linux/drivers/crypto/bcm/cipher.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Copyright 2016 Broadcom
   4 */
   5
   6#include <linux/err.h>
   7#include <linux/module.h>
   8#include <linux/init.h>
   9#include <linux/errno.h>
  10#include <linux/kernel.h>
  11#include <linux/interrupt.h>
  12#include <linux/platform_device.h>
  13#include <linux/scatterlist.h>
  14#include <linux/crypto.h>
  15#include <linux/kthread.h>
  16#include <linux/rtnetlink.h>
  17#include <linux/sched.h>
  18#include <linux/of_address.h>
  19#include <linux/of_device.h>
  20#include <linux/io.h>
  21#include <linux/bitops.h>
  22
  23#include <crypto/algapi.h>
  24#include <crypto/aead.h>
  25#include <crypto/internal/aead.h>
  26#include <crypto/aes.h>
  27#include <crypto/internal/des.h>
  28#include <crypto/hmac.h>
  29#include <crypto/sha.h>
  30#include <crypto/md5.h>
  31#include <crypto/authenc.h>
  32#include <crypto/skcipher.h>
  33#include <crypto/hash.h>
  34#include <crypto/sha3.h>
  35
  36#include "util.h"
  37#include "cipher.h"
  38#include "spu.h"
  39#include "spum.h"
  40#include "spu2.h"
  41
  42/* ================= Device Structure ================== */
  43
  44struct device_private iproc_priv;
  45
  46/* ==================== Parameters ===================== */
  47
  48int flow_debug_logging;
  49module_param(flow_debug_logging, int, 0644);
  50MODULE_PARM_DESC(flow_debug_logging, "Enable Flow Debug Logging");
  51
  52int packet_debug_logging;
  53module_param(packet_debug_logging, int, 0644);
  54MODULE_PARM_DESC(packet_debug_logging, "Enable Packet Debug Logging");
  55
  56int debug_logging_sleep;
  57module_param(debug_logging_sleep, int, 0644);
  58MODULE_PARM_DESC(debug_logging_sleep, "Packet Debug Logging Sleep");
  59
  60/*
  61 * The value of these module parameters is used to set the priority for each
  62 * algo type when this driver registers algos with the kernel crypto API.
  63 * To use a priority other than the default, set the priority in the insmod or
  64 * modprobe. Changing the module priority after init time has no effect.
  65 *
  66 * The default priorities are chosen to be lower (less preferred) than ARMv8 CE
  67 * algos, but more preferred than generic software algos.
  68 */
  69static int cipher_pri = 150;
  70module_param(cipher_pri, int, 0644);
  71MODULE_PARM_DESC(cipher_pri, "Priority for cipher algos");
  72
  73static int hash_pri = 100;
  74module_param(hash_pri, int, 0644);
  75MODULE_PARM_DESC(hash_pri, "Priority for hash algos");
  76
  77static int aead_pri = 150;
  78module_param(aead_pri, int, 0644);
  79MODULE_PARM_DESC(aead_pri, "Priority for AEAD algos");
  80
  81/* A type 3 BCM header, expected to precede the SPU header for SPU-M.
  82 * Bits 3 and 4 in the first byte encode the channel number (the dma ringset).
  83 * 0x60 - ring 0
  84 * 0x68 - ring 1
  85 * 0x70 - ring 2
  86 * 0x78 - ring 3
  87 */
  88static char BCMHEADER[] = { 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x28 };
  89/*
  90 * Some SPU hw does not use BCM header on SPU messages. So BCM_HDR_LEN
  91 * is set dynamically after reading SPU type from device tree.
  92 */
  93#define BCM_HDR_LEN  iproc_priv.bcm_hdr_len
  94
  95/* min and max time to sleep before retrying when mbox queue is full. usec */
  96#define MBOX_SLEEP_MIN  800
  97#define MBOX_SLEEP_MAX 1000
  98
  99/**
 100 * select_channel() - Select a SPU channel to handle a crypto request. Selects
 101 * channel in round robin order.
 102 *
 103 * Return:  channel index
 104 */
 105static u8 select_channel(void)
 106{
 107        u8 chan_idx = atomic_inc_return(&iproc_priv.next_chan);
 108
 109        return chan_idx % iproc_priv.spu.num_chan;
 110}
 111
 112/**
 113 * spu_skcipher_rx_sg_create() - Build up the scatterlist of buffers used to
 114 * receive a SPU response message for an skcipher request. Includes buffers to
 115 * catch SPU message headers and the response data.
 116 * @mssg:       mailbox message containing the receive sg
 117 * @rctx:       crypto request context
 118 * @rx_frag_num: number of scatterlist elements required to hold the
 119 *              SPU response message
 120 * @chunksize:  Number of bytes of response data expected
 121 * @stat_pad_len: Number of bytes required to pad the STAT field to
 122 *              a 4-byte boundary
 123 *
 124 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
 125 * when the request completes, whether the request is handled successfully or
 126 * there is an error.
 127 *
 128 * Returns:
 129 *   0 if successful
 130 *   < 0 if an error
 131 */
 132static int
 133spu_skcipher_rx_sg_create(struct brcm_message *mssg,
 134                            struct iproc_reqctx_s *rctx,
 135                            u8 rx_frag_num,
 136                            unsigned int chunksize, u32 stat_pad_len)
 137{
 138        struct spu_hw *spu = &iproc_priv.spu;
 139        struct scatterlist *sg; /* used to build sgs in mbox message */
 140        struct iproc_ctx_s *ctx = rctx->ctx;
 141        u32 datalen;            /* Number of bytes of response data expected */
 142
 143        mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
 144                                rctx->gfp);
 145        if (!mssg->spu.dst)
 146                return -ENOMEM;
 147
 148        sg = mssg->spu.dst;
 149        sg_init_table(sg, rx_frag_num);
 150        /* Space for SPU message header */
 151        sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
 152
 153        /* If XTS tweak in payload, add buffer to receive encrypted tweak */
 154        if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
 155            spu->spu_xts_tweak_in_payload())
 156                sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak,
 157                           SPU_XTS_TWEAK_SIZE);
 158
 159        /* Copy in each dst sg entry from request, up to chunksize */
 160        datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
 161                                 rctx->dst_nents, chunksize);
 162        if (datalen < chunksize) {
 163                pr_err("%s(): failed to copy dst sg to mbox msg. chunksize %u, datalen %u",
 164                       __func__, chunksize, datalen);
 165                return -EFAULT;
 166        }
 167
 168        if (ctx->cipher.alg == CIPHER_ALG_RC4)
 169                /* Add buffer to catch 260-byte SUPDT field for RC4 */
 170                sg_set_buf(sg++, rctx->msg_buf.c.supdt_tweak, SPU_SUPDT_LEN);
 171
 172        if (stat_pad_len)
 173                sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
 174
 175        memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
 176        sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
 177
 178        return 0;
 179}
 180
 181/**
 182 * spu_skcipher_tx_sg_create() - Build up the scatterlist of buffers used to
 183 * send a SPU request message for an skcipher request. Includes SPU message
 184 * headers and the request data.
 185 * @mssg:       mailbox message containing the transmit sg
 186 * @rctx:       crypto request context
 187 * @tx_frag_num: number of scatterlist elements required to construct the
 188 *              SPU request message
 189 * @chunksize:  Number of bytes of request data
 190 * @pad_len:    Number of pad bytes
 191 *
 192 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
 193 * when the request completes, whether the request is handled successfully or
 194 * there is an error.
 195 *
 196 * Returns:
 197 *   0 if successful
 198 *   < 0 if an error
 199 */
 200static int
 201spu_skcipher_tx_sg_create(struct brcm_message *mssg,
 202                            struct iproc_reqctx_s *rctx,
 203                            u8 tx_frag_num, unsigned int chunksize, u32 pad_len)
 204{
 205        struct spu_hw *spu = &iproc_priv.spu;
 206        struct scatterlist *sg; /* used to build sgs in mbox message */
 207        struct iproc_ctx_s *ctx = rctx->ctx;
 208        u32 datalen;            /* Number of bytes of response data expected */
 209        u32 stat_len;
 210
 211        mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
 212                                rctx->gfp);
 213        if (unlikely(!mssg->spu.src))
 214                return -ENOMEM;
 215
 216        sg = mssg->spu.src;
 217        sg_init_table(sg, tx_frag_num);
 218
 219        sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
 220                   BCM_HDR_LEN + ctx->spu_req_hdr_len);
 221
 222        /* if XTS tweak in payload, copy from IV (where crypto API puts it) */
 223        if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
 224            spu->spu_xts_tweak_in_payload())
 225                sg_set_buf(sg++, rctx->msg_buf.iv_ctr, SPU_XTS_TWEAK_SIZE);
 226
 227        /* Copy in each src sg entry from request, up to chunksize */
 228        datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
 229                                 rctx->src_nents, chunksize);
 230        if (unlikely(datalen < chunksize)) {
 231                pr_err("%s(): failed to copy src sg to mbox msg",
 232                       __func__);
 233                return -EFAULT;
 234        }
 235
 236        if (pad_len)
 237                sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
 238
 239        stat_len = spu->spu_tx_status_len();
 240        if (stat_len) {
 241                memset(rctx->msg_buf.tx_stat, 0, stat_len);
 242                sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
 243        }
 244        return 0;
 245}
 246
 247static int mailbox_send_message(struct brcm_message *mssg, u32 flags,
 248                                u8 chan_idx)
 249{
 250        int err;
 251        int retry_cnt = 0;
 252        struct device *dev = &(iproc_priv.pdev->dev);
 253
 254        err = mbox_send_message(iproc_priv.mbox[chan_idx], mssg);
 255        if (flags & CRYPTO_TFM_REQ_MAY_SLEEP) {
 256                while ((err == -ENOBUFS) && (retry_cnt < SPU_MB_RETRY_MAX)) {
 257                        /*
 258                         * Mailbox queue is full. Since MAY_SLEEP is set, assume
 259                         * not in atomic context and we can wait and try again.
 260                         */
 261                        retry_cnt++;
 262                        usleep_range(MBOX_SLEEP_MIN, MBOX_SLEEP_MAX);
 263                        err = mbox_send_message(iproc_priv.mbox[chan_idx],
 264                                                mssg);
 265                        atomic_inc(&iproc_priv.mb_no_spc);
 266                }
 267        }
 268        if (err < 0) {
 269                atomic_inc(&iproc_priv.mb_send_fail);
 270                return err;
 271        }
 272
 273        /* Check error returned by mailbox controller */
 274        err = mssg->error;
 275        if (unlikely(err < 0)) {
 276                dev_err(dev, "message error %d", err);
 277                /* Signal txdone for mailbox channel */
 278        }
 279
 280        /* Signal txdone for mailbox channel */
 281        mbox_client_txdone(iproc_priv.mbox[chan_idx], err);
 282        return err;
 283}
 284
 285/**
 286 * handle_skcipher_req() - Submit as much of a block cipher request as fits in
 287 * a single SPU request message, starting at the current position in the request
 288 * data.
 289 * @rctx:       Crypto request context
 290 *
 291 * This may be called on the crypto API thread, or, when a request is so large
 292 * it must be broken into multiple SPU messages, on the thread used to invoke
 293 * the response callback. When requests are broken into multiple SPU
 294 * messages, we assume subsequent messages depend on previous results, and
 295 * thus always wait for previous results before submitting the next message.
 296 * Because requests are submitted in lock step like this, there is no need
 297 * to synchronize access to request data structures.
 298 *
 299 * Return: -EINPROGRESS: request has been accepted and result will be returned
 300 *                       asynchronously
 301 *         Any other value indicates an error
 302 */
 303static int handle_skcipher_req(struct iproc_reqctx_s *rctx)
 304{
 305        struct spu_hw *spu = &iproc_priv.spu;
 306        struct crypto_async_request *areq = rctx->parent;
 307        struct skcipher_request *req =
 308            container_of(areq, struct skcipher_request, base);
 309        struct iproc_ctx_s *ctx = rctx->ctx;
 310        struct spu_cipher_parms cipher_parms;
 311        int err;
 312        unsigned int chunksize; /* Num bytes of request to submit */
 313        int remaining;  /* Bytes of request still to process */
 314        int chunk_start;        /* Beginning of data for current SPU msg */
 315
 316        /* IV or ctr value to use in this SPU msg */
 317        u8 local_iv_ctr[MAX_IV_SIZE];
 318        u32 stat_pad_len;       /* num bytes to align status field */
 319        u32 pad_len;            /* total length of all padding */
 320        bool update_key = false;
 321        struct brcm_message *mssg;      /* mailbox message */
 322
 323        /* number of entries in src and dst sg in mailbox message. */
 324        u8 rx_frag_num = 2;     /* response header and STATUS */
 325        u8 tx_frag_num = 1;     /* request header */
 326
 327        flow_log("%s\n", __func__);
 328
 329        cipher_parms.alg = ctx->cipher.alg;
 330        cipher_parms.mode = ctx->cipher.mode;
 331        cipher_parms.type = ctx->cipher_type;
 332        cipher_parms.key_len = ctx->enckeylen;
 333        cipher_parms.key_buf = ctx->enckey;
 334        cipher_parms.iv_buf = local_iv_ctr;
 335        cipher_parms.iv_len = rctx->iv_ctr_len;
 336
 337        mssg = &rctx->mb_mssg;
 338        chunk_start = rctx->src_sent;
 339        remaining = rctx->total_todo - chunk_start;
 340
 341        /* determine the chunk we are breaking off and update the indexes */
 342        if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
 343            (remaining > ctx->max_payload))
 344                chunksize = ctx->max_payload;
 345        else
 346                chunksize = remaining;
 347
 348        rctx->src_sent += chunksize;
 349        rctx->total_sent = rctx->src_sent;
 350
 351        /* Count number of sg entries to be included in this request */
 352        rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
 353        rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
 354
 355        if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
 356            rctx->is_encrypt && chunk_start)
 357                /*
 358                 * Encrypting non-first first chunk. Copy last block of
 359                 * previous result to IV for this chunk.
 360                 */
 361                sg_copy_part_to_buf(req->dst, rctx->msg_buf.iv_ctr,
 362                                    rctx->iv_ctr_len,
 363                                    chunk_start - rctx->iv_ctr_len);
 364
 365        if (rctx->iv_ctr_len) {
 366                /* get our local copy of the iv */
 367                __builtin_memcpy(local_iv_ctr, rctx->msg_buf.iv_ctr,
 368                                 rctx->iv_ctr_len);
 369
 370                /* generate the next IV if possible */
 371                if ((ctx->cipher.mode == CIPHER_MODE_CBC) &&
 372                    !rctx->is_encrypt) {
 373                        /*
 374                         * CBC Decrypt: next IV is the last ciphertext block in
 375                         * this chunk
 376                         */
 377                        sg_copy_part_to_buf(req->src, rctx->msg_buf.iv_ctr,
 378                                            rctx->iv_ctr_len,
 379                                            rctx->src_sent - rctx->iv_ctr_len);
 380                } else if (ctx->cipher.mode == CIPHER_MODE_CTR) {
 381                        /*
 382                         * The SPU hardware increments the counter once for
 383                         * each AES block of 16 bytes. So update the counter
 384                         * for the next chunk, if there is one. Note that for
 385                         * this chunk, the counter has already been copied to
 386                         * local_iv_ctr. We can assume a block size of 16,
 387                         * because we only support CTR mode for AES, not for
 388                         * any other cipher alg.
 389                         */
 390                        add_to_ctr(rctx->msg_buf.iv_ctr, chunksize >> 4);
 391                }
 392        }
 393
 394        if (ctx->cipher.alg == CIPHER_ALG_RC4) {
 395                rx_frag_num++;
 396                if (chunk_start) {
 397                        /*
 398                         * for non-first RC4 chunks, use SUPDT from previous
 399                         * response as key for this chunk.
 400                         */
 401                        cipher_parms.key_buf = rctx->msg_buf.c.supdt_tweak;
 402                        update_key = true;
 403                        cipher_parms.type = CIPHER_TYPE_UPDT;
 404                } else if (!rctx->is_encrypt) {
 405                        /*
 406                         * First RC4 chunk. For decrypt, key in pre-built msg
 407                         * header may have been changed if encrypt required
 408                         * multiple chunks. So revert the key to the
 409                         * ctx->enckey value.
 410                         */
 411                        update_key = true;
 412                        cipher_parms.type = CIPHER_TYPE_INIT;
 413                }
 414        }
 415
 416        if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
 417                flow_log("max_payload infinite\n");
 418        else
 419                flow_log("max_payload %u\n", ctx->max_payload);
 420
 421        flow_log("sent:%u start:%u remains:%u size:%u\n",
 422                 rctx->src_sent, chunk_start, remaining, chunksize);
 423
 424        /* Copy SPU header template created at setkey time */
 425        memcpy(rctx->msg_buf.bcm_spu_req_hdr, ctx->bcm_spu_req_hdr,
 426               sizeof(rctx->msg_buf.bcm_spu_req_hdr));
 427
 428        /*
 429         * Pass SUPDT field as key. Key field in finish() call is only used
 430         * when update_key has been set above for RC4. Will be ignored in
 431         * all other cases.
 432         */
 433        spu->spu_cipher_req_finish(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
 434                                   ctx->spu_req_hdr_len, !(rctx->is_encrypt),
 435                                   &cipher_parms, update_key, chunksize);
 436
 437        atomic64_add(chunksize, &iproc_priv.bytes_out);
 438
 439        stat_pad_len = spu->spu_wordalign_padlen(chunksize);
 440        if (stat_pad_len)
 441                rx_frag_num++;
 442        pad_len = stat_pad_len;
 443        if (pad_len) {
 444                tx_frag_num++;
 445                spu->spu_request_pad(rctx->msg_buf.spu_req_pad, 0,
 446                                     0, ctx->auth.alg, ctx->auth.mode,
 447                                     rctx->total_sent, stat_pad_len);
 448        }
 449
 450        spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
 451                              ctx->spu_req_hdr_len);
 452        packet_log("payload:\n");
 453        dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
 454        packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
 455
 456        /*
 457         * Build mailbox message containing SPU request msg and rx buffers
 458         * to catch response message
 459         */
 460        memset(mssg, 0, sizeof(*mssg));
 461        mssg->type = BRCM_MESSAGE_SPU;
 462        mssg->ctx = rctx;       /* Will be returned in response */
 463
 464        /* Create rx scatterlist to catch result */
 465        rx_frag_num += rctx->dst_nents;
 466
 467        if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
 468            spu->spu_xts_tweak_in_payload())
 469                rx_frag_num++;  /* extra sg to insert tweak */
 470
 471        err = spu_skcipher_rx_sg_create(mssg, rctx, rx_frag_num, chunksize,
 472                                          stat_pad_len);
 473        if (err)
 474                return err;
 475
 476        /* Create tx scatterlist containing SPU request message */
 477        tx_frag_num += rctx->src_nents;
 478        if (spu->spu_tx_status_len())
 479                tx_frag_num++;
 480
 481        if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
 482            spu->spu_xts_tweak_in_payload())
 483                tx_frag_num++;  /* extra sg to insert tweak */
 484
 485        err = spu_skcipher_tx_sg_create(mssg, rctx, tx_frag_num, chunksize,
 486                                          pad_len);
 487        if (err)
 488                return err;
 489
 490        err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
 491        if (unlikely(err < 0))
 492                return err;
 493
 494        return -EINPROGRESS;
 495}
 496
 497/**
 498 * handle_skcipher_resp() - Process a block cipher SPU response. Updates the
 499 * total received count for the request and updates global stats.
 500 * @rctx:       Crypto request context
 501 */
 502static void handle_skcipher_resp(struct iproc_reqctx_s *rctx)
 503{
 504        struct spu_hw *spu = &iproc_priv.spu;
 505#ifdef DEBUG
 506        struct crypto_async_request *areq = rctx->parent;
 507        struct skcipher_request *req = skcipher_request_cast(areq);
 508#endif
 509        struct iproc_ctx_s *ctx = rctx->ctx;
 510        u32 payload_len;
 511
 512        /* See how much data was returned */
 513        payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
 514
 515        /*
 516         * In XTS mode, the first SPU_XTS_TWEAK_SIZE bytes may be the
 517         * encrypted tweak ("i") value; we don't count those.
