_sha3_224_init(req) ?:2758safexcel_ahash_finup(req);27592760/* HW cannot do zero length HMAC, use fallback instead */2761return safexcel_sha3_digest_fallback(req);2762}27632764static int safexcel_hmac_sha3_224_cra_init(struct crypto_tfm *tfm)2765{2766return safexcel_hmac_sha3_cra_init(tfm, "sha3-224");2767}27682769struct safexcel_alg_template safexcel_alg_hmac_sha3_224 = {2770.type = SAFEXCEL_ALG_TYPE_AHASH,2771.algo_mask = SAFEXCEL_ALG_SHA3,2772.alg.ahash = {2773.init = safexcel_hmac_sha3_224_init,2774.update = safexcel_sha3_update,2775.final = safexcel_sha3_final,2776.finup = safexcel_sha3_finup,2777.digest = safexcel_hmac_sha3_224_digest,2778.setkey = safexcel_hmac_sha3_setkey,2779.export = safexcel_sha3_export,2780.import = safexcel_sha3_import,2781.halg = {2782.digestsize = SHA3_224_DIGEST_SIZE,2783.statesize = sizeof(struct safexcel_ahash_export_state),2784.base = {2785.cra_name = "hmac(sha3-224)",2786.cra_driver_name = "safexcel-hmac-sha3-224",2787.cra_priority = SAFEXCEL_CRA_PRIORITY,2788.cra_flags = CRYPTO_ALG_ASYNC |2789CRYPTO_ALG_KERN_DRIVER_ONLY |2790CRYPTO_ALG_NEED_FALLBACK,2791.cra_blocksize = SHA3_224_BLOCK_SIZE,2792.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2793.cra_init = safexcel_hmac_sha3_224_cra_init,2794.cra_exit = safexcel_hmac_sha3_cra_exit,2795.cra_module = THIS_MODULE,2796},2797},2798},2799};28002801static int safexcel_hmac_sha3_256_init(struct ahash_request *areq)2802{2803struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2804struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2805struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);28062807memset(req, 0, sizeof(*req));28082809/* Copy (half of) the key */2810memcpy(req->state, &ctx->base.ipad, SHA3_256_BLOCK_SIZE / 2);2811/* Start of HMAC should have len == processed == blocksize */2812req->len = SHA3_256_BLOCK_SIZE;2813req->processed = SHA3_256_BLOCK_SIZE;2814ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_256;2815req->digest = CONTEXT_CONTROL_DIGEST_HMAC;2816req->state_sz = SHA3_256_BLOCK_SIZE / 2;2817req->digest_sz = SHA3_256_DIGEST_SIZE;2818req->block_sz = SHA3_256_BLOCK_SIZE;2819req->hmac = true;2820ctx->do_fallback = false;2821ctx->fb_init_done = false;2822return 0;2823}28242825static int safexcel_hmac_sha3_256_digest(struct ahash_request *req)2826{2827if (req->nbytes)2828return safexcel_hmac_sha3_256_init(req) ?:2829safexcel_ahash_finup(req);28302831/* HW cannot do zero length HMAC, use fallback instead */2832return safexcel_sha3_digest_fallback(req);2833}28342835static int safexcel_hmac_sha3_256_cra_init(struct crypto_tfm *tfm)2836{2837return safexcel_hmac_sha3_cra_init(tfm, "sha3-256");2838}28392840struct safexcel_alg_template safexcel_alg_hmac_sha3_256 = {2841.type = SAFEXCEL_ALG_TYPE_AHASH,2842.algo_mask = SAFEXCEL_ALG_SHA3,2843.alg.ahash = {2844.init = safexcel_hmac_sha3_256_init,2845.update = safexcel_sha3_update,2846.final = safexcel_sha3_final,2847.finup = safexcel_sha3_finup,2848.digest = safexcel_hmac_sha3_256_digest,2849.setkey = safexcel_hmac_sha3_setkey,2850.export = safexcel_sha3_export,2851.import = safexcel_sha3_import,2852.halg = {2853.digestsize = SHA3_256_DIGEST_SIZE,2854.statesize = sizeof(struct safexcel_ahash_export_state),2855.base = {2856.cra_name = "hmac(sha3-256)",2857.cra_driver_name = "safexcel-hmac-sha3-256",2858.cra_priority = SAFEXCEL_CRA_PRIORITY,2859.cra_flags = CRYPTO_ALG_ASYNC |2860CRYPTO_ALG_KERN_DRIVER_ONLY |2861CRYPTO_ALG_NEED_FALLBACK,2862.cra_blocksize = SHA3_256_BLOCK_SIZE,2863.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2864.cra_init = safexcel_hmac_sha3_256_cra_init,2865.cra_exit = safexcel_hmac_sha3_cra_exit,2866.cra_module = THIS_MODULE,2867},2868},2869},2870};28712872static int safexcel_hmac_sha3_384_init(struct ahash_request *areq)2873{2874struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2875struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2876struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);28772878memset(req, 0, sizeof(*req));28792880/* Copy (half of) the key */2881memcpy(req->state, &ctx->base.ipad, SHA3_384_BLOCK_SIZE / 2);2882/* Start of HMAC should have len == processed == blocksize */2883req->len = SHA3_384_BLOCK_SIZE;2884req->processed = SHA3_384_BLOCK_SIZE;2885ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_384;2886req->digest = CONTEXT_CONTROL_DIGEST_HMAC;2887req->state_sz = SHA3_384_BLOCK_SIZE / 2;2888req->digest_sz = SHA3_384_DIGEST_SIZE;2889req->block_sz = SHA3_384_BLOCK_SIZE;2890req->hmac = true;2891ctx->do_fallback = false;2892ctx->fb_init_done = false;2893return 0;2894}28952896static int safexcel_hmac_sha3_384_digest(struct ahash_request *req)2897{2898if (req->nbytes)2899return safexcel_hmac_sha3_384_init(req) ?:2900safexcel_ahash_finup(req);29012902/* HW cannot do zero length HMAC, use fallback instead */2903return safexcel_sha3_digest_fallback(req);2904}29052906static int safexcel_hmac_sha3_384_cra_init(struct crypto_tfm *tfm)2907{2908return safexcel_hmac_sha3_cra_init(tfm, "sha3-384");2909}29102911struct safexcel_alg_template safexcel_alg_hmac_sha3_384 = {2912.type = SAFEXCEL_ALG_TYPE_AHASH,2913.algo_mask = SAFEXCEL_ALG_SHA3,2914.alg.ahash = {2915.init = safexcel_hmac_sha3_384_init,2916.update = safexcel_sha3_update,2917.final = safexcel_sha3_final,2918.finup = safexcel_sha3_finup,2919.digest = safexcel_hmac_sha3_384_digest,2920.setkey = safexcel_hmac_sha3_setkey,2921.export = safexcel_sha3_export,2922.import = safexcel_sha3_import,2923.halg = {2924.digestsize = SHA3_384_DIGEST_SIZE,2925.statesize = sizeof(struct safexcel_ahash_export_state),2926.base = {2927.cra_name = "hmac(sha3-384)",2928.cra_driver_name = "safexcel-hmac-sha3-384",2929.cra_priority = SAFEXCEL_CRA_PRIORITY,2930.cra_flags = CRYPTO_ALG_ASYNC |2931CRYPTO_ALG_KERN_DRIVER_ONLY |2932CRYPTO_ALG_NEED_FALLBACK,2933.cra_blocksize = SHA3_384_BLOCK_SIZE,2934.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),2935.cra_init = safexcel_hmac_sha3_384_cra_init,2936.cra_exit = safexcel_hmac_sha3_cra_exit,2937.cra_module = THIS_MODULE,2938},2939},2940},2941};29422943static int safexcel_hmac_sha3_512_init(struct ahash_request *areq)2944{2945struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);2946struct safexcel_ahash_ctx *ctx = crypto_ahash_ctx(tfm);2947struct safexcel_ahash_req *req = ahash_request_ctx_dma(areq);29482949memset(req, 0, sizeof(*req));29502951/* Copy (half of) the key */2952memcpy(req->state, &ctx->base.ipad, SHA3_512_BLOCK_SIZE / 2);2953/* Start of HMAC should have len == processed == blocksize */2954req->len = SHA3_512_BLOCK_SIZE;2955req->processed = SHA3_512_BLOCK_SIZE;2956ctx->alg = CONTEXT_CONTROL_CRYPTO_ALG_SHA3_512;2957req->digest = CONTEXT_CONTROL_DIGEST_HMAC;2958req->state_sz = SHA3_512_BLOCK_SIZE / 2;2959req->digest_sz = SHA3_512_DIGEST_SIZE;2960req->block_sz = SHA3_512_BLOCK_SIZE;2961req->hmac = true;2962ctx->do_fallback = false;2963ctx->fb_init_done = false;2964return 0;2965}29662967static int safexcel_hmac_sha3_512_digest(struct ahash_request *req)2968{2969if (req->nbytes)2970return safexcel_hmac_sha3_512_init(req) ?:2971safexcel_ahash_finup(req);29722973/* HW cannot do zero length HMAC, use fallback instead */2974return safexcel_sha3_digest_fallback(req);2975}29762977static int safexcel_hmac_sha3_512_cra_init(struct crypto_tfm *tfm)2978{2979return safexcel_hmac_sha3_cra_init(tfm, "sha3-512");2980}2981struct safexcel_alg_template safexcel_alg_hmac_sha3_512 = {2982.type = SAFEXCEL_ALG_TYPE_AHASH,2983.algo_mask = SAFEXCEL_ALG_SHA3,2984.alg.ahash = {2985.init = safexcel_hmac_sha3_512_init,2986.update = safexcel_sha3_update,2987.final = safexcel_sha3_final,2988.finup = safexcel_sha3_finup,2989.digest = safexcel_hmac_sha3_512_digest,2990.setkey = safexcel_hmac_sha3_setkey,2991.export = safexcel_sha3_export,2992.import = safexcel_sha3_import,2993.halg = {2994.digestsize = SHA3_512_DIGEST_SIZE,2995.statesize = sizeof(struct safexcel_ahash_export_state),2996.base = {2997.cra_name = "hmac(sha3-512)",2998.cra_driver_name = "safexcel-hmac-sha3-512",2999.cra_priority = SAFEXCEL_CRA_PRIORITY,3000.cra_flags = CRYPTO_ALG_ASYNC |3001CRYPTO_ALG_KERN_DRIVER_ONLY |3002CRYPTO_ALG_NEED_FALLBACK,3003.cra_blocksize = SHA3_512_BLOCK_SIZE,3004.cra_ctxsize = sizeof(struct safexcel_ahash_ctx),3005.cra_init = safexcel_hmac_sha3_512_cra_init,3006.cra_exit = safexcel_hmac_sha3_cra_exit,3007.cra_module = THIS_MODULE,3008},3009},3010},3011};301230133014