 518         */
 519        if ((ctx->cipher.mode == CIPHER_MODE_XTS) &&
 520            spu->spu_xts_tweak_in_payload() &&
 521            (payload_len >= SPU_XTS_TWEAK_SIZE))
 522                payload_len -= SPU_XTS_TWEAK_SIZE;
 523
 524        atomic64_add(payload_len, &iproc_priv.bytes_in);
 525
 526        flow_log("%s() offset: %u, bd_len: %u BD:\n",
 527                 __func__, rctx->total_received, payload_len);
 528
 529        dump_sg(req->dst, rctx->total_received, payload_len);
 530        if (ctx->cipher.alg == CIPHER_ALG_RC4)
 531                packet_dump("  supdt ", rctx->msg_buf.c.supdt_tweak,
 532                            SPU_SUPDT_LEN);
 533
 534        rctx->total_received += payload_len;
 535        if (rctx->total_received == rctx->total_todo) {
 536                atomic_inc(&iproc_priv.op_counts[SPU_OP_CIPHER]);
 537                atomic_inc(
 538                   &iproc_priv.cipher_cnt[ctx->cipher.alg][ctx->cipher.mode]);
 539        }
 540}
 541
 542/**
 543 * spu_ahash_rx_sg_create() - Build up the scatterlist of buffers used to
 544 * receive a SPU response message for an ahash request.
 545 * @mssg:       mailbox message containing the receive sg
 546 * @rctx:       crypto request context
 547 * @rx_frag_num: number of scatterlist elements required to hold the
 548 *              SPU response message
 549 * @digestsize: length of hash digest, in bytes
 550 * @stat_pad_len: Number of bytes required to pad the STAT field to
 551 *              a 4-byte boundary
 552 *
 553 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
 554 * when the request completes, whether the request is handled successfully or
 555 * there is an error.
 556 *
 557 * Return:
 558 *   0 if successful
 559 *   < 0 if an error
 560 */
 561static int
 562spu_ahash_rx_sg_create(struct brcm_message *mssg,
 563                       struct iproc_reqctx_s *rctx,
 564                       u8 rx_frag_num, unsigned int digestsize,
 565                       u32 stat_pad_len)
 566{
 567        struct spu_hw *spu = &iproc_priv.spu;
 568        struct scatterlist *sg; /* used to build sgs in mbox message */
 569        struct iproc_ctx_s *ctx = rctx->ctx;
 570
 571        mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
 572                                rctx->gfp);
 573        if (!mssg->spu.dst)
 574                return -ENOMEM;
 575
 576        sg = mssg->spu.dst;
 577        sg_init_table(sg, rx_frag_num);
 578        /* Space for SPU message header */
 579        sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
 580
 581        /* Space for digest */
 582        sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
 583
 584        if (stat_pad_len)
 585                sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
 586
 587        memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
 588        sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
 589        return 0;
 590}
 591
 592/**
 593 * spu_ahash_tx_sg_create() -  Build up the scatterlist of buffers used to send
 594 * a SPU request message for an ahash request. Includes SPU message headers and
 595 * the request data.
 596 * @mssg:       mailbox message containing the transmit sg
 597 * @rctx:       crypto request context
 598 * @tx_frag_num: number of scatterlist elements required to construct the
 599 *              SPU request message
 600 * @spu_hdr_len: length in bytes of SPU message header
 601 * @hash_carry_len: Number of bytes of data carried over from previous req
 602 * @new_data_len: Number of bytes of new request data
 603 * @pad_len:    Number of pad bytes
 604 *
 605 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
 606 * when the request completes, whether the request is handled successfully or
 607 * there is an error.
 608 *
 609 * Return:
 610 *   0 if successful
 611 *   < 0 if an error
 612 */
 613static int
 614spu_ahash_tx_sg_create(struct brcm_message *mssg,
 615                       struct iproc_reqctx_s *rctx,
 616                       u8 tx_frag_num,
 617                       u32 spu_hdr_len,
 618                       unsigned int hash_carry_len,
 619                       unsigned int new_data_len, u32 pad_len)
 620{
 621        struct spu_hw *spu = &iproc_priv.spu;
 622        struct scatterlist *sg; /* used to build sgs in mbox message */
 623        u32 datalen;            /* Number of bytes of response data expected */
 624        u32 stat_len;
 625
 626        mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
 627                                rctx->gfp);
 628        if (!mssg->spu.src)
 629                return -ENOMEM;
 630
 631        sg = mssg->spu.src;
 632        sg_init_table(sg, tx_frag_num);
 633
 634        sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
 635                   BCM_HDR_LEN + spu_hdr_len);
 636
 637        if (hash_carry_len)
 638                sg_set_buf(sg++, rctx->hash_carry, hash_carry_len);
 639
 640        if (new_data_len) {
 641                /* Copy in each src sg entry from request, up to chunksize */
 642                datalen = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
 643                                         rctx->src_nents, new_data_len);
 644                if (datalen < new_data_len) {
 645                        pr_err("%s(): failed to copy src sg to mbox msg",
 646                               __func__);
 647                        return -EFAULT;
 648                }
 649        }
 650
 651        if (pad_len)
 652                sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
 653
 654        stat_len = spu->spu_tx_status_len();
 655        if (stat_len) {
 656                memset(rctx->msg_buf.tx_stat, 0, stat_len);
 657                sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
 658        }
 659
 660        return 0;
 661}
 662
 663/**
 664 * handle_ahash_req() - Process an asynchronous hash request from the crypto
 665 * API.
 666 * @rctx:  Crypto request context
 667 *
 668 * Builds a SPU request message embedded in a mailbox message and submits the
 669 * mailbox message on a selected mailbox channel. The SPU request message is
 670 * constructed as a scatterlist, including entries from the crypto API's
 671 * src scatterlist to avoid copying the data to be hashed. This function is
 672 * called either on the thread from the crypto API, or, in the case that the
 673 * crypto API request is too large to fit in a single SPU request message,
 674 * on the thread that invokes the receive callback with a response message.
 675 * Because some operations require the response from one chunk before the next
 676 * chunk can be submitted, we always wait for the response for the previous
 677 * chunk before submitting the next chunk. Because requests are submitted in
 678 * lock step like this, there is no need to synchronize access to request data
 679 * structures.
 680 *
 681 * Return:
 682 *   -EINPROGRESS: request has been submitted to SPU and response will be
 683 *                 returned asynchronously
 684 *   -EAGAIN:      non-final request included a small amount of data, which for
 685 *                 efficiency we did not submit to the SPU, but instead stored
 686 *                 to be submitted to the SPU with the next part of the request
 687 *   other:        an error code
 688 */
 689static int handle_ahash_req(struct iproc_reqctx_s *rctx)
 690{
 691        struct spu_hw *spu = &iproc_priv.spu;
 692        struct crypto_async_request *areq = rctx->parent;
 693        struct ahash_request *req = ahash_request_cast(areq);
 694        struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
 695        struct crypto_tfm *tfm = crypto_ahash_tfm(ahash);
 696        unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
 697        struct iproc_ctx_s *ctx = rctx->ctx;
 698
 699        /* number of bytes still to be hashed in this req */
 700        unsigned int nbytes_to_hash = 0;
 701        int err;
 702        unsigned int chunksize = 0;     /* length of hash carry + new data */
 703        /*
 704         * length of new data, not from hash carry, to be submitted in
 705         * this hw request
 706         */
 707        unsigned int new_data_len;
 708
 709        unsigned int __maybe_unused chunk_start = 0;
 710        u32 db_size;     /* Length of data field, incl gcm and hash padding */
 711        int pad_len = 0; /* total pad len, including gcm, hash, stat padding */
 712        u32 data_pad_len = 0;   /* length of GCM/CCM padding */
 713        u32 stat_pad_len = 0;   /* length of padding to align STATUS word */
 714        struct brcm_message *mssg;      /* mailbox message */
 715        struct spu_request_opts req_opts;
 716        struct spu_cipher_parms cipher_parms;
 717        struct spu_hash_parms hash_parms;
 718        struct spu_aead_parms aead_parms;
 719        unsigned int local_nbuf;
 720        u32 spu_hdr_len;
 721        unsigned int digestsize;
 722        u16 rem = 0;
 723
 724        /*
 725         * number of entries in src and dst sg. Always includes SPU msg header.
 726         * rx always includes a buffer to catch digest and STATUS.
 727         */
 728        u8 rx_frag_num = 3;
 729        u8 tx_frag_num = 1;
 730
 731        flow_log("total_todo %u, total_sent %u\n",
 732                 rctx->total_todo, rctx->total_sent);
 733
 734        memset(&req_opts, 0, sizeof(req_opts));
 735        memset(&cipher_parms, 0, sizeof(cipher_parms));
 736        memset(&hash_parms, 0, sizeof(hash_parms));
 737        memset(&aead_parms, 0, sizeof(aead_parms));
 738
 739        req_opts.bd_suppress = true;
 740        hash_parms.alg = ctx->auth.alg;
 741        hash_parms.mode = ctx->auth.mode;
 742        hash_parms.type = HASH_TYPE_NONE;
 743        hash_parms.key_buf = (u8 *)ctx->authkey;
 744        hash_parms.key_len = ctx->authkeylen;
 745
 746        /*
 747         * For hash algorithms below assignment looks bit odd but
 748         * it's needed for AES-XCBC and AES-CMAC hash algorithms
 749         * to differentiate between 128, 192, 256 bit key values.
 750         * Based on the key values, hash algorithm is selected.
 751         * For example for 128 bit key, hash algorithm is AES-128.
 752         */
 753        cipher_parms.type = ctx->cipher_type;
 754
 755        mssg = &rctx->mb_mssg;
 756        chunk_start = rctx->src_sent;
 757
 758        /*
 759         * Compute the amount remaining to hash. This may include data
 760         * carried over from previous requests.
 761         */
 762        nbytes_to_hash = rctx->total_todo - rctx->total_sent;
 763        chunksize = nbytes_to_hash;
 764        if ((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
 765            (chunksize > ctx->max_payload))
 766                chunksize = ctx->max_payload;
 767
 768        /*
 769         * If this is not a final request and the request data is not a multiple
 770         * of a full block, then simply park the extra data and prefix it to the
 771         * data for the next request.
 772         */
 773        if (!rctx->is_final) {
 774                u8 *dest = rctx->hash_carry + rctx->hash_carry_len;
 775                u16 new_len;  /* len of data to add to hash carry */
 776
 777                rem = chunksize % blocksize;   /* remainder */
 778                if (rem) {
 779                        /* chunksize not a multiple of blocksize */
 780                        chunksize -= rem;
 781                        if (chunksize == 0) {
 782                                /* Don't have a full block to submit to hw */
 783                                new_len = rem - rctx->hash_carry_len;
 784                                sg_copy_part_to_buf(req->src, dest, new_len,
 785                                                    rctx->src_sent);
 786                                rctx->hash_carry_len = rem;
 787                                flow_log("Exiting with hash carry len: %u\n",
 788                                         rctx->hash_carry_len);
 789                                packet_dump("  buf: ",
 790                                            rctx->hash_carry,
 791                                            rctx->hash_carry_len);
 792                                return -EAGAIN;
 793                        }
 794                }
 795        }
 796
 797        /* if we have hash carry, then prefix it to the data in this request */
 798        local_nbuf = rctx->hash_carry_len;
 799        rctx->hash_carry_len = 0;
 800        if (local_nbuf)
 801                tx_frag_num++;
 802        new_data_len = chunksize - local_nbuf;
 803
 804        /* Count number of sg entries to be used in this request */
 805        rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip,
 806                                       new_data_len);
 807
 808        /* AES hashing keeps key size in type field, so need to copy it here */
 809        if (hash_parms.alg == HASH_ALG_AES)
 810                hash_parms.type = (enum hash_type)cipher_parms.type;
 811        else
 812                hash_parms.type = spu->spu_hash_type(rctx->total_sent);
 813
 814        digestsize = spu->spu_digest_size(ctx->digestsize, ctx->auth.alg,
 815                                          hash_parms.type);
 816        hash_parms.digestsize = digestsize;
 817
 818        /* update the indexes */
 819        rctx->total_sent += chunksize;
 820        /* if you sent a prebuf then that wasn't from this req->src */
 821        rctx->src_sent += new_data_len;
 822
 823        if ((rctx->total_sent == rctx->total_todo) && rctx->is_final)
 824                hash_parms.pad_len = spu->spu_hash_pad_len(hash_parms.alg,
 825                                                           hash_parms.mode,
 826                                                           chunksize,
 827                                                           blocksize);
 828
 829        /*
 830         * If a non-first chunk, then include the digest returned from the
 831         * previous chunk so that hw can add to it (except for AES types).
 832         */
 833        if ((hash_parms.type == HASH_TYPE_UPDT) &&
 834            (hash_parms.alg != HASH_ALG_AES)) {
 835                hash_parms.key_buf = rctx->incr_hash;
 836                hash_parms.key_len = digestsize;
 837        }
 838
 839        atomic64_add(chunksize, &iproc_priv.bytes_out);
 840
 841        flow_log("%s() final: %u nbuf: %u ",
 842                 __func__, rctx->is_final, local_nbuf);
 843
 844        if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
 845                flow_log("max_payload infinite\n");
 846        else
 847                flow_log("max_payload %u\n", ctx->max_payload);
 848
 849        flow_log("chunk_start: %u chunk_size: %u\n", chunk_start, chunksize);
 850
 851        /* Prepend SPU header with type 3 BCM header */
 852        memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
 853
 854        hash_parms.prebuf_len = local_nbuf;
 855        spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
 856                                              BCM_HDR_LEN,
 857                                              &req_opts, &cipher_parms,
 858                                              &hash_parms, &aead_parms,
 859                                              new_data_len);
 860
 861        if (spu_hdr_len == 0) {
 862                pr_err("Failed to create SPU request header\n");
 863                return -EFAULT;
 864        }
 865
 866        /*
 867         * Determine total length of padding required. Put all padding in one
 868         * buffer.
 869         */
 870        data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode, chunksize);
 871        db_size = spu_real_db_size(0, 0, local_nbuf, new_data_len,
 872                                   0, 0, hash_parms.pad_len);
 873        if (spu->spu_tx_status_len())
 874                stat_pad_len = spu->spu_wordalign_padlen(db_size);
 875        if (stat_pad_len)
 876                rx_frag_num++;
 877        pad_len = hash_parms.pad_len + data_pad_len + stat_pad_len;
 878        if (pad_len) {
 879                tx_frag_num++;
 880                spu->spu_request_pad(rctx->msg_buf.spu_req_pad, data_pad_len,
 881                                     hash_parms.pad_len, ctx->auth.alg,
 882                                     ctx->auth.mode, rctx->total_sent,
 883                                     stat_pad_len);
 884        }
 885
 886        spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
 887                              spu_hdr_len);
 888        packet_dump("    prebuf: ", rctx->hash_carry, local_nbuf);
 889        flow_log("Data:\n");
 890        dump_sg(rctx->src_sg, rctx->src_skip, new_data_len);
 891        packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
 892
 893        /*
 894         * Build mailbox message containing SPU request msg and rx buffers
 895         * to catch response message
 896         */
 897        memset(mssg, 0, sizeof(*mssg));
 898        mssg->type = BRCM_MESSAGE_SPU;
 899        mssg->ctx = rctx;       /* Will be returned in response */
 900
 901        /* Create rx scatterlist to catch result */
 902        err = spu_ahash_rx_sg_create(mssg, rctx, rx_frag_num, digestsize,
 903                                     stat_pad_len);
 904        if (err)
 905                return err;
 906
 907        /* Create tx scatterlist containing SPU request message */
 908        tx_frag_num += rctx->src_nents;
 909        if (spu->spu_tx_status_len())
 910                tx_frag_num++;
 911        err = spu_ahash_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
 912                                     local_nbuf, new_data_len, pad_len);
 913        if (err)
 914                return err;
 915
 916        err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
 917        if (unlikely(err < 0))
 918                return err;
 919
 920        return -EINPROGRESS;
 921}
 922
 923/**
 924 * spu_hmac_outer_hash() - Request synchonous software compute of the outer hash
 925 * for an HMAC request.
 926 * @req:  The HMAC request from the crypto API
 927 * @ctx:  The session context
 928 *
 929 * Return: 0 if synchronous hash operation successful
 930 *         -EINVAL if the hash algo is unrecognized
 931 *         any other value indicates an error
 932 */
 933static int spu_hmac_outer_hash(struct ahash_request *req,
 934                               struct iproc_ctx_s *ctx)
 935{
 936        struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
 937        unsigned int blocksize =
 938                crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
 939        int rc;
 940
 941        switch (ctx->auth.alg) {
 942        case HASH_ALG_MD5:
 943                rc = do_shash("md5", req->result, ctx->opad, blocksize,
 944                              req->result, ctx->digestsize, NULL, 0);
 945                break;
 946        case HASH_ALG_SHA1:
 947                rc = do_shash("sha1", req->result, ctx->opad, blocksize,
 948                              req->result, ctx->digestsize, NULL, 0);
 949                break;
 950        case HASH_ALG_SHA224:
 951                rc = do_shash("sha224", req->result, ctx->opad, blocksize,
 952                              req->result, ctx->digestsize, NULL, 0);
 953                break;
 954        case HASH_ALG_SHA256:
 955                rc = do_shash("sha256", req->result, ctx->opad, blocksize,
 956                              req->result, ctx->digestsize, NULL, 0);
 957                break;
 958        case HASH_ALG_SHA384:
 959                rc = do_shash("sha384", req->result, ctx->opad, blocksize,
 960                              req->result, ctx->digestsize, NULL, 0);
 961                break;
 962        case HASH_ALG_SHA512:
 963                rc = do_shash("sha512", req->result, ctx->opad, blocksize,
 964                              req->result, ctx->digestsize, NULL, 0);
 965                break;
 966        default:
 967                pr_err("%s() Error : unknown hmac type\n", __func__);
 968                rc = -EINVAL;
 969        }
 970        return rc;
 971}
 972
 973/**
 974 * ahash_req_done() - Process a hash result from the SPU hardware.
 975 * @rctx: Crypto request context
 976 *
 977 * Return: 0 if successful
 978 *         < 0 if an error
 979 */
 980static int ahash_req_done(struct iproc_reqctx_s *rctx)
 981{
 982        struct spu_hw *spu = &iproc_priv.spu;
 983        struct crypto_async_request *areq = rctx->parent;
 984        struct ahash_request *req = ahash_request_cast(areq);
 985        struct iproc_ctx_s *ctx = rctx->ctx;
 986        int err;
 987
 988        memcpy(req->result, rctx->msg_buf.digest, ctx->digestsize);
 989
 990        if (spu->spu_type == SPU_TYPE_SPUM) {
 991                /* byte swap the output from the UPDT function to network byte
 992                 * order
 993                 */
 994                if (ctx->auth.alg == HASH_ALG_MD5) {
 995                        __swab32s((u32 *)req->result);
 996                        __swab32s(((u32 *)req->result) + 1);
 997                        __swab32s(((u32 *)req->result) + 2);
 998                        __swab32s(((u32 *)req->result) + 3);
 999                        __swab32s(((u32 *)req->result) + 4);
1000                }
1001        }
1002
1003        flow_dump("  digest ", req->result, ctx->digestsize);
1004
1005        /* if this an HMAC then do the outer hash */
1006        if (rctx->is_sw_hmac) {
1007                err = spu_hmac_outer_hash(req, ctx);
1008                if (err < 0)
1009                        return err;
1010                flow_dump("  hmac: ", req->result, ctx->digestsize);
1011        }
1012
1013        if (rctx->is_sw_hmac || ctx->auth.mode == HASH_MODE_HMAC) {
1014                atomic_inc(&iproc_priv.op_counts[SPU_OP_HMAC]);
1015                atomic_inc(&iproc_priv.hmac_cnt[ctx->auth.alg]);
1016        } else {
1017                atomic_inc(&iproc_priv.op_counts[SPU_OP_HASH]);
1018                atomic_inc(&iproc_priv.hash_cnt[ctx->auth.alg]);
1019        }
1020
1021        return 0;
1022}
1023
1024/**
1025 * handle_ahash_resp() - Process a SPU response message for a hash request.
1026 * Checks if the entire crypto API request has been processed, and if so,
1027 * invokes post processing on the result.
1028 * @rctx: Crypto request context
1029 */
1030static void handle_ahash_resp(struct iproc_reqctx_s *rctx)
1031{
1032        struct iproc_ctx_s *ctx = rctx->ctx;
1033#ifdef DEBUG
1034        struct crypto_async_request *areq = rctx->parent;
1035        struct ahash_request *req = ahash_request_cast(areq);
1036        struct crypto_ahash *ahash = crypto_ahash_reqtfm(req);
1037        unsigned int blocksize =
1038                crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
1039#endif
1040        /*
1041         * Save hash to use as input to next op if incremental. Might be copying
1042         * too much, but that's easier than figuring out actual digest size here
1043         */
1044        memcpy(rctx->incr_hash, rctx->msg_buf.digest, MAX_DIGEST_SIZE);
1045
1046        flow_log("%s() blocksize:%u digestsize:%u\n",
1047                 __func__, blocksize, ctx->digestsize);
1048
1049        atomic64_add(ctx->digestsize, &iproc_priv.bytes_in);
1050
1051        if (rctx->is_final && (rctx->total_sent == rctx->total_todo))
1052                ahash_req_done(rctx);
1053}
1054
1055/**
1056 * spu_aead_rx_sg_create() - Build up the scatterlist of buffers used to receive
1057 * a SPU response message for an AEAD request. Includes buffers to catch SPU
1058 * message headers and the response data.
1059 * @mssg:       mailbox message containing the receive sg
1060 * @rctx:       crypto request context
1061 * @rx_frag_num: number of scatterlist elements required to hold the
1062 *              SPU response message
1063 * @assoc_len:  Length of associated data included in the crypto request
1064 * @ret_iv_len: Length of IV returned in response
1065 * @resp_len:   Number of bytes of response data expected to be written to
1066 *              dst buffer from crypto API
1067 * @digestsize: Length of hash digest, in bytes
1068 * @stat_pad_len: Number of bytes required to pad the STAT field to
1069 *              a 4-byte boundary
1070 *
1071 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1072 * when the request completes, whether the request is handled successfully or
1073 * there is an error.
1074 *
1075 * Returns:
1076 *   0 if successful
1077 *   < 0 if an error
1078 */
1079static int spu_aead_rx_sg_create(struct brcm_message *mssg,
1080                                 struct aead_request *req,
1081                                 struct iproc_reqctx_s *rctx,
1082                                 u8 rx_frag_num,
1083                                 unsigned int assoc_len,
1084                                 u32 ret_iv_len, unsigned int resp_len,
1085                                 unsigned int digestsize, u32 stat_pad_len)
1086{
1087        struct spu_hw *spu = &iproc_priv.spu;
1088        struct scatterlist *sg; /* used to build sgs in mbox message */
1089        struct iproc_ctx_s *ctx = rctx->ctx;
1090        u32 datalen;            /* Number of bytes of response data expected */
1091        u32 assoc_buf_len;
1092        u8 data_padlen = 0;
1093
1094        if (ctx->is_rfc4543) {
1095                /* RFC4543: only pad after data, not after AAD */
1096                data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1097                                                          assoc_len + resp_len);
1098                assoc_buf_len = assoc_len;
1099        } else {
1100                data_padlen = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1101                                                          resp_len);
1102                assoc_buf_len = spu->spu_assoc_resp_len(ctx->cipher.mode,
1103                                                assoc_len, ret_iv_len,
1104                                                rctx->is_encrypt);
1105        }
1106
1107        if (ctx->cipher.mode == CIPHER_MODE_CCM)
1108                /* ICV (after data) must be in the next 32-bit word for CCM */
1109                data_padlen += spu->spu_wordalign_padlen(assoc_buf_len +
1110                                                         resp_len +
1111                                                         data_padlen);
1112
1113        if (data_padlen)
1114                /* have to catch gcm pad in separate buffer */
1115                rx_frag_num++;
1116
1117        mssg->spu.dst = kcalloc(rx_frag_num, sizeof(struct scatterlist),
1118                                rctx->gfp);
1119        if (!mssg->spu.dst)
1120                return -ENOMEM;
1121
1122        sg = mssg->spu.dst;
1123        sg_init_table(sg, rx_frag_num);
1124
1125        /* Space for SPU message header */
1126        sg_set_buf(sg++, rctx->msg_buf.spu_resp_hdr, ctx->spu_resp_hdr_len);
1127
1128        if (assoc_buf_len) {
1129                /*
1130                 * Don't write directly to req->dst, because SPU may pad the
1131                 * assoc data in the response
1132                 */
1133                memset(rctx->msg_buf.a.resp_aad, 0, assoc_buf_len);
1134                sg_set_buf(sg++, rctx->msg_buf.a.resp_aad, assoc_buf_len);
1135        }
1136
1137        if (resp_len) {
1138                /*
1139                 * Copy in each dst sg entry from request, up to chunksize.
1140                 * dst sg catches just the data. digest caught in separate buf.
1141                 */
1142                datalen = spu_msg_sg_add(&sg, &rctx->dst_sg, &rctx->dst_skip,
1143                                         rctx->dst_nents, resp_len);
1144                if (datalen < (resp_len)) {
1145                        pr_err("%s(): failed to copy dst sg to mbox msg. expected len %u, datalen %u",
1146                               __func__, resp_len, datalen);
1147                        return -EFAULT;
1148                }
1149        }
1150
1151        /* If GCM/CCM data is padded, catch padding in separate buffer */
1152        if (data_padlen) {
1153                memset(rctx->msg_buf.a.gcmpad, 0, data_padlen);
1154                sg_set_buf(sg++, rctx->msg_buf.a.gcmpad, data_padlen);
1155        }
1156
1157        /* Always catch ICV in separate buffer */
1158        sg_set_buf(sg++, rctx->msg_buf.digest, digestsize);
1159
1160        flow_log("stat_pad_len %u\n", stat_pad_len);
1161        if (stat_pad_len) {
1162                memset(rctx->msg_buf.rx_stat_pad, 0, stat_pad_len);
1163                sg_set_buf(sg++, rctx->msg_buf.rx_stat_pad, stat_pad_len);
1164        }
1165
1166        memset(rctx->msg_buf.rx_stat, 0, SPU_RX_STATUS_LEN);
1167        sg_set_buf(sg, rctx->msg_buf.rx_stat, spu->spu_rx_status_len());
1168
1169        return 0;
1170}
1171
1172/**
1173 * spu_aead_tx_sg_create() - Build up the scatterlist of buffers used to send a
1174 * SPU request message for an AEAD request. Includes SPU message headers and the
1175 * request data.
1176 * @mssg:       mailbox message containing the transmit sg
1177 * @rctx:       crypto request context
1178 * @tx_frag_num: number of scatterlist elements required to construct the
1179 *              SPU request message
1180 * @spu_hdr_len: length of SPU message header in bytes
1181 * @assoc:      crypto API associated data scatterlist
1182 * @assoc_len:  length of associated data
1183 * @assoc_nents: number of scatterlist entries containing assoc data
1184 * @aead_iv_len: length of AEAD IV, if included
1185 * @chunksize:  Number of bytes of request data
1186 * @aad_pad_len: Number of bytes of padding at end of AAD. For GCM/CCM.
1187 * @pad_len:    Number of pad bytes
1188 * @incl_icv:   If true, write separate ICV buffer after data and
1189 *              any padding
1190 *
1191 * The scatterlist that gets allocated here is freed in spu_chunk_cleanup()
1192 * when the request completes, whether the request is handled successfully or
1193 * there is an error.
1194 *
1195 * Return:
1196 *   0 if successful
1197 *   < 0 if an error
1198 */
1199static int spu_aead_tx_sg_create(struct brcm_message *mssg,
1200                                 struct iproc_reqctx_s *rctx,
1201                                 u8 tx_frag_num,
1202                                 u32 spu_hdr_len,
1203                                 struct scatterlist *assoc,
1204                                 unsigned int assoc_len,
1205                                 int assoc_nents,
1206                                 unsigned int aead_iv_len,
1207                                 unsigned int chunksize,
1208                                 u32 aad_pad_len, u32 pad_len, bool incl_icv)
1209{
1210        struct spu_hw *spu = &iproc_priv.spu;
1211        struct scatterlist *sg; /* used to build sgs in mbox message */
1212        struct scatterlist *assoc_sg = assoc;
1213        struct iproc_ctx_s *ctx = rctx->ctx;
1214        u32 datalen;            /* Number of bytes of data to write */
1215        u32 written;            /* Number of bytes of data written */
1216        u32 assoc_offset = 0;
1217        u32 stat_len;
1218
1219        mssg->spu.src = kcalloc(tx_frag_num, sizeof(struct scatterlist),
1220                                rctx->gfp);
1221        if (!mssg->spu.src)
1222                return -ENOMEM;
1223
1224        sg = mssg->spu.src;
1225        sg_init_table(sg, tx_frag_num);
1226
1227        sg_set_buf(sg++, rctx->msg_buf.bcm_spu_req_hdr,
1228                   BCM_HDR_LEN + spu_hdr_len);
1229
1230        if (assoc_len) {
1231                /* Copy in each associated data sg entry from request */
1232                written = spu_msg_sg_add(&sg, &assoc_sg, &assoc_offset,
1233                                         assoc_nents, assoc_len);
1234                if (written < assoc_len) {
1235                        pr_err("%s(): failed to copy assoc sg to mbox msg",
1236                               __func__);
1237                        return -EFAULT;
1238                }
1239        }
1240
1241        if (aead_iv_len)
1242                sg_set_buf(sg++, rctx->msg_buf.iv_ctr, aead_iv_len);
1243
1244        if (aad_pad_len) {
1245                memset(rctx->msg_buf.a.req_aad_pad, 0, aad_pad_len);
1246                sg_set_buf(sg++, rctx->msg_buf.a.req_aad_pad, aad_pad_len);
1247        }
1248
1249        datalen = chunksize;
1250        if ((chunksize > ctx->digestsize) && incl_icv)
1251                datalen -= ctx->digestsize;
1252        if (datalen) {
1253                /* For aead, a single msg should consume the entire src sg */
1254                written = spu_msg_sg_add(&sg, &rctx->src_sg, &rctx->src_skip,
1255                                         rctx->src_nents, datalen);
1256                if (written < datalen) {
1257                        pr_err("%s(): failed to copy src sg to mbox msg",
1258                               __func__);
1259                        return -EFAULT;
1260                }
1261        }
1262
1263        if (pad_len) {
1264                memset(rctx->msg_buf.spu_req_pad, 0, pad_len);
1265                sg_set_buf(sg++, rctx->msg_buf.spu_req_pad, pad_len);
1266        }
1267
1268        if (incl_icv)
1269                sg_set_buf(sg++, rctx->msg_buf.digest, ctx->digestsize);
1270
1271        stat_len = spu->spu_tx_status_len();
1272        if (stat_len) {
1273                memset(rctx->msg_buf.tx_stat, 0, stat_len);
1274                sg_set_buf(sg, rctx->msg_buf.tx_stat, stat_len);
1275        }
1276        return 0;
1277}
1278
1279/**
1280 * handle_aead_req() - Submit a SPU request message for the next chunk of the
1281 * current AEAD request.
1282 * @rctx:  Crypto request context
1283 *
1284 * Unlike other operation types, we assume the length of the request fits in
1285 * a single SPU request message. aead_enqueue() makes sure this is true.
1286 * Comments for other op types regarding threads applies here as well.
1287 *
1288 * Unlike incremental hash ops, where the spu returns the entire hash for
1289 * truncated algs like sha-224, the SPU returns just the truncated hash in
1290 * response to aead requests. So digestsize is always ctx->digestsize here.
1291 *
1292 * Return: -EINPROGRESS: crypto request has been accepted and result will be
1293 *                       returned asynchronously
1294 *         Any other value indicates an error
1295 */
1296static int handle_aead_req(struct iproc_reqctx_s *rctx)
1297{
1298        struct spu_hw *spu = &iproc_priv.spu;
1299        struct crypto_async_request *areq = rctx->parent;
1300        struct aead_request *req = container_of(areq,
1301                                                struct aead_request, base);
1302        struct iproc_ctx_s *ctx = rctx->ctx;
1303        int err;
1304        unsigned int chunksize;
1305        unsigned int resp_len;
1306        u32 spu_hdr_len;
1307        u32 db_size;
1308        u32 stat_pad_len;
1309        u32 pad_len;
1310        struct brcm_message *mssg;      /* mailbox message */
1311        struct spu_request_opts req_opts;
1312        struct spu_cipher_parms cipher_parms;
1313        struct spu_hash_parms hash_parms;
1314        struct spu_aead_parms aead_parms;
1315        int assoc_nents = 0;
1316        bool incl_icv = false;
1317        unsigned int digestsize = ctx->digestsize;
1318
1319        /* number of entries in src and dst sg. Always includes SPU msg header.
1320         */
1321        u8 rx_frag_num = 2;     /* and STATUS */
1322        u8 tx_frag_num = 1;
1323
1324        /* doing the whole thing at once */
1325        chunksize = rctx->total_todo;
1326
1327        flow_log("%s: chunksize %u\n", __func__, chunksize);
1328
1329        memset(&req_opts, 0, sizeof(req_opts));
1330        memset(&hash_parms, 0, sizeof(hash_parms));
1331        memset(&aead_parms, 0, sizeof(aead_parms));
1332
1333        req_opts.is_inbound = !(rctx->is_encrypt);
1334        req_opts.auth_first = ctx->auth_first;
1335        req_opts.is_aead = true;
1336        req_opts.is_esp = ctx->is_esp;
1337
1338        cipher_parms.alg = ctx->cipher.alg;
1339        cipher_parms.mode = ctx->cipher.mode;
1340        cipher_parms.type = ctx->cipher_type;
1341        cipher_parms.key_buf = ctx->enckey;
1342        cipher_parms.key_len = ctx->enckeylen;
1343        cipher_parms.iv_buf = rctx->msg_buf.iv_ctr;
1344        cipher_parms.iv_len = rctx->iv_ctr_len;
1345
1346        hash_parms.alg = ctx->auth.alg;
1347        hash_parms.mode = ctx->auth.mode;
1348        hash_parms.type = HASH_TYPE_NONE;
1349        hash_parms.key_buf = (u8 *)ctx->authkey;
1350        hash_parms.key_len = ctx->authkeylen;
1351        hash_parms.digestsize = digestsize;
1352
1353        if ((ctx->auth.alg == HASH_ALG_SHA224) &&
1354            (ctx->authkeylen < SHA224_DIGEST_SIZE))
1355                hash_parms.key_len = SHA224_DIGEST_SIZE;
1356
1357        aead_parms.assoc_size = req->assoclen;
1358        if (ctx->is_esp && !ctx->is_rfc4543) {
1359                /*
1360                 * 8-byte IV is included assoc data in request. SPU2
1361                 * expects AAD to include just SPI and seqno. So
1362                 * subtract off the IV len.
1363                 */
1364                aead_parms.assoc_size -= GCM_RFC4106_IV_SIZE;
1365
1366                if (rctx->is_encrypt) {
1367                        aead_parms.return_iv = true;
1368                        aead_parms.ret_iv_len = GCM_RFC4106_IV_SIZE;
1369                        aead_parms.ret_iv_off = GCM_ESP_SALT_SIZE;
1370                }
1371        } else {
1372                aead_parms.ret_iv_len = 0;
1373        }
1374
1375        /*
1376         * Count number of sg entries from the crypto API request that are to
1377         * be included in this mailbox message. For dst sg, don't count space
1378         * for digest. Digest gets caught in a separate buffer and copied back
1379         * to dst sg when processing response.
1380         */
1381        rctx->src_nents = spu_sg_count(rctx->src_sg, rctx->src_skip, chunksize);
1382        rctx->dst_nents = spu_sg_count(rctx->dst_sg, rctx->dst_skip, chunksize);
1383        if (aead_parms.assoc_size)
1384                assoc_nents = spu_sg_count(rctx->assoc, 0,
1385                                           aead_parms.assoc_size);
1386
1387        mssg = &rctx->mb_mssg;
1388
1389        rctx->total_sent = chunksize;
1390        rctx->src_sent = chunksize;
1391        if (spu->spu_assoc_resp_len(ctx->cipher.mode,
1392                                    aead_parms.assoc_size,
1393                                    aead_parms.ret_iv_len,
1394                                    rctx->is_encrypt))
1395                rx_frag_num++;
1396
1397        aead_parms.iv_len = spu->spu_aead_ivlen(ctx->cipher.mode,
1398                                                rctx->iv_ctr_len);
1399
1400        if (ctx->auth.alg == HASH_ALG_AES)
1401                hash_parms.type = (enum hash_type)ctx->cipher_type;
1402
1403        /* General case AAD padding (CCM and RFC4543 special cases below) */
1404        aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1405                                                 aead_parms.assoc_size);
1406
1407        /* General case data padding (CCM decrypt special case below) */
1408        aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1409                                                           chunksize);
1410
1411        if (ctx->cipher.mode == CIPHER_MODE_CCM) {
1412                /*
1413                 * for CCM, AAD len + 2 (rather than AAD len) needs to be
1414                 * 128-bit aligned
1415                 */
1416                aead_parms.aad_pad_len = spu->spu_gcm_ccm_pad_len(
1417                                         ctx->cipher.mode,
1418                                         aead_parms.assoc_size + 2);
1419
1420                /*
1421                 * And when decrypting CCM, need to pad without including
1422                 * size of ICV which is tacked on to end of chunk
1423                 */
1424                if (!rctx->is_encrypt)
1425                        aead_parms.data_pad_len =
1426                                spu->spu_gcm_ccm_pad_len(ctx->cipher.mode,
1427                                                        chunksize - digestsize);
1428
1429                /* CCM also requires software to rewrite portions of IV: */
1430                spu->spu_ccm_update_iv(digestsize, &cipher_parms, req->assoclen,
1431                                       chunksize, rctx->is_encrypt,
1432                                       ctx->is_esp);
1433        }
1434
1435        if (ctx->is_rfc4543) {
1436                /*
1437                 * RFC4543: data is included in AAD, so don't pad after AAD
1438                 * and pad data based on both AAD + data size
1439                 */
1440                aead_parms.aad_pad_len = 0;
1441                if (!rctx->is_encrypt)
1442                        aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1443                                        ctx->cipher.mode,
1444                                        aead_parms.assoc_size + chunksize -
1445                                        digestsize);
1446                else
1447                        aead_parms.data_pad_len = spu->spu_gcm_ccm_pad_len(
1448                                        ctx->cipher.mode,
1449                                        aead_parms.assoc_size + chunksize);
1450
1451                req_opts.is_rfc4543 = true;
1452        }
1453
1454        if (spu_req_incl_icv(ctx->cipher.mode, rctx->is_encrypt)) {
1455                incl_icv = true;
1456                tx_frag_num++;
1457                /* Copy ICV from end of src scatterlist to digest buf */
1458                sg_copy_part_to_buf(req->src, rctx->msg_buf.digest, digestsize,
1459                                    req->assoclen + rctx->total_sent -
1460                                    digestsize);
1461        }
1462
1463        atomic64_add(chunksize, &iproc_priv.bytes_out);
1464
1465        flow_log("%s()-sent chunksize:%u\n", __func__, chunksize);
1466
1467        /* Prepend SPU header with type 3 BCM header */
1468        memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1469
1470        spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
1471                                              BCM_HDR_LEN, &req_opts,
1472                                              &cipher_parms, &hash_parms,
1473                                              &aead_parms, chunksize);
1474
1475        /* Determine total length of padding. Put all padding in one buffer. */
1476        db_size = spu_real_db_size(aead_parms.assoc_size, aead_parms.iv_len, 0,
1477                                   chunksize, aead_parms.aad_pad_len,
1478                                   aead_parms.data_pad_len, 0);
1479
1480        stat_pad_len = spu->spu_wordalign_padlen(db_size);
1481
1482        if (stat_pad_len)
1483                rx_frag_num++;
1484        pad_len = aead_parms.data_pad_len + stat_pad_len;
1485        if (pad_len) {
1486                tx_frag_num++;
1487                spu->spu_request_pad(rctx->msg_buf.spu_req_pad,
1488                                     aead_parms.data_pad_len, 0,
1489                                     ctx->auth.alg, ctx->auth.mode,
1490                                     rctx->total_sent, stat_pad_len);
1491        }
1492
1493        spu->spu_dump_msg_hdr(rctx->msg_buf.bcm_spu_req_hdr + BCM_HDR_LEN,
1494                              spu_hdr_len);
1495        dump_sg(rctx->assoc, 0, aead_parms.assoc_size);
1496        packet_dump("    aead iv: ", rctx->msg_buf.iv_ctr, aead_parms.iv_len);
1497        packet_log("BD:\n");
1498        dump_sg(rctx->src_sg, rctx->src_skip, chunksize);
1499        packet_dump("   pad: ", rctx->msg_buf.spu_req_pad, pad_len);
1500
1501        /*
1502         * Build mailbox message containing SPU request msg and rx buffers
1503         * to catch response message
1504         */
1505        memset(mssg, 0, sizeof(*mssg));
1506        mssg->type = BRCM_MESSAGE_SPU;
1507        mssg->ctx = rctx;       /* Will be returned in response */
1508
1509        /* Create rx scatterlist to catch result */
1510        rx_frag_num += rctx->dst_nents;
1511        resp_len = chunksize;
1512
1513        /*
1514         * Always catch ICV in separate buffer. Have to for GCM/CCM because of
1515         * padding. Have to for SHA-224 and other truncated SHAs because SPU
1516         * sends entire digest back.
1517         */
1518        rx_frag_num++;
1519
1520        if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
1521             (ctx->cipher.mode == CIPHER_MODE_CCM)) && !rctx->is_encrypt) {
1522                /*
1523                 * Input is ciphertxt plus ICV, but ICV not incl
1524                 * in output.
1525                 */
1526                resp_len -= ctx->digestsize;
1527                if (resp_len == 0)
1528                        /* no rx frags to catch output data */
1529                        rx_frag_num -= rctx->dst_nents;
1530        }
1531
1532        err = spu_aead_rx_sg_create(mssg, req, rctx, rx_frag_num,
1533                                    aead_parms.assoc_size,
1534                                    aead_parms.ret_iv_len, resp_len, digestsize,
1535                                    stat_pad_len);
1536        if (err)
1537                return err;
1538
1539        /* Create tx scatterlist containing SPU request message */
1540        tx_frag_num += rctx->src_nents;
1541        tx_frag_num += assoc_nents;
1542        if (aead_parms.aad_pad_len)
1543                tx_frag_num++;
1544        if (aead_parms.iv_len)
1545                tx_frag_num++;
1546        if (spu->spu_tx_status_len())
1547                tx_frag_num++;
1548        err = spu_aead_tx_sg_create(mssg, rctx, tx_frag_num, spu_hdr_len,
1549                                    rctx->assoc, aead_parms.assoc_size,
1550                                    assoc_nents, aead_parms.iv_len, chunksize,
1551                                    aead_parms.aad_pad_len, pad_len, incl_icv);
1552        if (err)
1553                return err;
1554
1555        err = mailbox_send_message(mssg, req->base.flags, rctx->chan_idx);
1556        if (unlikely(err < 0))
1557                return err;
1558
1559        return -EINPROGRESS;
1560}
1561
1562/**
1563 * handle_aead_resp() - Process a SPU response message for an AEAD request.
1564 * @rctx:  Crypto request context
1565 */
1566static void handle_aead_resp(struct iproc_reqctx_s *rctx)
1567{
1568        struct spu_hw *spu = &iproc_priv.spu;
1569        struct crypto_async_request *areq = rctx->parent;
1570        struct aead_request *req = container_of(areq,
1571                                                struct aead_request, base);
1572        struct iproc_ctx_s *ctx = rctx->ctx;
1573        u32 payload_len;
1574        unsigned int icv_offset;
1575        u32 result_len;
1576
1577        /* See how much data was returned */
1578        payload_len = spu->spu_payload_length(rctx->msg_buf.spu_resp_hdr);
1579        flow_log("payload_len %u\n", payload_len);
1580
1581        /* only count payload */
1582        atomic64_add(payload_len, &iproc_priv.bytes_in);
1583
1584        if (req->assoclen)
1585                packet_dump("  assoc_data ", rctx->msg_buf.a.resp_aad,
1586                            req->assoclen);
1587
1588        /*
1589         * Copy the ICV back to the destination
1590         * buffer. In decrypt case, SPU gives us back the digest, but crypto
1591         * API doesn't expect ICV in dst buffer.
1592         */
1593        result_len = req->cryptlen;
1594        if (rctx->is_encrypt) {
1595                icv_offset = req->assoclen + rctx->total_sent;
1596                packet_dump("  ICV: ", rctx->msg_buf.digest, ctx->digestsize);
1597                flow_log("copying ICV to dst sg at offset %u\n", icv_offset);
1598                sg_copy_part_from_buf(req->dst, rctx->msg_buf.digest,
1599                                      ctx->digestsize, icv_offset);
1600                result_len += ctx->digestsize;
1601        }
1602
1603        packet_log("response data:  ");
1604        dump_sg(req->dst, req->assoclen, result_len);
1605
1606        atomic_inc(&iproc_priv.op_counts[SPU_OP_AEAD]);
1607        if (ctx->cipher.alg == CIPHER_ALG_AES) {
1608                if (ctx->cipher.mode == CIPHER_MODE_CCM)
1609                        atomic_inc(&iproc_priv.aead_cnt[AES_CCM]);
1610                else if (ctx->cipher.mode == CIPHER_MODE_GCM)
1611                        atomic_inc(&iproc_priv.aead_cnt[AES_GCM]);
1612                else
1613                        atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1614        } else {
1615                atomic_inc(&iproc_priv.aead_cnt[AUTHENC]);
1616        }
1617}
1618
1619/**
1620 * spu_chunk_cleanup() - Do cleanup after processing one chunk of a request
1621 * @rctx:  request context
1622 *
1623 * Mailbox scatterlists are allocated for each chunk. So free them after
1624 * processing each chunk.
1625 */
1626static void spu_chunk_cleanup(struct iproc_reqctx_s *rctx)
1627{
1628        /* mailbox message used to tx request */
1629        struct brcm_message *mssg = &rctx->mb_mssg;
1630
1631        kfree(mssg->spu.src);
1632        kfree(mssg->spu.dst);
1633        memset(mssg, 0, sizeof(struct brcm_message));
1634}
1635
1636/**
1637 * finish_req() - Used to invoke the complete callback from the requester when
1638 * a request has been handled asynchronously.
1639 * @rctx:  Request context
1640 * @err:   Indicates whether the request was successful or not
1641 *
1642 * Ensures that cleanup has been done for request
1643 */
1644static void finish_req(struct iproc_reqctx_s *rctx, int err)
1645{
1646        struct crypto_async_request *areq = rctx->parent;
1647
1648        flow_log("%s() err:%d\n\n", __func__, err);
1649
1650        /* No harm done if already called */
1651        spu_chunk_cleanup(rctx);
1652
1653        if (areq)
1654                areq->complete(areq, err);
1655}
1656
1657/**
1658 * spu_rx_callback() - Callback from mailbox framework with a SPU response.
1659 * @cl:         mailbox client structure for SPU driver
1660 * @msg:        mailbox message containing SPU response
1661 */
1662static void spu_rx_callback(struct mbox_client *cl, void *msg)
1663{
1664        struct spu_hw *spu = &iproc_priv.spu;
1665        struct brcm_message *mssg = msg;
1666        struct iproc_reqctx_s *rctx;
1667        int err;
1668
1669        rctx = mssg->ctx;
1670        if (unlikely(!rctx)) {
1671                /* This is fatal */
1672                pr_err("%s(): no request context", __func__);
1673                err = -EFAULT;
1674                goto cb_finish;
1675        }
1676
1677        /* process the SPU status */
1678        err = spu->spu_status_process(rctx->msg_buf.rx_stat);
1679        if (err != 0) {
1680                if (err == SPU_INVALID_ICV)
1681                        atomic_inc(&iproc_priv.bad_icv);
1682                err = -EBADMSG;
1683                goto cb_finish;
1684        }
1685
1686        /* Process the SPU response message */
1687        switch (rctx->ctx->alg->type) {
1688        case CRYPTO_ALG_TYPE_SKCIPHER:
1689                handle_skcipher_resp(rctx);
1690                break;
1691        case CRYPTO_ALG_TYPE_AHASH:
1692                handle_ahash_resp(rctx);
1693                break;
1694        case CRYPTO_ALG_TYPE_AEAD:
1695                handle_aead_resp(rctx);
1696                break;
1697        default:
1698                err = -EINVAL;
1699                goto cb_finish;
1700        }
1701
1702        /*
1703         * If this response does not complete the request, then send the next
1704         * request chunk.
1705         */
1706        if (rctx->total_sent < rctx->total_todo) {
1707                /* Deallocate anything specific to previous chunk */
1708                spu_chunk_cleanup(rctx);
1709
1710                switch (rctx->ctx->alg->type) {
1711                case CRYPTO_ALG_TYPE_SKCIPHER:
1712                        err = handle_skcipher_req(rctx);
1713                        break;
1714                case CRYPTO_ALG_TYPE_AHASH:
1715                        err = handle_ahash_req(rctx);
1716                        if (err == -EAGAIN)
1717                                /*
1718                                 * we saved data in hash carry, but tell crypto
1719                                 * API we successfully completed request.
1720                                 */
1721                                err = 0;
1722                        break;
1723                case CRYPTO_ALG_TYPE_AEAD:
1724                        err = handle_aead_req(rctx);
1725                        break;
1726                default:
1727                        err = -EINVAL;
1728                }
1729
1730                if (err == -EINPROGRESS)
1731                        /* Successfully submitted request for next chunk */
1732                        return;
1733        }
1734
1735cb_finish:
1736        finish_req(rctx, err);
1737}
1738
1739/* ==================== Kernel Cryptographic API ==================== */
1740
1741/**
1742 * skcipher_enqueue() - Handle skcipher encrypt or decrypt request.
1743 * @req:        Crypto API request
1744 * @encrypt:    true if encrypting; false if decrypting
1745 *
1746 * Return: -EINPROGRESS if request accepted and result will be returned
1747 *                      asynchronously
1748 *         < 0 if an error
1749 */
1750static int skcipher_enqueue(struct skcipher_request *req, bool encrypt)
1751{
1752        struct iproc_reqctx_s *rctx = skcipher_request_ctx(req);
1753        struct iproc_ctx_s *ctx =
1754            crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
1755        int err;
1756
1757        flow_log("%s() enc:%u\n", __func__, encrypt);
1758
1759        rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1760                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1761        rctx->parent = &req->base;
1762        rctx->is_encrypt = encrypt;
1763        rctx->bd_suppress = false;
1764        rctx->total_todo = req->cryptlen;
1765        rctx->src_sent = 0;
1766        rctx->total_sent = 0;
1767        rctx->total_received = 0;
1768        rctx->ctx = ctx;
1769
1770        /* Initialize current position in src and dst scatterlists */
1771        rctx->src_sg = req->src;
1772        rctx->src_nents = 0;
1773        rctx->src_skip = 0;
1774        rctx->dst_sg = req->dst;
1775        rctx->dst_nents = 0;
1776        rctx->dst_skip = 0;
1777
1778        if (ctx->cipher.mode == CIPHER_MODE_CBC ||
1779            ctx->cipher.mode == CIPHER_MODE_CTR ||
1780            ctx->cipher.mode == CIPHER_MODE_OFB ||
1781            ctx->cipher.mode == CIPHER_MODE_XTS ||
1782            ctx->cipher.mode == CIPHER_MODE_GCM ||
1783            ctx->cipher.mode == CIPHER_MODE_CCM) {
1784                rctx->iv_ctr_len =
1785                    crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
1786                memcpy(rctx->msg_buf.iv_ctr, req->iv, rctx->iv_ctr_len);
1787        } else {
1788                rctx->iv_ctr_len = 0;
1789        }
1790
1791        /* Choose a SPU to process this request */
1792        rctx->chan_idx = select_channel();
1793        err = handle_skcipher_req(rctx);
1794        if (err != -EINPROGRESS)
1795                /* synchronous result */
1796                spu_chunk_cleanup(rctx);
1797
1798        return err;
1799}
1800
1801static int des_setkey(struct crypto_skcipher *cipher, const u8 *key,
1802                      unsigned int keylen)
1803{
1804        struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1805        int err;
1806
1807        err = verify_skcipher_des_key(cipher, key);
1808        if (err)
1809                return err;
1810
1811        ctx->cipher_type = CIPHER_TYPE_DES;
1812        return 0;
1813}
1814
1815static int threedes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1816                           unsigned int keylen)
1817{
1818        struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1819        int err;
1820
1821        err = verify_skcipher_des3_key(cipher, key);
1822        if (err)
1823                return err;
1824
1825        ctx->cipher_type = CIPHER_TYPE_3DES;
1826        return 0;
1827}
1828
1829static int aes_setkey(struct crypto_skcipher *cipher, const u8 *key,
1830                      unsigned int keylen)
1831{
1832        struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1833
1834        if (ctx->cipher.mode == CIPHER_MODE_XTS)
1835                /* XTS includes two keys of equal length */
1836                keylen = keylen / 2;
1837
1838        switch (keylen) {
1839        case AES_KEYSIZE_128:
1840                ctx->cipher_type = CIPHER_TYPE_AES128;
1841                break;
1842        case AES_KEYSIZE_192:
1843                ctx->cipher_type = CIPHER_TYPE_AES192;
1844                break;
1845        case AES_KEYSIZE_256:
1846                ctx->cipher_type = CIPHER_TYPE_AES256;
1847                break;
1848        default:
1849                return -EINVAL;
1850        }
1851        WARN_ON((ctx->max_payload != SPU_MAX_PAYLOAD_INF) &&
1852                ((ctx->max_payload % AES_BLOCK_SIZE) != 0));
1853        return 0;
1854}
1855
1856static int rc4_setkey(struct crypto_skcipher *cipher, const u8 *key,
1857                      unsigned int keylen)
1858{
1859        struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1860        int i;
1861
1862        ctx->enckeylen = ARC4_MAX_KEY_SIZE + ARC4_STATE_SIZE;
1863
1864        ctx->enckey[0] = 0x00;  /* 0x00 */
1865        ctx->enckey[1] = 0x00;  /* i    */
1866        ctx->enckey[2] = 0x00;  /* 0x00 */
1867        ctx->enckey[3] = 0x00;  /* j    */
1868        for (i = 0; i < ARC4_MAX_KEY_SIZE; i++)
1869                ctx->enckey[i + ARC4_STATE_SIZE] = key[i % keylen];
1870
1871        ctx->cipher_type = CIPHER_TYPE_INIT;
1872
1873        return 0;
1874}
1875
1876static int skcipher_setkey(struct crypto_skcipher *cipher, const u8 *key,
1877                             unsigned int keylen)
1878{
1879        struct spu_hw *spu = &iproc_priv.spu;
1880        struct iproc_ctx_s *ctx = crypto_skcipher_ctx(cipher);
1881        struct spu_cipher_parms cipher_parms;
1882        u32 alloc_len = 0;
1883        int err;
1884
1885        flow_log("skcipher_setkey() keylen: %d\n", keylen);
1886        flow_dump("  key: ", key, keylen);
1887
1888        switch (ctx->cipher.alg) {
1889        case CIPHER_ALG_DES:
1890                err = des_setkey(cipher, key, keylen);
1891                break;
1892        case CIPHER_ALG_3DES:
1893                err = threedes_setkey(cipher, key, keylen);
1894                break;
1895        case CIPHER_ALG_AES:
1896                err = aes_setkey(cipher, key, keylen);
1897                break;
1898        case CIPHER_ALG_RC4:
1899                err = rc4_setkey(cipher, key, keylen);
1900                break;
1901        default:
1902                pr_err("%s() Error: unknown cipher alg\n", __func__);
1903                err = -EINVAL;
1904        }
1905        if (err)
1906                return err;
1907
1908        /* RC4 already populated ctx->enkey */
1909        if (ctx->cipher.alg != CIPHER_ALG_RC4) {
1910                memcpy(ctx->enckey, key, keylen);
1911                ctx->enckeylen = keylen;
1912        }
1913        /* SPU needs XTS keys in the reverse order the crypto API presents */
1914        if ((ctx->cipher.alg == CIPHER_ALG_AES) &&
1915            (ctx->cipher.mode == CIPHER_MODE_XTS)) {
1916                unsigned int xts_keylen = keylen / 2;
1917
1918                memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
1919                memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
1920        }
1921
1922        if (spu->spu_type == SPU_TYPE_SPUM)
1923                alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
1924        else if (spu->spu_type == SPU_TYPE_SPU2)
1925                alloc_len = BCM_HDR_LEN + SPU2_HEADER_ALLOC_LEN;
1926        memset(ctx->bcm_spu_req_hdr, 0, alloc_len);
1927        cipher_parms.iv_buf = NULL;
1928        cipher_parms.iv_len = crypto_skcipher_ivsize(cipher);
1929        flow_log("%s: iv_len %u\n", __func__, cipher_parms.iv_len);
1930
1931        cipher_parms.alg = ctx->cipher.alg;
1932        cipher_parms.mode = ctx->cipher.mode;
1933        cipher_parms.type = ctx->cipher_type;
1934        cipher_parms.key_buf = ctx->enckey;
1935        cipher_parms.key_len = ctx->enckeylen;
1936
1937        /* Prepend SPU request message with BCM header */
1938        memcpy(ctx->bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
1939        ctx->spu_req_hdr_len =
1940            spu->spu_cipher_req_init(ctx->bcm_spu_req_hdr + BCM_HDR_LEN,
1941                                     &cipher_parms);
1942
1943        ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
1944                                                          ctx->enckeylen,
1945                                                          false);
1946
1947        atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_CIPHER]);
1948
1949        return 0;
1950}
1951
1952static int skcipher_encrypt(struct skcipher_request *req)
1953{
1954        flow_log("skcipher_encrypt() nbytes:%u\n", req->cryptlen);
1955
1956        return skcipher_enqueue(req, true);
1957}
1958
1959static int skcipher_decrypt(struct skcipher_request *req)
1960{
1961        flow_log("skcipher_decrypt() nbytes:%u\n", req->cryptlen);
1962        return skcipher_enqueue(req, false);
1963}
1964
1965static int ahash_enqueue(struct ahash_request *req)
1966{
1967        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
1968        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
1969        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
1970        int err;
1971        const char *alg_name;
1972
1973        flow_log("ahash_enqueue() nbytes:%u\n", req->nbytes);
1974
1975        rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
1976                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
1977        rctx->parent = &req->base;
1978        rctx->ctx = ctx;
1979        rctx->bd_suppress = true;
1980        memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
1981
1982        /* Initialize position in src scatterlist */
1983        rctx->src_sg = req->src;
1984        rctx->src_skip = 0;
1985        rctx->src_nents = 0;
1986        rctx->dst_sg = NULL;
1987        rctx->dst_skip = 0;
1988        rctx->dst_nents = 0;
1989
1990        /* SPU2 hardware does not compute hash of zero length data */
1991        if ((rctx->is_final == 1) && (rctx->total_todo == 0) &&
1992            (iproc_priv.spu.spu_type == SPU_TYPE_SPU2)) {
1993                alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
1994                flow_log("Doing %sfinal %s zero-len hash request in software\n",
1995                         rctx->is_final ? "" : "non-", alg_name);
1996                err = do_shash((unsigned char *)alg_name, req->result,
1997                               NULL, 0, NULL, 0, ctx->authkey,
1998                               ctx->authkeylen);
1999                if (err < 0)
2000                        flow_log("Hash request failed with error %d\n", err);
2001                return err;
2002        }
2003        /* Choose a SPU to process this request */
2004        rctx->chan_idx = select_channel();
2005
2006        err = handle_ahash_req(rctx);
2007        if (err != -EINPROGRESS)
2008                /* synchronous result */
2009                spu_chunk_cleanup(rctx);
2010
2011        if (err == -EAGAIN)
2012                /*
2013                 * we saved data in hash carry, but tell crypto API
2014                 * we successfully completed request.
2015                 */
2016                err = 0;
2017
2018        return err;
2019}
2020
2021static int __ahash_init(struct ahash_request *req)
2022{
2023        struct spu_hw *spu = &iproc_priv.spu;
2024        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2025        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2026        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2027
2028        flow_log("%s()\n", __func__);
2029
2030        /* Initialize the context */
2031        rctx->hash_carry_len = 0;
2032        rctx->is_final = 0;
2033
2034        rctx->total_todo = 0;
2035        rctx->src_sent = 0;
2036        rctx->total_sent = 0;
2037        rctx->total_received = 0;
2038
2039        ctx->digestsize = crypto_ahash_digestsize(tfm);
2040        /* If we add a hash whose digest is larger, catch it here. */
2041        WARN_ON(ctx->digestsize > MAX_DIGEST_SIZE);
2042
2043        rctx->is_sw_hmac = false;
2044
2045        ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen, 0,
2046                                                          true);
2047
2048        return 0;
2049}
2050
2051/**
2052 * spu_no_incr_hash() - Determine whether incremental hashing is supported.
2053 * @ctx:  Crypto session context
2054 *
2055 * SPU-2 does not support incremental hashing (we'll have to revisit and
2056 * condition based on chip revision or device tree entry if future versions do
2057 * support incremental hash)
2058 *
2059 * SPU-M also doesn't support incremental hashing of AES-XCBC
2060 *
2061 * Return: true if incremental hashing is not supported
2062 *         false otherwise
2063 */
2064static bool spu_no_incr_hash(struct iproc_ctx_s *ctx)
2065{
2066        struct spu_hw *spu = &iproc_priv.spu;
2067
2068        if (spu->spu_type == SPU_TYPE_SPU2)
2069                return true;
2070
2071        if ((ctx->auth.alg == HASH_ALG_AES) &&
2072            (ctx->auth.mode == HASH_MODE_XCBC))
2073                return true;
2074
2075        /* Otherwise, incremental hashing is supported */
2076        return false;
2077}
2078
2079static int ahash_init(struct ahash_request *req)
2080{
2081        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2082        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2083        const char *alg_name;
2084        struct crypto_shash *hash;
2085        int ret;
2086        gfp_t gfp;
2087
2088        if (spu_no_incr_hash(ctx)) {
2089                /*
2090                 * If we get an incremental hashing request and it's not
2091                 * supported by the hardware, we need to handle it in software
2092                 * by calling synchronous hash functions.
2093                 */
2094                alg_name = crypto_tfm_alg_name(crypto_ahash_tfm(tfm));
2095                hash = crypto_alloc_shash(alg_name, 0, 0);
2096                if (IS_ERR(hash)) {
2097                        ret = PTR_ERR(hash);
2098                        goto err;
2099                }
2100
2101                gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2102                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2103                ctx->shash = kmalloc(sizeof(*ctx->shash) +
2104                                     crypto_shash_descsize(hash), gfp);
2105                if (!ctx->shash) {
2106                        ret = -ENOMEM;
2107                        goto err_hash;
2108                }
2109                ctx->shash->tfm = hash;
2110
2111                /* Set the key using data we already have from setkey */
2112                if (ctx->authkeylen > 0) {
2113                        ret = crypto_shash_setkey(hash, ctx->authkey,
2114                                                  ctx->authkeylen);
2115                        if (ret)
2116                                goto err_shash;
2117                }
2118
2119                /* Initialize hash w/ this key and other params */
2120                ret = crypto_shash_init(ctx->shash);
2121                if (ret)
2122                        goto err_shash;
2123        } else {
2124                /* Otherwise call the internal function which uses SPU hw */
2125                ret = __ahash_init(req);
2126        }
2127
2128        return ret;
2129
2130err_shash:
2131        kfree(ctx->shash);
2132err_hash:
2133        crypto_free_shash(hash);
2134err:
2135        return ret;
2136}
2137
2138static int __ahash_update(struct ahash_request *req)
2139{
2140        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2141
2142        flow_log("ahash_update() nbytes:%u\n", req->nbytes);
2143
2144        if (!req->nbytes)
2145                return 0;
2146        rctx->total_todo += req->nbytes;
2147        rctx->src_sent = 0;
2148
2149        return ahash_enqueue(req);
2150}
2151
2152static int ahash_update(struct ahash_request *req)
2153{
2154        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2155        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2156        u8 *tmpbuf;
2157        int ret;
2158        int nents;
2159        gfp_t gfp;
2160
2161        if (spu_no_incr_hash(ctx)) {
2162                /*
2163                 * If we get an incremental hashing request and it's not
2164                 * supported by the hardware, we need to handle it in software
2165                 * by calling synchronous hash functions.
2166                 */
2167                if (req->src)
2168                        nents = sg_nents(req->src);
2169                else
2170                        return -EINVAL;
2171
2172                /* Copy data from req scatterlist to tmp buffer */
2173                gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2174                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2175                tmpbuf = kmalloc(req->nbytes, gfp);
2176                if (!tmpbuf)
2177                        return -ENOMEM;
2178
2179                if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2180                                req->nbytes) {
2181                        kfree(tmpbuf);
2182                        return -EINVAL;
2183                }
2184
2185                /* Call synchronous update */
2186                ret = crypto_shash_update(ctx->shash, tmpbuf, req->nbytes);
2187                kfree(tmpbuf);
2188        } else {
2189                /* Otherwise call the internal function which uses SPU hw */
2190                ret = __ahash_update(req);
2191        }
2192
2193        return ret;
2194}
2195
2196static int __ahash_final(struct ahash_request *req)
2197{
2198        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2199
2200        flow_log("ahash_final() nbytes:%u\n", req->nbytes);
2201
2202        rctx->is_final = 1;
2203
2204        return ahash_enqueue(req);
2205}
2206
2207static int ahash_final(struct ahash_request *req)
2208{
2209        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2210        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2211        int ret;
2212
2213        if (spu_no_incr_hash(ctx)) {
2214                /*
2215                 * If we get an incremental hashing request and it's not
2216                 * supported by the hardware, we need to handle it in software
2217                 * by calling synchronous hash functions.
2218                 */
2219                ret = crypto_shash_final(ctx->shash, req->result);
2220
2221                /* Done with hash, can deallocate it now */
2222                crypto_free_shash(ctx->shash->tfm);
2223                kfree(ctx->shash);
2224
2225        } else {
2226                /* Otherwise call the internal function which uses SPU hw */
2227                ret = __ahash_final(req);
2228        }
2229
2230        return ret;
2231}
2232
2233static int __ahash_finup(struct ahash_request *req)
2234{
2235        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2236
2237        flow_log("ahash_finup() nbytes:%u\n", req->nbytes);
2238
2239        rctx->total_todo += req->nbytes;
2240        rctx->src_sent = 0;
2241        rctx->is_final = 1;
2242
2243        return ahash_enqueue(req);
2244}
2245
2246static int ahash_finup(struct ahash_request *req)
2247{
2248        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2249        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2250        u8 *tmpbuf;
2251        int ret;
2252        int nents;
2253        gfp_t gfp;
2254
2255        if (spu_no_incr_hash(ctx)) {
2256                /*
2257                 * If we get an incremental hashing request and it's not
2258                 * supported by the hardware, we need to handle it in software
2259                 * by calling synchronous hash functions.
2260                 */
2261                if (req->src) {
2262                        nents = sg_nents(req->src);
2263                } else {
2264                        ret = -EINVAL;
2265                        goto ahash_finup_exit;
2266                }
2267
2268                /* Copy data from req scatterlist to tmp buffer */
2269                gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2270                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2271                tmpbuf = kmalloc(req->nbytes, gfp);
2272                if (!tmpbuf) {
2273                        ret = -ENOMEM;
2274                        goto ahash_finup_exit;
2275                }
2276
2277                if (sg_copy_to_buffer(req->src, nents, tmpbuf, req->nbytes) !=
2278                                req->nbytes) {
2279                        ret = -EINVAL;
2280                        goto ahash_finup_free;
2281                }
2282
2283                /* Call synchronous update */
2284                ret = crypto_shash_finup(ctx->shash, tmpbuf, req->nbytes,
2285                                         req->result);
2286        } else {
2287                /* Otherwise call the internal function which uses SPU hw */
2288                return __ahash_finup(req);
2289        }
2290ahash_finup_free:
2291        kfree(tmpbuf);
2292
2293ahash_finup_exit:
2294        /* Done with hash, can deallocate it now */
2295        crypto_free_shash(ctx->shash->tfm);
2296        kfree(ctx->shash);
2297        return ret;
2298}
2299
2300static int ahash_digest(struct ahash_request *req)
2301{
2302        int err;
2303
2304        flow_log("ahash_digest() nbytes:%u\n", req->nbytes);
2305
2306        /* whole thing at once */
2307        err = __ahash_init(req);
2308        if (!err)
2309                err = __ahash_finup(req);
2310
2311        return err;
2312}
2313
2314static int ahash_setkey(struct crypto_ahash *ahash, const u8 *key,
2315                        unsigned int keylen)
2316{
2317        struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2318
2319        flow_log("%s() ahash:%p key:%p keylen:%u\n",
2320                 __func__, ahash, key, keylen);
2321        flow_dump("  key: ", key, keylen);
2322
2323        if (ctx->auth.alg == HASH_ALG_AES) {
2324                switch (keylen) {
2325                case AES_KEYSIZE_128:
2326                        ctx->cipher_type = CIPHER_TYPE_AES128;
2327                        break;
2328                case AES_KEYSIZE_192:
2329                        ctx->cipher_type = CIPHER_TYPE_AES192;
2330                        break;
2331                case AES_KEYSIZE_256:
2332                        ctx->cipher_type = CIPHER_TYPE_AES256;
2333                        break;
2334                default:
2335                        pr_err("%s() Error: Invalid key length\n", __func__);
2336                        return -EINVAL;
2337                }
2338        } else {
2339                pr_err("%s() Error: unknown hash alg\n", __func__);
2340                return -EINVAL;
2341        }
2342        memcpy(ctx->authkey, key, keylen);
2343        ctx->authkeylen = keylen;
2344
2345        return 0;
2346}
2347
2348static int ahash_export(struct ahash_request *req, void *out)
2349{
2350        const struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2351        struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)out;
2352
2353        spu_exp->total_todo = rctx->total_todo;
2354        spu_exp->total_sent = rctx->total_sent;
2355        spu_exp->is_sw_hmac = rctx->is_sw_hmac;
2356        memcpy(spu_exp->hash_carry, rctx->hash_carry, sizeof(rctx->hash_carry));
2357        spu_exp->hash_carry_len = rctx->hash_carry_len;
2358        memcpy(spu_exp->incr_hash, rctx->incr_hash, sizeof(rctx->incr_hash));
2359
2360        return 0;
2361}
2362
2363static int ahash_import(struct ahash_request *req, const void *in)
2364{
2365        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2366        struct spu_hash_export_s *spu_exp = (struct spu_hash_export_s *)in;
2367
2368        rctx->total_todo = spu_exp->total_todo;
2369        rctx->total_sent = spu_exp->total_sent;
2370        rctx->is_sw_hmac = spu_exp->is_sw_hmac;
2371        memcpy(rctx->hash_carry, spu_exp->hash_carry, sizeof(rctx->hash_carry));
2372        rctx->hash_carry_len = spu_exp->hash_carry_len;
2373        memcpy(rctx->incr_hash, spu_exp->incr_hash, sizeof(rctx->incr_hash));
2374
2375        return 0;
2376}
2377
2378static int ahash_hmac_setkey(struct crypto_ahash *ahash, const u8 *key,
2379                             unsigned int keylen)
2380{
2381        struct iproc_ctx_s *ctx = crypto_ahash_ctx(ahash);
2382        unsigned int blocksize =
2383                crypto_tfm_alg_blocksize(crypto_ahash_tfm(ahash));
2384        unsigned int digestsize = crypto_ahash_digestsize(ahash);
2385        unsigned int index;
2386        int rc;
2387
2388        flow_log("%s() ahash:%p key:%p keylen:%u blksz:%u digestsz:%u\n",
2389                 __func__, ahash, key, keylen, blocksize, digestsize);
2390        flow_dump("  key: ", key, keylen);
2391
2392        if (keylen > blocksize) {
2393                switch (ctx->auth.alg) {
2394                case HASH_ALG_MD5:
2395                        rc = do_shash("md5", ctx->authkey, key, keylen, NULL,
2396                                      0, NULL, 0);
2397                        break;
2398                case HASH_ALG_SHA1:
2399                        rc = do_shash("sha1", ctx->authkey, key, keylen, NULL,
2400                                      0, NULL, 0);
2401                        break;
2402                case HASH_ALG_SHA224:
2403                        rc = do_shash("sha224", ctx->authkey, key, keylen, NULL,
2404                                      0, NULL, 0);
2405                        break;
2406                case HASH_ALG_SHA256:
2407                        rc = do_shash("sha256", ctx->authkey, key, keylen, NULL,
2408                                      0, NULL, 0);
2409                        break;
2410                case HASH_ALG_SHA384:
2411                        rc = do_shash("sha384", ctx->authkey, key, keylen, NULL,
2412                                      0, NULL, 0);
2413                        break;
2414                case HASH_ALG_SHA512:
2415                        rc = do_shash("sha512", ctx->authkey, key, keylen, NULL,
2416                                      0, NULL, 0);
2417                        break;
2418                case HASH_ALG_SHA3_224:
2419                        rc = do_shash("sha3-224", ctx->authkey, key, keylen,
2420                                      NULL, 0, NULL, 0);
2421                        break;
2422                case HASH_ALG_SHA3_256:
2423                        rc = do_shash("sha3-256", ctx->authkey, key, keylen,
2424                                      NULL, 0, NULL, 0);
2425                        break;
2426                case HASH_ALG_SHA3_384:
2427                        rc = do_shash("sha3-384", ctx->authkey, key, keylen,
2428                                      NULL, 0, NULL, 0);
2429                        break;
2430                case HASH_ALG_SHA3_512:
2431                        rc = do_shash("sha3-512", ctx->authkey, key, keylen,
2432                                      NULL, 0, NULL, 0);
2433                        break;
2434                default:
2435                        pr_err("%s() Error: unknown hash alg\n", __func__);
2436                        return -EINVAL;
2437                }
2438                if (rc < 0) {
2439                        pr_err("%s() Error %d computing shash for %s\n",
2440                               __func__, rc, hash_alg_name[ctx->auth.alg]);
2441                        return rc;
2442                }
2443                ctx->authkeylen = digestsize;
2444
2445                flow_log("  keylen > digestsize... hashed\n");
2446                flow_dump("  newkey: ", ctx->authkey, ctx->authkeylen);
2447        } else {
2448                memcpy(ctx->authkey, key, keylen);
2449                ctx->authkeylen = keylen;
2450        }
2451
2452        /*
2453         * Full HMAC operation in SPUM is not verified,
2454         * So keeping the generation of IPAD, OPAD and
2455         * outer hashing in software.
2456         */
2457        if (iproc_priv.spu.spu_type == SPU_TYPE_SPUM) {
2458                memcpy(ctx->ipad, ctx->authkey, ctx->authkeylen);
2459                memset(ctx->ipad + ctx->authkeylen, 0,
2460                       blocksize - ctx->authkeylen);
2461                ctx->authkeylen = 0;
2462                memcpy(ctx->opad, ctx->ipad, blocksize);
2463
2464                for (index = 0; index < blocksize; index++) {
2465                        ctx->ipad[index] ^= HMAC_IPAD_VALUE;
2466                        ctx->opad[index] ^= HMAC_OPAD_VALUE;
2467                }
2468
2469                flow_dump("  ipad: ", ctx->ipad, blocksize);
2470                flow_dump("  opad: ", ctx->opad, blocksize);
2471        }
2472        ctx->digestsize = digestsize;
2473        atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_HMAC]);
2474
2475        return 0;
2476}
2477
2478static int ahash_hmac_init(struct ahash_request *req)
2479{
2480        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2481        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2482        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2483        unsigned int blocksize =
2484                        crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2485
2486        flow_log("ahash_hmac_init()\n");
2487
2488        /* init the context as a hash */
2489        ahash_init(req);
2490
2491        if (!spu_no_incr_hash(ctx)) {
2492                /* SPU-M can do incr hashing but needs sw for outer HMAC */
2493                rctx->is_sw_hmac = true;
2494                ctx->auth.mode = HASH_MODE_HASH;
2495                /* start with a prepended ipad */
2496                memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2497                rctx->hash_carry_len = blocksize;
2498                rctx->total_todo += blocksize;
2499        }
2500
2501        return 0;
2502}
2503
2504static int ahash_hmac_update(struct ahash_request *req)
2505{
2506        flow_log("ahash_hmac_update() nbytes:%u\n", req->nbytes);
2507
2508        if (!req->nbytes)
2509                return 0;
2510
2511        return ahash_update(req);
2512}
2513
2514static int ahash_hmac_final(struct ahash_request *req)
2515{
2516        flow_log("ahash_hmac_final() nbytes:%u\n", req->nbytes);
2517
2518        return ahash_final(req);
2519}
2520
2521static int ahash_hmac_finup(struct ahash_request *req)
2522{
2523        flow_log("ahash_hmac_finupl() nbytes:%u\n", req->nbytes);
2524
2525        return ahash_finup(req);
2526}
2527
2528static int ahash_hmac_digest(struct ahash_request *req)
2529{
2530        struct iproc_reqctx_s *rctx = ahash_request_ctx(req);
2531        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
2532        struct iproc_ctx_s *ctx = crypto_ahash_ctx(tfm);
2533        unsigned int blocksize =
2534                        crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
2535
2536        flow_log("ahash_hmac_digest() nbytes:%u\n", req->nbytes);
2537
2538        /* Perform initialization and then call finup */
2539        __ahash_init(req);
2540
2541        if (iproc_priv.spu.spu_type == SPU_TYPE_SPU2) {
2542                /*
2543                 * SPU2 supports full HMAC implementation in the
2544                 * hardware, need not to generate IPAD, OPAD and
2545                 * outer hash in software.
2546                 * Only for hash key len > hash block size, SPU2
2547                 * expects to perform hashing on the key, shorten
2548                 * it to digest size and feed it as hash key.
2549                 */
2550                rctx->is_sw_hmac = false;
2551                ctx->auth.mode = HASH_MODE_HMAC;
2552        } else {
2553                rctx->is_sw_hmac = true;
2554                ctx->auth.mode = HASH_MODE_HASH;
2555                /* start with a prepended ipad */
2556                memcpy(rctx->hash_carry, ctx->ipad, blocksize);
2557                rctx->hash_carry_len = blocksize;
2558                rctx->total_todo += blocksize;
2559        }
2560
2561        return __ahash_finup(req);
2562}
2563
2564/* aead helpers */
2565
2566static int aead_need_fallback(struct aead_request *req)
2567{
2568        struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2569        struct spu_hw *spu = &iproc_priv.spu;
2570        struct crypto_aead *aead = crypto_aead_reqtfm(req);
2571        struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2572        u32 payload_len;
2573
2574        /*
2575         * SPU hardware cannot handle the AES-GCM/CCM case where plaintext
2576         * and AAD are both 0 bytes long. So use fallback in this case.
2577         */
2578        if (((ctx->cipher.mode == CIPHER_MODE_GCM) ||
2579             (ctx->cipher.mode == CIPHER_MODE_CCM)) &&
2580            (req->assoclen == 0)) {
2581                if ((rctx->is_encrypt && (req->cryptlen == 0)) ||
2582                    (!rctx->is_encrypt && (req->cryptlen == ctx->digestsize))) {
2583                        flow_log("AES GCM/CCM needs fallback for 0 len req\n");
2584                        return 1;
2585                }
2586        }
2587
2588        /* SPU-M hardware only supports CCM digest size of 8, 12, or 16 bytes */
2589        if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2590            (spu->spu_type == SPU_TYPE_SPUM) &&
2591            (ctx->digestsize != 8) && (ctx->digestsize != 12) &&
2592            (ctx->digestsize != 16)) {
2593                flow_log("%s() AES CCM needs fallback for digest size %d\n",
2594                         __func__, ctx->digestsize);
2595                return 1;
2596        }
2597
2598        /*
2599         * SPU-M on NSP has an issue where AES-CCM hash is not correct
2600         * when AAD size is 0
2601         */
2602        if ((ctx->cipher.mode == CIPHER_MODE_CCM) &&
2603            (spu->spu_subtype == SPU_SUBTYPE_SPUM_NSP) &&
2604            (req->assoclen == 0)) {
2605                flow_log("%s() AES_CCM needs fallback for 0 len AAD on NSP\n",
2606                         __func__);
2607                return 1;
2608        }
2609
2610        /*
2611         * RFC4106 and RFC4543 cannot handle the case where AAD is other than
2612         * 16 or 20 bytes long. So use fallback in this case.
2613         */
2614        if (ctx->cipher.mode == CIPHER_MODE_GCM &&
2615            ctx->cipher.alg == CIPHER_ALG_AES &&
2616            rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
2617            req->assoclen != 16 && req->assoclen != 20) {
2618                flow_log("RFC4106/RFC4543 needs fallback for assoclen"
2619                         " other than 16 or 20 bytes\n");
2620                return 1;
2621        }
2622
2623        payload_len = req->cryptlen;
2624        if (spu->spu_type == SPU_TYPE_SPUM)
2625                payload_len += req->assoclen;
2626
2627        flow_log("%s() payload len: %u\n", __func__, payload_len);
2628
2629        if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2630                return 0;
2631        else
2632                return payload_len > ctx->max_payload;
2633}
2634
2635static void aead_complete(struct crypto_async_request *areq, int err)
2636{
2637        struct aead_request *req =
2638            container_of(areq, struct aead_request, base);
2639        struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2640        struct crypto_aead *aead = crypto_aead_reqtfm(req);
2641
2642        flow_log("%s() err:%d\n", __func__, err);
2643
2644        areq->tfm = crypto_aead_tfm(aead);
2645
2646        areq->complete = rctx->old_complete;
2647        areq->data = rctx->old_data;
2648
2649        areq->complete(areq, err);
2650}
2651
2652static int aead_do_fallback(struct aead_request *req, bool is_encrypt)
2653{
2654        struct crypto_aead *aead = crypto_aead_reqtfm(req);
2655        struct crypto_tfm *tfm = crypto_aead_tfm(aead);
2656        struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2657        struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
2658        int err;
2659        u32 req_flags;
2660
2661        flow_log("%s() enc:%u\n", __func__, is_encrypt);
2662
2663        if (ctx->fallback_cipher) {
2664                /* Store the cipher tfm and then use the fallback tfm */
2665                rctx->old_tfm = tfm;
2666                aead_request_set_tfm(req, ctx->fallback_cipher);
2667                /*
2668                 * Save the callback and chain ourselves in, so we can restore
2669                 * the tfm
2670                 */
2671                rctx->old_complete = req->base.complete;
2672                rctx->old_data = req->base.data;
2673                req_flags = aead_request_flags(req);
2674                aead_request_set_callback(req, req_flags, aead_complete, req);
2675                err = is_encrypt ? crypto_aead_encrypt(req) :
2676                    crypto_aead_decrypt(req);
2677
2678                if (err == 0) {
2679                        /*
2680                         * fallback was synchronous (did not return
2681                         * -EINPROGRESS). So restore request state here.
2682                         */
2683                        aead_request_set_callback(req, req_flags,
2684                                                  rctx->old_complete, req);
2685                        req->base.data = rctx->old_data;
2686                        aead_request_set_tfm(req, aead);
2687                        flow_log("%s() fallback completed successfully\n\n",
2688                                 __func__);
2689                }
2690        } else {
2691                err = -EINVAL;
2692        }
2693
2694        return err;
2695}
2696
2697static int aead_enqueue(struct aead_request *req, bool is_encrypt)
2698{
2699        struct iproc_reqctx_s *rctx = aead_request_ctx(req);
2700        struct crypto_aead *aead = crypto_aead_reqtfm(req);
2701        struct iproc_ctx_s *ctx = crypto_aead_ctx(aead);
2702        int err;
2703
2704        flow_log("%s() enc:%u\n", __func__, is_encrypt);
2705
2706        if (req->assoclen > MAX_ASSOC_SIZE) {
2707                pr_err
2708                    ("%s() Error: associated data too long. (%u > %u bytes)\n",
2709                     __func__, req->assoclen, MAX_ASSOC_SIZE);
2710                return -EINVAL;
2711        }
2712
2713        rctx->gfp = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
2714                       CRYPTO_TFM_REQ_MAY_SLEEP)) ? GFP_KERNEL : GFP_ATOMIC;
2715        rctx->parent = &req->base;
2716        rctx->is_encrypt = is_encrypt;
2717        rctx->bd_suppress = false;
2718        rctx->total_todo = req->cryptlen;
2719        rctx->src_sent = 0;
2720        rctx->total_sent = 0;
2721        rctx->total_received = 0;
2722        rctx->is_sw_hmac = false;
2723        rctx->ctx = ctx;
2724        memset(&rctx->mb_mssg, 0, sizeof(struct brcm_message));
2725
2726        /* assoc data is at start of src sg */
2727        rctx->assoc = req->src;
2728
2729        /*
2730         * Init current position in src scatterlist to be after assoc data.
2731         * src_skip set to buffer offset where data begins. (Assoc data could
2732         * end in the middle of a buffer.)
2733         */
2734        if (spu_sg_at_offset(req->src, req->assoclen, &rctx->src_sg,
2735                             &rctx->src_skip) < 0) {
2736                pr_err("%s() Error: Unable to find start of src data\n",
2737                       __func__);
2738                return -EINVAL;
2739        }
2740
2741        rctx->src_nents = 0;
2742        rctx->dst_nents = 0;
2743        if (req->dst == req->src) {
2744                rctx->dst_sg = rctx->src_sg;
2745                rctx->dst_skip = rctx->src_skip;
2746        } else {
2747                /*
2748                 * Expect req->dst to have room for assoc data followed by
2749                 * output data and ICV, if encrypt. So initialize dst_sg
2750                 * to point beyond assoc len offset.
2751                 */
2752                if (spu_sg_at_offset(req->dst, req->assoclen, &rctx->dst_sg,
2753                                     &rctx->dst_skip) < 0) {
2754                        pr_err("%s() Error: Unable to find start of dst data\n",
2755                               __func__);
2756                        return -EINVAL;
2757                }
2758        }
2759
2760        if (ctx->cipher.mode == CIPHER_MODE_CBC ||
2761            ctx->cipher.mode == CIPHER_MODE_CTR ||
2762            ctx->cipher.mode == CIPHER_MODE_OFB ||
2763            ctx->cipher.mode == CIPHER_MODE_XTS ||
2764            ctx->cipher.mode == CIPHER_MODE_GCM) {
2765                rctx->iv_ctr_len =
2766                        ctx->salt_len +
2767                        crypto_aead_ivsize(crypto_aead_reqtfm(req));
2768        } else if (ctx->cipher.mode == CIPHER_MODE_CCM) {
2769                rctx->iv_ctr_len = CCM_AES_IV_SIZE;
2770        } else {
2771                rctx->iv_ctr_len = 0;
2772        }
2773
2774        rctx->hash_carry_len = 0;
2775
2776        flow_log("  src sg: %p\n", req->src);
2777        flow_log("  rctx->src_sg: %p, src_skip %u\n",
2778                 rctx->src_sg, rctx->src_skip);
2779        flow_log("  assoc:  %p, assoclen %u\n", rctx->assoc, req->assoclen);
2780        flow_log("  dst sg: %p\n", req->dst);
2781        flow_log("  rctx->dst_sg: %p, dst_skip %u\n",
2782                 rctx->dst_sg, rctx->dst_skip);
2783        flow_log("  iv_ctr_len:%u\n", rctx->iv_ctr_len);
2784        flow_dump("  iv: ", req->iv, rctx->iv_ctr_len);
2785        flow_log("  authkeylen:%u\n", ctx->authkeylen);
2786        flow_log("  is_esp: %s\n", ctx->is_esp ? "yes" : "no");
2787
2788        if (ctx->max_payload == SPU_MAX_PAYLOAD_INF)
2789                flow_log("  max_payload infinite");
2790        else
2791                flow_log("  max_payload: %u\n", ctx->max_payload);
2792
2793        if (unlikely(aead_need_fallback(req)))
2794                return aead_do_fallback(req, is_encrypt);
2795
2796        /*
2797         * Do memory allocations for request after fallback check, because if we
2798         * do fallback, we won't call finish_req() to dealloc.
2799         */
2800        if (rctx->iv_ctr_len) {
2801                if (ctx->salt_len)
2802                        memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset,
2803                               ctx->salt, ctx->salt_len);
2804                memcpy(rctx->msg_buf.iv_ctr + ctx->salt_offset + ctx->salt_len,
2805                       req->iv,
2806                       rctx->iv_ctr_len - ctx->salt_len - ctx->salt_offset);
2807        }
2808
2809        rctx->chan_idx = select_channel();
2810        err = handle_aead_req(rctx);
2811        if (err != -EINPROGRESS)
2812                /* synchronous result */
2813                spu_chunk_cleanup(rctx);
2814
2815        return err;
2816}
2817
2818static int aead_authenc_setkey(struct crypto_aead *cipher,
2819                               const u8 *key, unsigned int keylen)
2820{
2821        struct spu_hw *spu = &iproc_priv.spu;
2822        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2823        struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2824        struct crypto_authenc_keys keys;
2825        int ret;
2826
2827        flow_log("%s() aead:%p key:%p keylen:%u\n", __func__, cipher, key,
2828                 keylen);
2829        flow_dump("  key: ", key, keylen);
2830
2831        ret = crypto_authenc_extractkeys(&keys, key, keylen);
2832        if (ret)
2833                goto badkey;
2834
2835        if (keys.enckeylen > MAX_KEY_SIZE ||
2836            keys.authkeylen > MAX_KEY_SIZE)
2837                goto badkey;
2838
2839        ctx->enckeylen = keys.enckeylen;
2840        ctx->authkeylen = keys.authkeylen;
2841
2842        memcpy(ctx->enckey, keys.enckey, keys.enckeylen);
2843        /* May end up padding auth key. So make sure it's zeroed. */
2844        memset(ctx->authkey, 0, sizeof(ctx->authkey));
2845        memcpy(ctx->authkey, keys.authkey, keys.authkeylen);
2846
2847        switch (ctx->alg->cipher_info.alg) {
2848        case CIPHER_ALG_DES:
2849                if (verify_aead_des_key(cipher, keys.enckey, keys.enckeylen))
2850                        return -EINVAL;
2851
2852                ctx->cipher_type = CIPHER_TYPE_DES;
2853                break;
2854        case CIPHER_ALG_3DES:
2855                if (verify_aead_des3_key(cipher, keys.enckey, keys.enckeylen))
2856                        return -EINVAL;
2857
2858                ctx->cipher_type = CIPHER_TYPE_3DES;
2859                break;
2860        case CIPHER_ALG_AES:
2861                switch (ctx->enckeylen) {
2862                case AES_KEYSIZE_128:
2863                        ctx->cipher_type = CIPHER_TYPE_AES128;
2864                        break;
2865                case AES_KEYSIZE_192:
2866                        ctx->cipher_type = CIPHER_TYPE_AES192;
2867                        break;
2868                case AES_KEYSIZE_256:
2869                        ctx->cipher_type = CIPHER_TYPE_AES256;
2870                        break;
2871                default:
2872                        goto badkey;
2873                }
2874                break;
2875        case CIPHER_ALG_RC4:
2876                ctx->cipher_type = CIPHER_TYPE_INIT;
2877                break;
2878        default:
2879                pr_err("%s() Error: Unknown cipher alg\n", __func__);
2880                return -EINVAL;
2881        }
2882
2883        flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2884                 ctx->authkeylen);
2885        flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2886        flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2887
2888        /* setkey the fallback just in case we needto use it */
2889        if (ctx->fallback_cipher) {
2890                flow_log("  running fallback setkey()\n");
2891
2892                ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2893                ctx->fallback_cipher->base.crt_flags |=
2894                    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2895                ret = crypto_aead_setkey(ctx->fallback_cipher, key, keylen);
2896                if (ret)
2897                        flow_log("  fallback setkey() returned:%d\n", ret);
2898        }
2899
2900        ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2901                                                          ctx->enckeylen,
2902                                                          false);
2903
2904        atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2905
2906        return ret;
2907
2908badkey:
2909        ctx->enckeylen = 0;
2910        ctx->authkeylen = 0;
2911        ctx->digestsize = 0;
2912
2913        return -EINVAL;
2914}
2915
2916static int aead_gcm_ccm_setkey(struct crypto_aead *cipher,
2917                               const u8 *key, unsigned int keylen)
2918{
2919        struct spu_hw *spu = &iproc_priv.spu;
2920        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
2921        struct crypto_tfm *tfm = crypto_aead_tfm(cipher);
2922
2923        int ret = 0;
2924
2925        flow_log("%s() keylen:%u\n", __func__, keylen);
2926        flow_dump("  key: ", key, keylen);
2927
2928        if (!ctx->is_esp)
2929                ctx->digestsize = keylen;
2930
2931        ctx->enckeylen = keylen;
2932        ctx->authkeylen = 0;
2933        memcpy(ctx->enckey, key, ctx->enckeylen);
2934
2935        switch (ctx->enckeylen) {
2936        case AES_KEYSIZE_128:
2937                ctx->cipher_type = CIPHER_TYPE_AES128;
2938                break;
2939        case AES_KEYSIZE_192:
2940                ctx->cipher_type = CIPHER_TYPE_AES192;
2941                break;
2942        case AES_KEYSIZE_256:
2943                ctx->cipher_type = CIPHER_TYPE_AES256;
2944                break;
2945        default:
2946                goto badkey;
2947        }
2948
2949        flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2950                 ctx->authkeylen);
2951        flow_dump("  enc: ", ctx->enckey, ctx->enckeylen);
2952        flow_dump("  auth: ", ctx->authkey, ctx->authkeylen);
2953
2954        /* setkey the fallback just in case we need to use it */
2955        if (ctx->fallback_cipher) {
2956                flow_log("  running fallback setkey()\n");
2957
2958                ctx->fallback_cipher->base.crt_flags &= ~CRYPTO_TFM_REQ_MASK;
2959                ctx->fallback_cipher->base.crt_flags |=
2960                    tfm->crt_flags & CRYPTO_TFM_REQ_MASK;
2961                ret = crypto_aead_setkey(ctx->fallback_cipher, key,
2962                                         keylen + ctx->salt_len);
2963                if (ret)
2964                        flow_log("  fallback setkey() returned:%d\n", ret);
2965        }
2966
2967        ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
2968                                                          ctx->enckeylen,
2969                                                          false);
2970
2971        atomic_inc(&iproc_priv.setkey_cnt[SPU_OP_AEAD]);
2972
2973        flow_log("  enckeylen:%u authkeylen:%u\n", ctx->enckeylen,
2974                 ctx->authkeylen);
2975
2976        return ret;
2977
2978badkey:
2979        ctx->enckeylen = 0;
2980        ctx->authkeylen = 0;
2981        ctx->digestsize = 0;
2982
2983        return -EINVAL;
2984}
2985
2986/**
2987 * aead_gcm_esp_setkey() - setkey() operation for ESP variant of GCM AES.
2988 * @cipher: AEAD structure
2989 * @key:    Key followed by 4 bytes of salt
2990 * @keylen: Length of key plus salt, in bytes
2991 *
2992 * Extracts salt from key and stores it to be prepended to IV on each request.
2993 * Digest is always 16 bytes
2994 *
2995 * Return: Value from generic gcm setkey.
2996 */
2997static int aead_gcm_esp_setkey(struct crypto_aead *cipher,
2998                               const u8 *key, unsigned int keylen)
2999{
3000        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3001
3002        flow_log("%s\n", __func__);
3003        ctx->salt_len = GCM_ESP_SALT_SIZE;
3004        ctx->salt_offset = GCM_ESP_SALT_OFFSET;
3005        memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
3006        keylen -= GCM_ESP_SALT_SIZE;
3007        ctx->digestsize = GCM_ESP_DIGESTSIZE;
3008        ctx->is_esp = true;
3009        flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
3010
3011        return aead_gcm_ccm_setkey(cipher, key, keylen);
3012}
3013
3014/**
3015 * rfc4543_gcm_esp_setkey() - setkey operation for RFC4543 variant of GCM/GMAC.
3016 * cipher: AEAD structure
3017 * key:    Key followed by 4 bytes of salt
3018 * keylen: Length of key plus salt, in bytes
3019 *
3020 * Extracts salt from key and stores it to be prepended to IV on each request.
3021 * Digest is always 16 bytes
3022 *
3023 * Return: Value from generic gcm setkey.
3024 */
3025static int rfc4543_gcm_esp_setkey(struct crypto_aead *cipher,
3026                                  const u8 *key, unsigned int keylen)
3027{
3028        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3029
3030        flow_log("%s\n", __func__);
3031        ctx->salt_len = GCM_ESP_SALT_SIZE;
3032        ctx->salt_offset = GCM_ESP_SALT_OFFSET;
3033        memcpy(ctx->salt, key + keylen - GCM_ESP_SALT_SIZE, GCM_ESP_SALT_SIZE);
3034        keylen -= GCM_ESP_SALT_SIZE;
3035        ctx->digestsize = GCM_ESP_DIGESTSIZE;
3036        ctx->is_esp = true;
3037        ctx->is_rfc4543 = true;
3038        flow_dump("salt: ", ctx->salt, GCM_ESP_SALT_SIZE);
3039
3040        return aead_gcm_ccm_setkey(cipher, key, keylen);
3041}
3042
3043/**
3044 * aead_ccm_esp_setkey() - setkey() operation for ESP variant of CCM AES.
3045 * @cipher: AEAD structure
3046 * @key:    Key followed by 4 bytes of salt
3047 * @keylen: Length of key plus salt, in bytes
3048 *
3049 * Extracts salt from key and stores it to be prepended to IV on each request.
3050 * Digest is always 16 bytes
3051 *
3052 * Return: Value from generic ccm setkey.
3053 */
3054static int aead_ccm_esp_setkey(struct crypto_aead *cipher,
3055                               const u8 *key, unsigned int keylen)
3056{
3057        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3058
3059        flow_log("%s\n", __func__);
3060        ctx->salt_len = CCM_ESP_SALT_SIZE;
3061        ctx->salt_offset = CCM_ESP_SALT_OFFSET;
3062        memcpy(ctx->salt, key + keylen - CCM_ESP_SALT_SIZE, CCM_ESP_SALT_SIZE);
3063        keylen -= CCM_ESP_SALT_SIZE;
3064        ctx->is_esp = true;
3065        flow_dump("salt: ", ctx->salt, CCM_ESP_SALT_SIZE);
3066
3067        return aead_gcm_ccm_setkey(cipher, key, keylen);
3068}
3069
3070static int aead_setauthsize(struct crypto_aead *cipher, unsigned int authsize)
3071{
3072        struct iproc_ctx_s *ctx = crypto_aead_ctx(cipher);
3073        int ret = 0;
3074
3075        flow_log("%s() authkeylen:%u authsize:%u\n",
3076                 __func__, ctx->authkeylen, authsize);
3077
3078        ctx->digestsize = authsize;
3079
3080        /* setkey the fallback just in case we needto use it */
3081        if (ctx->fallback_cipher) {
3082                flow_log("  running fallback setauth()\n");
3083
3084                ret = crypto_aead_setauthsize(ctx->fallback_cipher, authsize);
3085                if (ret)
3086                        flow_log("  fallback setauth() returned:%d\n", ret);
3087        }
3088
3089        return ret;
3090}
3091
3092static int aead_encrypt(struct aead_request *req)
3093{
3094        flow_log("%s() cryptlen:%u %08x\n", __func__, req->cryptlen,
3095                 req->cryptlen);
3096        dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3097        flow_log("  assoc_len:%u\n", req->assoclen);
3098
3099        return aead_enqueue(req, true);
3100}
3101
3102static int aead_decrypt(struct aead_request *req)
3103{
3104        flow_log("%s() cryptlen:%u\n", __func__, req->cryptlen);
3105        dump_sg(req->src, 0, req->cryptlen + req->assoclen);
3106        flow_log("  assoc_len:%u\n", req->assoclen);
3107
3108        return aead_enqueue(req, false);
3109}
3110
3111/* ==================== Supported Cipher Algorithms ==================== */
3112
3113static struct iproc_alg_s driver_algs[] = {
3114        {
3115         .type = CRYPTO_ALG_TYPE_AEAD,
3116         .alg.aead = {
3117                 .base = {
3118                        .cra_name = "gcm(aes)",
3119                        .cra_driver_name = "gcm-aes-iproc",
3120                        .cra_blocksize = AES_BLOCK_SIZE,
3121                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK
3122                 },
3123                 .setkey = aead_gcm_ccm_setkey,
3124                 .ivsize = GCM_AES_IV_SIZE,
3125                .maxauthsize = AES_BLOCK_SIZE,
3126         },
3127         .cipher_info = {
3128                         .alg = CIPHER_ALG_AES,
3129                         .mode = CIPHER_MODE_GCM,
3130                         },
3131         .auth_info = {
3132                       .alg = HASH_ALG_AES,
3133                       .mode = HASH_MODE_GCM,
3134                       },
3135         .auth_first = 0,
3136         },
3137        {
3138         .type = CRYPTO_ALG_TYPE_AEAD,
3139         .alg.aead = {
3140                 .base = {
3141                        .cra_name = "ccm(aes)",
3142                        .cra_driver_name = "ccm-aes-iproc",
3143                        .cra_blocksize = AES_BLOCK_SIZE,
3144                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK
3145                 },
3146                 .setkey = aead_gcm_ccm_setkey,
3147                 .ivsize = CCM_AES_IV_SIZE,
3148                .maxauthsize = AES_BLOCK_SIZE,
3149         },
3150         .cipher_info = {
3151                         .alg = CIPHER_ALG_AES,
3152                         .mode = CIPHER_MODE_CCM,
3153                         },
3154         .auth_info = {
3155                       .alg = HASH_ALG_AES,
3156                       .mode = HASH_MODE_CCM,
3157                       },
3158         .auth_first = 0,
3159         },
3160        {
3161         .type = CRYPTO_ALG_TYPE_AEAD,
3162         .alg.aead = {
3163                 .base = {
3164                        .cra_name = "rfc4106(gcm(aes))",
3165                        .cra_driver_name = "gcm-aes-esp-iproc",
3166                        .cra_blocksize = AES_BLOCK_SIZE,
3167                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK
3168                 },
3169                 .setkey = aead_gcm_esp_setkey,
3170                 .ivsize = GCM_RFC4106_IV_SIZE,
3171                 .maxauthsize = AES_BLOCK_SIZE,
3172         },
3173         .cipher_info = {
3174                         .alg = CIPHER_ALG_AES,
3175                         .mode = CIPHER_MODE_GCM,
3176                         },
3177         .auth_info = {
3178                       .alg = HASH_ALG_AES,
3179                       .mode = HASH_MODE_GCM,
3180                       },
3181         .auth_first = 0,
3182         },
3183        {
3184         .type = CRYPTO_ALG_TYPE_AEAD,
3185         .alg.aead = {
3186                 .base = {
3187                        .cra_name = "rfc4309(ccm(aes))",
3188                        .cra_driver_name = "ccm-aes-esp-iproc",
3189                        .cra_blocksize = AES_BLOCK_SIZE,
3190                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK
3191                 },
3192                 .setkey = aead_ccm_esp_setkey,
3193                 .ivsize = CCM_AES_IV_SIZE,
3194                 .maxauthsize = AES_BLOCK_SIZE,
3195         },
3196         .cipher_info = {
3197                         .alg = CIPHER_ALG_AES,
3198                         .mode = CIPHER_MODE_CCM,
3199                         },
3200         .auth_info = {
3201                       .alg = HASH_ALG_AES,
3202                       .mode = HASH_MODE_CCM,
3203                       },
3204         .auth_first = 0,
3205         },
3206        {
3207         .type = CRYPTO_ALG_TYPE_AEAD,
3208         .alg.aead = {
3209                 .base = {
3210                        .cra_name = "rfc4543(gcm(aes))",
3211                        .cra_driver_name = "gmac-aes-esp-iproc",
3212                        .cra_blocksize = AES_BLOCK_SIZE,
3213                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK
3214                 },
3215                 .setkey = rfc4543_gcm_esp_setkey,
3216                 .ivsize = GCM_RFC4106_IV_SIZE,
3217                 .maxauthsize = AES_BLOCK_SIZE,
3218         },
3219         .cipher_info = {
3220                         .alg = CIPHER_ALG_AES,
3221                         .mode = CIPHER_MODE_GCM,
3222                         },
3223         .auth_info = {
3224                       .alg = HASH_ALG_AES,
3225                       .mode = HASH_MODE_GCM,
3226                       },
3227         .auth_first = 0,
3228         },
3229        {
3230         .type = CRYPTO_ALG_TYPE_AEAD,
3231         .alg.aead = {
3232                 .base = {
3233                        .cra_name = "authenc(hmac(md5),cbc(aes))",
3234                        .cra_driver_name = "authenc-hmac-md5-cbc-aes-iproc",
3235                        .cra_blocksize = AES_BLOCK_SIZE,
3236                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3237                 },
3238                 .setkey = aead_authenc_setkey,
3239                .ivsize = AES_BLOCK_SIZE,
3240                .maxauthsize = MD5_DIGEST_SIZE,
3241         },
3242         .cipher_info = {
3243                         .alg = CIPHER_ALG_AES,
3244                         .mode = CIPHER_MODE_CBC,
3245                         },
3246         .auth_info = {
3247                       .alg = HASH_ALG_MD5,
3248                       .mode = HASH_MODE_HMAC,
3249                       },
3250         .auth_first = 0,
3251         },
3252        {
3253         .type = CRYPTO_ALG_TYPE_AEAD,
3254         .alg.aead = {
3255                 .base = {
3256                        .cra_name = "authenc(hmac(sha1),cbc(aes))",
3257                        .cra_driver_name = "authenc-hmac-sha1-cbc-aes-iproc",
3258                        .cra_blocksize = AES_BLOCK_SIZE,
3259                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3260                 },
3261                 .setkey = aead_authenc_setkey,
3262                 .ivsize = AES_BLOCK_SIZE,
3263                 .maxauthsize = SHA1_DIGEST_SIZE,
3264         },
3265         .cipher_info = {
3266                         .alg = CIPHER_ALG_AES,
3267                         .mode = CIPHER_MODE_CBC,
3268                         },
3269         .auth_info = {
3270                       .alg = HASH_ALG_SHA1,
3271                       .mode = HASH_MODE_HMAC,
3272                       },
3273         .auth_first = 0,
3274         },
3275        {
3276         .type = CRYPTO_ALG_TYPE_AEAD,
3277         .alg.aead = {
3278                 .base = {
3279                        .cra_name = "authenc(hmac(sha256),cbc(aes))",
3280                        .cra_driver_name = "authenc-hmac-sha256-cbc-aes-iproc",
3281                        .cra_blocksize = AES_BLOCK_SIZE,
3282                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3283                 },
3284                 .setkey = aead_authenc_setkey,
3285                 .ivsize = AES_BLOCK_SIZE,
3286                 .maxauthsize = SHA256_DIGEST_SIZE,
3287         },
3288         .cipher_info = {
3289                         .alg = CIPHER_ALG_AES,
3290                         .mode = CIPHER_MODE_CBC,
3291                         },
3292         .auth_info = {
3293                       .alg = HASH_ALG_SHA256,
3294                       .mode = HASH_MODE_HMAC,
3295                       },
3296         .auth_first = 0,
3297         },
3298        {
3299         .type = CRYPTO_ALG_TYPE_AEAD,
3300         .alg.aead = {
3301                 .base = {
3302                        .cra_name = "authenc(hmac(md5),cbc(des))",
3303                        .cra_driver_name = "authenc-hmac-md5-cbc-des-iproc",
3304                        .cra_blocksize = DES_BLOCK_SIZE,
3305                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3306                 },
3307                 .setkey = aead_authenc_setkey,
3308                 .ivsize = DES_BLOCK_SIZE,
3309                 .maxauthsize = MD5_DIGEST_SIZE,
3310         },
3311         .cipher_info = {
3312                         .alg = CIPHER_ALG_DES,
3313                         .mode = CIPHER_MODE_CBC,
3314                         },
3315         .auth_info = {
3316                       .alg = HASH_ALG_MD5,
3317                       .mode = HASH_MODE_HMAC,
3318                       },
3319         .auth_first = 0,
3320         },
3321        {
3322         .type = CRYPTO_ALG_TYPE_AEAD,
3323         .alg.aead = {
3324                 .base = {
3325                        .cra_name = "authenc(hmac(sha1),cbc(des))",
3326                        .cra_driver_name = "authenc-hmac-sha1-cbc-des-iproc",
3327                        .cra_blocksize = DES_BLOCK_SIZE,
3328                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3329                 },
3330                 .setkey = aead_authenc_setkey,
3331                 .ivsize = DES_BLOCK_SIZE,
3332                 .maxauthsize = SHA1_DIGEST_SIZE,
3333         },
3334         .cipher_info = {
3335                         .alg = CIPHER_ALG_DES,
3336                         .mode = CIPHER_MODE_CBC,
3337                         },
3338         .auth_info = {
3339                       .alg = HASH_ALG_SHA1,
3340                       .mode = HASH_MODE_HMAC,
3341                       },
3342         .auth_first = 0,
3343         },
3344        {
3345         .type = CRYPTO_ALG_TYPE_AEAD,
3346         .alg.aead = {
3347                 .base = {
3348                        .cra_name = "authenc(hmac(sha224),cbc(des))",
3349                        .cra_driver_name = "authenc-hmac-sha224-cbc-des-iproc",
3350                        .cra_blocksize = DES_BLOCK_SIZE,
3351                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3352                 },
3353                 .setkey = aead_authenc_setkey,
3354                 .ivsize = DES_BLOCK_SIZE,
3355                 .maxauthsize = SHA224_DIGEST_SIZE,
3356         },
3357         .cipher_info = {
3358                         .alg = CIPHER_ALG_DES,
3359                         .mode = CIPHER_MODE_CBC,
3360                         },
3361         .auth_info = {
3362                       .alg = HASH_ALG_SHA224,
3363                       .mode = HASH_MODE_HMAC,
3364                       },
3365         .auth_first = 0,
3366         },
3367        {
3368         .type = CRYPTO_ALG_TYPE_AEAD,
3369         .alg.aead = {
3370                 .base = {
3371                        .cra_name = "authenc(hmac(sha256),cbc(des))",
3372                        .cra_driver_name = "authenc-hmac-sha256-cbc-des-iproc",
3373                        .cra_blocksize = DES_BLOCK_SIZE,
3374                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3375                 },
3376                 .setkey = aead_authenc_setkey,
3377                 .ivsize = DES_BLOCK_SIZE,
3378                 .maxauthsize = SHA256_DIGEST_SIZE,
3379         },
3380         .cipher_info = {
3381                         .alg = CIPHER_ALG_DES,
3382                         .mode = CIPHER_MODE_CBC,
3383                         },
3384         .auth_info = {
3385                       .alg = HASH_ALG_SHA256,
3386                       .mode = HASH_MODE_HMAC,
3387                       },
3388         .auth_first = 0,
3389         },
3390        {
3391         .type = CRYPTO_ALG_TYPE_AEAD,
3392         .alg.aead = {
3393                 .base = {
3394                        .cra_name = "authenc(hmac(sha384),cbc(des))",
3395                        .cra_driver_name = "authenc-hmac-sha384-cbc-des-iproc",
3396                        .cra_blocksize = DES_BLOCK_SIZE,
3397                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3398                 },
3399                 .setkey = aead_authenc_setkey,
3400                 .ivsize = DES_BLOCK_SIZE,
3401                 .maxauthsize = SHA384_DIGEST_SIZE,
3402         },
3403         .cipher_info = {
3404                         .alg = CIPHER_ALG_DES,
3405                         .mode = CIPHER_MODE_CBC,
3406                         },
3407         .auth_info = {
3408                       .alg = HASH_ALG_SHA384,
3409                       .mode = HASH_MODE_HMAC,
3410                       },
3411         .auth_first = 0,
3412         },
3413        {
3414         .type = CRYPTO_ALG_TYPE_AEAD,
3415         .alg.aead = {
3416                 .base = {
3417                        .cra_name = "authenc(hmac(sha512),cbc(des))",
3418                        .cra_driver_name = "authenc-hmac-sha512-cbc-des-iproc",
3419                        .cra_blocksize = DES_BLOCK_SIZE,
3420                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3421                 },
3422                 .setkey = aead_authenc_setkey,
3423                 .ivsize = DES_BLOCK_SIZE,
3424                 .maxauthsize = SHA512_DIGEST_SIZE,
3425         },
3426         .cipher_info = {
3427                         .alg = CIPHER_ALG_DES,
3428                         .mode = CIPHER_MODE_CBC,
3429                         },
3430         .auth_info = {
3431                       .alg = HASH_ALG_SHA512,
3432                       .mode = HASH_MODE_HMAC,
3433                       },
3434         .auth_first = 0,
3435         },
3436        {
3437         .type = CRYPTO_ALG_TYPE_AEAD,
3438         .alg.aead = {
3439                 .base = {
3440                        .cra_name = "authenc(hmac(md5),cbc(des3_ede))",
3441                        .cra_driver_name = "authenc-hmac-md5-cbc-des3-iproc",
3442                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3443                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3444                 },
3445                 .setkey = aead_authenc_setkey,
3446                 .ivsize = DES3_EDE_BLOCK_SIZE,
3447                 .maxauthsize = MD5_DIGEST_SIZE,
3448         },
3449         .cipher_info = {
3450                         .alg = CIPHER_ALG_3DES,
3451                         .mode = CIPHER_MODE_CBC,
3452                         },
3453         .auth_info = {
3454                       .alg = HASH_ALG_MD5,
3455                       .mode = HASH_MODE_HMAC,
3456                       },
3457         .auth_first = 0,
3458         },
3459        {
3460         .type = CRYPTO_ALG_TYPE_AEAD,
3461         .alg.aead = {
3462                 .base = {
3463                        .cra_name = "authenc(hmac(sha1),cbc(des3_ede))",
3464                        .cra_driver_name = "authenc-hmac-sha1-cbc-des3-iproc",
3465                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3466                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3467                 },
3468                 .setkey = aead_authenc_setkey,
3469                 .ivsize = DES3_EDE_BLOCK_SIZE,
3470                 .maxauthsize = SHA1_DIGEST_SIZE,
3471         },
3472         .cipher_info = {
3473                         .alg = CIPHER_ALG_3DES,
3474                         .mode = CIPHER_MODE_CBC,
3475                         },
3476         .auth_info = {
3477                       .alg = HASH_ALG_SHA1,
3478                       .mode = HASH_MODE_HMAC,
3479                       },
3480         .auth_first = 0,
3481         },
3482        {
3483         .type = CRYPTO_ALG_TYPE_AEAD,
3484         .alg.aead = {
3485                 .base = {
3486                        .cra_name = "authenc(hmac(sha224),cbc(des3_ede))",
3487                        .cra_driver_name = "authenc-hmac-sha224-cbc-des3-iproc",
3488                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3489                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3490                 },
3491                 .setkey = aead_authenc_setkey,
3492                 .ivsize = DES3_EDE_BLOCK_SIZE,
3493                 .maxauthsize = SHA224_DIGEST_SIZE,
3494         },
3495         .cipher_info = {
3496                         .alg = CIPHER_ALG_3DES,
3497                         .mode = CIPHER_MODE_CBC,
3498                         },
3499         .auth_info = {
3500                       .alg = HASH_ALG_SHA224,
3501                       .mode = HASH_MODE_HMAC,
3502                       },
3503         .auth_first = 0,
3504         },
3505        {
3506         .type = CRYPTO_ALG_TYPE_AEAD,
3507         .alg.aead = {
3508                 .base = {
3509                        .cra_name = "authenc(hmac(sha256),cbc(des3_ede))",
3510                        .cra_driver_name = "authenc-hmac-sha256-cbc-des3-iproc",
3511                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3512                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3513                 },
3514                 .setkey = aead_authenc_setkey,
3515                 .ivsize = DES3_EDE_BLOCK_SIZE,
3516                 .maxauthsize = SHA256_DIGEST_SIZE,
3517         },
3518         .cipher_info = {
3519                         .alg = CIPHER_ALG_3DES,
3520                         .mode = CIPHER_MODE_CBC,
3521                         },
3522         .auth_info = {
3523                       .alg = HASH_ALG_SHA256,
3524                       .mode = HASH_MODE_HMAC,
3525                       },
3526         .auth_first = 0,
3527         },
3528        {
3529         .type = CRYPTO_ALG_TYPE_AEAD,
3530         .alg.aead = {
3531                 .base = {
3532                        .cra_name = "authenc(hmac(sha384),cbc(des3_ede))",
3533                        .cra_driver_name = "authenc-hmac-sha384-cbc-des3-iproc",
3534                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3535                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3536                 },
3537                 .setkey = aead_authenc_setkey,
3538                 .ivsize = DES3_EDE_BLOCK_SIZE,
3539                 .maxauthsize = SHA384_DIGEST_SIZE,
3540         },
3541         .cipher_info = {
3542                         .alg = CIPHER_ALG_3DES,
3543                         .mode = CIPHER_MODE_CBC,
3544                         },
3545         .auth_info = {
3546                       .alg = HASH_ALG_SHA384,
3547                       .mode = HASH_MODE_HMAC,
3548                       },
3549         .auth_first = 0,
3550         },
3551        {
3552         .type = CRYPTO_ALG_TYPE_AEAD,
3553         .alg.aead = {
3554                 .base = {
3555                        .cra_name = "authenc(hmac(sha512),cbc(des3_ede))",
3556                        .cra_driver_name = "authenc-hmac-sha512-cbc-des3-iproc",
3557                        .cra_blocksize = DES3_EDE_BLOCK_SIZE,
3558                        .cra_flags = CRYPTO_ALG_NEED_FALLBACK | CRYPTO_ALG_ASYNC
3559                 },
3560                 .setkey = aead_authenc_setkey,
3561                 .ivsize = DES3_EDE_BLOCK_SIZE,
3562                 .maxauthsize = SHA512_DIGEST_SIZE,
3563         },
3564         .cipher_info = {
3565                         .alg = CIPHER_ALG_3DES,
3566                         .mode = CIPHER_MODE_CBC,
3567                         },
3568         .auth_info = {
3569                       .alg = HASH_ALG_SHA512,
3570                       .mode = HASH_MODE_HMAC,
3571                       },
3572         .auth_first = 0,
3573         },
3574
3575/* SKCIPHER algorithms. */
3576        {
3577         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3578         .alg.skcipher = {
3579                        .base.cra_name = "ecb(arc4)",
3580                        .base.cra_driver_name = "ecb-arc4-iproc",
3581                        .base.cra_blocksize = ARC4_BLOCK_SIZE,
3582                        .min_keysize = ARC4_MIN_KEY_SIZE,
3583                        .max_keysize = ARC4_MAX_KEY_SIZE,
3584                        .ivsize = 0,
3585                        },
3586         .cipher_info = {
3587                         .alg = CIPHER_ALG_RC4,
3588                         .mode = CIPHER_MODE_NONE,
3589                         },
3590         .auth_info = {
3591                       .alg = HASH_ALG_NONE,
3592                       .mode = HASH_MODE_NONE,
3593                       },
3594         },
3595        {
3596         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3597         .alg.skcipher = {
3598                        .base.cra_name = "ofb(des)",
3599                        .base.cra_driver_name = "ofb-des-iproc",
3600                        .base.cra_blocksize = DES_BLOCK_SIZE,
3601                        .min_keysize = DES_KEY_SIZE,
3602                        .max_keysize = DES_KEY_SIZE,
3603                        .ivsize = DES_BLOCK_SIZE,
3604                        },
3605         .cipher_info = {
3606                         .alg = CIPHER_ALG_DES,
3607                         .mode = CIPHER_MODE_OFB,
3608                         },
3609         .auth_info = {
3610                       .alg = HASH_ALG_NONE,
3611                       .mode = HASH_MODE_NONE,
3612                       },
3613         },
3614        {
3615         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3616         .alg.skcipher = {
3617                        .base.cra_name = "cbc(des)",
3618                        .base.cra_driver_name = "cbc-des-iproc",
3619                        .base.cra_blocksize = DES_BLOCK_SIZE,
3620                        .min_keysize = DES_KEY_SIZE,
3621                        .max_keysize = DES_KEY_SIZE,
3622                        .ivsize = DES_BLOCK_SIZE,
3623                        },
3624         .cipher_info = {
3625                         .alg = CIPHER_ALG_DES,
3626                         .mode = CIPHER_MODE_CBC,
3627                         },
3628         .auth_info = {
3629                       .alg = HASH_ALG_NONE,
3630                       .mode = HASH_MODE_NONE,
3631                       },
3632         },
3633        {
3634         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3635         .alg.skcipher = {
3636                        .base.cra_name = "ecb(des)",
3637                        .base.cra_driver_name = "ecb-des-iproc",
3638                        .base.cra_blocksize = DES_BLOCK_SIZE,
3639                        .min_keysize = DES_KEY_SIZE,
3640                        .max_keysize = DES_KEY_SIZE,
3641                        .ivsize = 0,
3642                        },
3643         .cipher_info = {
3644                         .alg = CIPHER_ALG_DES,
3645                         .mode = CIPHER_MODE_ECB,
3646                         },
3647         .auth_info = {
3648                       .alg = HASH_ALG_NONE,
3649                       .mode = HASH_MODE_NONE,
3650                       },
3651         },
3652        {
3653         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3654         .alg.skcipher = {
3655                        .base.cra_name = "ofb(des3_ede)",
3656                        .base.cra_driver_name = "ofb-des3-iproc",
3657                        .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3658                        .min_keysize = DES3_EDE_KEY_SIZE,
3659                        .max_keysize = DES3_EDE_KEY_SIZE,
3660                        .ivsize = DES3_EDE_BLOCK_SIZE,
3661                        },
3662         .cipher_info = {
3663                         .alg = CIPHER_ALG_3DES,
3664                         .mode = CIPHER_MODE_OFB,
3665                         },
3666         .auth_info = {
3667                       .alg = HASH_ALG_NONE,
3668                       .mode = HASH_MODE_NONE,
3669                       },
3670         },
3671        {
3672         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3673         .alg.skcipher = {
3674                        .base.cra_name = "cbc(des3_ede)",
3675                        .base.cra_driver_name = "cbc-des3-iproc",
3676                        .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3677                        .min_keysize = DES3_EDE_KEY_SIZE,
3678                        .max_keysize = DES3_EDE_KEY_SIZE,
3679                        .ivsize = DES3_EDE_BLOCK_SIZE,
3680                        },
3681         .cipher_info = {
3682                         .alg = CIPHER_ALG_3DES,
3683                         .mode = CIPHER_MODE_CBC,
3684                         },
3685         .auth_info = {
3686                       .alg = HASH_ALG_NONE,
3687                       .mode = HASH_MODE_NONE,
3688                       },
3689         },
3690        {
3691         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3692         .alg.skcipher = {
3693                        .base.cra_name = "ecb(des3_ede)",
3694                        .base.cra_driver_name = "ecb-des3-iproc",
3695                        .base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
3696                        .min_keysize = DES3_EDE_KEY_SIZE,
3697                        .max_keysize = DES3_EDE_KEY_SIZE,
3698                        .ivsize = 0,
3699                        },
3700         .cipher_info = {
3701                         .alg = CIPHER_ALG_3DES,
3702                         .mode = CIPHER_MODE_ECB,
3703                         },
3704         .auth_info = {
3705                       .alg = HASH_ALG_NONE,
3706                       .mode = HASH_MODE_NONE,
3707                       },
3708         },
3709        {
3710         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3711         .alg.skcipher = {
3712                        .base.cra_name = "ofb(aes)",
3713                        .base.cra_driver_name = "ofb-aes-iproc",
3714                        .base.cra_blocksize = AES_BLOCK_SIZE,
3715                        .min_keysize = AES_MIN_KEY_SIZE,
3716                        .max_keysize = AES_MAX_KEY_SIZE,
3717                        .ivsize = AES_BLOCK_SIZE,
3718                        },
3719         .cipher_info = {
3720                         .alg = CIPHER_ALG_AES,
3721                         .mode = CIPHER_MODE_OFB,
3722                         },
3723         .auth_info = {
3724                       .alg = HASH_ALG_NONE,
3725                       .mode = HASH_MODE_NONE,
3726                       },
3727         },
3728        {
3729         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3730         .alg.skcipher = {
3731                        .base.cra_name = "cbc(aes)",
3732                        .base.cra_driver_name = "cbc-aes-iproc",
3733                        .base.cra_blocksize = AES_BLOCK_SIZE,
3734                        .min_keysize = AES_MIN_KEY_SIZE,
3735                        .max_keysize = AES_MAX_KEY_SIZE,
3736                        .ivsize = AES_BLOCK_SIZE,
3737                        },
3738         .cipher_info = {
3739                         .alg = CIPHER_ALG_AES,
3740                         .mode = CIPHER_MODE_CBC,
3741                         },
3742         .auth_info = {
3743                       .alg = HASH_ALG_NONE,
3744                       .mode = HASH_MODE_NONE,
3745                       },
3746         },
3747        {
3748         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3749         .alg.skcipher = {
3750                        .base.cra_name = "ecb(aes)",
3751                        .base.cra_driver_name = "ecb-aes-iproc",
3752                        .base.cra_blocksize = AES_BLOCK_SIZE,
3753                        .min_keysize = AES_MIN_KEY_SIZE,
3754                        .max_keysize = AES_MAX_KEY_SIZE,
3755                        .ivsize = 0,
3756                        },
3757         .cipher_info = {
3758                         .alg = CIPHER_ALG_AES,
3759                         .mode = CIPHER_MODE_ECB,
3760                         },
3761         .auth_info = {
3762                       .alg = HASH_ALG_NONE,
3763                       .mode = HASH_MODE_NONE,
3764                       },
3765         },
3766        {
3767         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3768         .alg.skcipher = {
3769                        .base.cra_name = "ctr(aes)",
3770                        .base.cra_driver_name = "ctr-aes-iproc",
3771                        .base.cra_blocksize = AES_BLOCK_SIZE,
3772                        .min_keysize = AES_MIN_KEY_SIZE,
3773                        .max_keysize = AES_MAX_KEY_SIZE,
3774                        .ivsize = AES_BLOCK_SIZE,
3775                        },
3776         .cipher_info = {
3777                         .alg = CIPHER_ALG_AES,
3778                         .mode = CIPHER_MODE_CTR,
3779                         },
3780         .auth_info = {
3781                       .alg = HASH_ALG_NONE,
3782                       .mode = HASH_MODE_NONE,
3783                       },
3784         },
3785{
3786         .type = CRYPTO_ALG_TYPE_SKCIPHER,
3787         .alg.skcipher = {
3788                        .base.cra_name = "xts(aes)",
3789                        .base.cra_driver_name = "xts-aes-iproc",
3790                        .base.cra_blocksize = AES_BLOCK_SIZE,
3791                        .min_keysize = 2 * AES_MIN_KEY_SIZE,
3792                        .max_keysize = 2 * AES_MAX_KEY_SIZE,
3793                        .ivsize = AES_BLOCK_SIZE,
3794                        },
3795         .cipher_info = {
3796                         .alg = CIPHER_ALG_AES,
3797                         .mode = CIPHER_MODE_XTS,
3798                         },
3799         .auth_info = {
3800                       .alg = HASH_ALG_NONE,
3801                       .mode = HASH_MODE_NONE,
3802                       },
3803         },
3804
3805/* AHASH algorithms. */
3806        {
3807         .type = CRYPTO_ALG_TYPE_AHASH,
3808         .alg.hash = {
3809                      .halg.digestsize = MD5_DIGEST_SIZE,
3810                      .halg.base = {
3811                                    .cra_name = "md5",
3812                                    .cra_driver_name = "md5-iproc",
3813                                    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3814                                    .cra_flags = CRYPTO_ALG_ASYNC,
3815                                }
3816                      },
3817         .cipher_info = {
3818                         .alg = CIPHER_ALG_NONE,
3819                         .mode = CIPHER_MODE_NONE,
3820                         },
3821         .auth_info = {
3822                       .alg = HASH_ALG_MD5,
3823                       .mode = HASH_MODE_HASH,
3824                       },
3825         },
3826        {
3827         .type = CRYPTO_ALG_TYPE_AHASH,
3828         .alg.hash = {
3829                      .halg.digestsize = MD5_DIGEST_SIZE,
3830                      .halg.base = {
3831                                    .cra_name = "hmac(md5)",
3832                                    .cra_driver_name = "hmac-md5-iproc",
3833                                    .cra_blocksize = MD5_BLOCK_WORDS * 4,
3834                                }
3835                      },
3836         .cipher_info = {
3837                         .alg = CIPHER_ALG_NONE,
3838                         .mode = CIPHER_MODE_NONE,
3839                         },
3840         .auth_info = {
3841                       .alg = HASH_ALG_MD5,
3842                       .mode = HASH_MODE_HMAC,
3843                       },
3844         },
3845        {.type = CRYPTO_ALG_TYPE_AHASH,
3846         .alg.hash = {
3847                      .halg.digestsize = SHA1_DIGEST_SIZE,
3848                      .halg.base = {
3849                                    .cra_name = "sha1",
3850                                    .cra_driver_name = "sha1-iproc",
3851                                    .cra_blocksize = SHA1_BLOCK_SIZE,
3852                                }
3853                      },
3854         .cipher_info = {
3855                         .alg = CIPHER_ALG_NONE,
3856                         .mode = CIPHER_MODE_NONE,
3857                         },
3858         .auth_info = {
3859                       .alg = HASH_ALG_SHA1,
3860                       .mode = HASH_MODE_HASH,
3861                       },
3862         },
3863        {.type = CRYPTO_ALG_TYPE_AHASH,
3864         .alg.hash = {
3865                      .halg.digestsize = SHA1_DIGEST_SIZE,
3866                      .halg.base = {
3867                                    .cra_name = "hmac(sha1)",
3868                                    .cra_driver_name = "hmac-sha1-iproc",
3869                                    .cra_blocksize = SHA1_BLOCK_SIZE,
3870                                }
3871                      },
3872         .cipher_info = {
3873                         .alg = CIPHER_ALG_NONE,
3874                         .mode = CIPHER_MODE_NONE,
3875                         },
3876         .auth_info = {
3877                       .alg = HASH_ALG_SHA1,
3878                       .mode = HASH_MODE_HMAC,
3879                       },
3880         },
3881        {.type = CRYPTO_ALG_TYPE_AHASH,
3882         .alg.hash = {
3883                        .halg.digestsize = SHA224_DIGEST_SIZE,
3884                        .halg.base = {
3885                                    .cra_name = "sha224",
3886                                    .cra_driver_name = "sha224-iproc",
3887                                    .cra_blocksize = SHA224_BLOCK_SIZE,
3888                        }
3889                      },
3890         .cipher_info = {
3891                         .alg = CIPHER_ALG_NONE,
3892                         .mode = CIPHER_MODE_NONE,
3893                         },
3894         .auth_info = {
3895                       .alg = HASH_ALG_SHA224,
3896                       .mode = HASH_MODE_HASH,
3897                       },
3898         },
3899        {.type = CRYPTO_ALG_TYPE_AHASH,
3900         .alg.hash = {
3901                      .halg.digestsize = SHA224_DIGEST_SIZE,
3902                      .halg.base = {
3903                                    .cra_name = "hmac(sha224)",
3904                                    .cra_driver_name = "hmac-sha224-iproc",
3905                                    .cra_blocksize = SHA224_BLOCK_SIZE,
3906                                }
3907                      },
3908         .cipher_info = {
3909                         .alg = CIPHER_ALG_NONE,
3910                         .mode = CIPHER_MODE_NONE,
3911                         },
3912         .auth_info = {
3913                       .alg = HASH_ALG_SHA224,
3914                       .mode = HASH_MODE_HMAC,
3915                       },
3916         },
3917        {.type = CRYPTO_ALG_TYPE_AHASH,
3918         .alg.hash = {
3919                      .halg.digestsize = SHA256_DIGEST_SIZE,
3920                      .halg.base = {
3921                                    .cra_name = "sha256",
3922                                    .cra_driver_name = "sha256-iproc",
3923                                    .cra_blocksize = SHA256_BLOCK_SIZE,
3924                                }
3925                      },
3926         .cipher_info = {
3927                         .alg = CIPHER_ALG_NONE,
3928                         .mode = CIPHER_MODE_NONE,
3929                         },
3930         .auth_info = {
3931                       .alg = HASH_ALG_SHA256,
3932                       .mode = HASH_MODE_HASH,
3933                       },
3934         },
3935        {.type = CRYPTO_ALG_TYPE_AHASH,
3936         .alg.hash = {
3937                      .halg.digestsize = SHA256_DIGEST_SIZE,
3938                      .halg.base = {
3939                                    .cra_name = "hmac(sha256)",
3940                                    .cra_driver_name = "hmac-sha256-iproc",
3941                                    .cra_blocksize = SHA256_BLOCK_SIZE,
3942                                }
3943                      },
3944         .cipher_info = {
3945                         .alg = CIPHER_ALG_NONE,
3946                         .mode = CIPHER_MODE_NONE,
3947                         },
3948         .auth_info = {
3949                       .alg = HASH_ALG_SHA256,
3950                       .mode = HASH_MODE_HMAC,
3951                       },
3952         },
3953        {
3954        .type = CRYPTO_ALG_TYPE_AHASH,
3955         .alg.hash = {
3956                      .halg.digestsize = SHA384_DIGEST_SIZE,
3957                      .halg.base = {
3958                                    .cra_name = "sha384",
3959                                    .cra_driver_name = "sha384-iproc",
3960                                    .cra_blocksize = SHA384_BLOCK_SIZE,
3961                                }
3962                      },
3963         .cipher_info = {
3964                         .alg = CIPHER_ALG_NONE,
3965                         .mode = CIPHER_MODE_NONE,
3966                         },
3967         .auth_info = {
3968                       .alg = HASH_ALG_SHA384,
3969                       .mode = HASH_MODE_HASH,
3970                       },
3971         },
3972        {
3973         .type = CRYPTO_ALG_TYPE_AHASH,
3974         .alg.hash = {
3975                      .halg.digestsize = SHA384_DIGEST_SIZE,
3976                      .halg.base = {
3977                                    .cra_name = "hmac(sha384)",
3978                                    .cra_driver_name = "hmac-sha384-iproc",
3979                                    .cra_blocksize = SHA384_BLOCK_SIZE,
3980                                }
3981                      },
3982         .cipher_info = {
3983                         .alg = CIPHER_ALG_NONE,
3984                         .mode = CIPHER_MODE_NONE,
3985                         },
3986         .auth_info = {
3987                       .alg = HASH_ALG_SHA384,
3988                       .mode = HASH_MODE_HMAC,
3989                       },
3990         },
3991        {
3992         .type = CRYPTO_ALG_TYPE_AHASH,
3993         .alg.hash = {
3994                      .halg.digestsize = SHA512_DIGEST_SIZE,
3995                      .halg.base = {
3996                                    .cra_name = "sha512",
3997                                    .cra_driver_name = "sha512-iproc",
3998                                    .cra_blocksize = SHA512_BLOCK_SIZE,
3999                                }
4000                      },
4001         .cipher_info = {
4002                         .alg = CIPHER_ALG_NONE,
4003                         .mode = CIPHER_MODE_NONE,
4004                         },
4005         .auth_info = {
4006                       .alg = HASH_ALG_SHA512,
4007                       .mode = HASH_MODE_HASH,
4008                       },
4009         },
4010        {
4011         .type = CRYPTO_ALG_TYPE_AHASH,
4012         .alg.hash = {
4013                      .halg.digestsize = SHA512_DIGEST_SIZE,
4014                      .halg.base = {
4015                                    .cra_name = "hmac(sha512)",
4016                                    .cra_driver_name = "hmac-sha512-iproc",
4017                                    .cra_blocksize = SHA512_BLOCK_SIZE,
4018                                }
4019                      },
4020         .cipher_info = {
4021                         .alg = CIPHER_ALG_NONE,
4022                         .mode = CIPHER_MODE_NONE,
4023                         },
4024         .auth_info = {
4025                       .alg = HASH_ALG_SHA512,
4026                       .mode = HASH_MODE_HMAC,
4027                       },
4028         },
4029        {
4030         .type = CRYPTO_ALG_TYPE_AHASH,
4031         .alg.hash = {
4032                      .halg.digestsize = SHA3_224_DIGEST_SIZE,
4033                      .halg.base = {
4034                                    .cra_name = "sha3-224",
4035                                    .cra_driver_name = "sha3-224-iproc",
4036                                    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4037                                }
4038                      },
4039         .cipher_info = {
4040                         .alg = CIPHER_ALG_NONE,
4041                         .mode = CIPHER_MODE_NONE,
4042                         },
4043         .auth_info = {
4044                       .alg = HASH_ALG_SHA3_224,
4045                       .mode = HASH_MODE_HASH,
4046                       },
4047         },
4048        {
4049         .type = CRYPTO_ALG_TYPE_AHASH,
4050         .alg.hash = {
4051                      .halg.digestsize = SHA3_224_DIGEST_SIZE,
4052                      .halg.base = {
4053                                    .cra_name = "hmac(sha3-224)",
4054                                    .cra_driver_name = "hmac-sha3-224-iproc",
4055                                    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4056                                }
4057                      },
4058         .cipher_info = {
4059                         .alg = CIPHER_ALG_NONE,
4060                         .mode = CIPHER_MODE_NONE,
4061                         },
4062         .auth_info = {
4063                       .alg = HASH_ALG_SHA3_224,
4064                       .mode = HASH_MODE_HMAC
4065                       },
4066         },
4067        {
4068         .type = CRYPTO_ALG_TYPE_AHASH,
4069         .alg.hash = {
4070                      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4071                      .halg.base = {
4072                                    .cra_name = "sha3-256",
4073                                    .cra_driver_name = "sha3-256-iproc",
4074                                    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4075                                }
4076                      },
4077         .cipher_info = {
4078                         .alg = CIPHER_ALG_NONE,
4079                         .mode = CIPHER_MODE_NONE,
4080                         },
4081         .auth_info = {
4082                       .alg = HASH_ALG_SHA3_256,
4083                       .mode = HASH_MODE_HASH,
4084                       },
4085         },
4086        {
4087         .type = CRYPTO_ALG_TYPE_AHASH,
4088         .alg.hash = {
4089                      .halg.digestsize = SHA3_256_DIGEST_SIZE,
4090                      .halg.base = {
4091                                    .cra_name = "hmac(sha3-256)",
4092                                    .cra_driver_name = "hmac-sha3-256-iproc",
4093                                    .cra_blocksize = SHA3_256_BLOCK_SIZE,
4094                                }
4095                      },
4096         .cipher_info = {
4097                         .alg = CIPHER_ALG_NONE,
4098                         .mode = CIPHER_MODE_NONE,
4099                         },
4100         .auth_info = {
4101                       .alg = HASH_ALG_SHA3_256,
4102                       .mode = HASH_MODE_HMAC,
4103                       },
4104         },
4105        {
4106         .type = CRYPTO_ALG_TYPE_AHASH,
4107         .alg.hash = {
4108                      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4109                      .halg.base = {
4110                                    .cra_name = "sha3-384",
4111                                    .cra_driver_name = "sha3-384-iproc",
4112                                    .cra_blocksize = SHA3_224_BLOCK_SIZE,
4113                                }
4114                      },
4115         .cipher_info = {
4116                         .alg = CIPHER_ALG_NONE,
4117                         .mode = CIPHER_MODE_NONE,
4118                         },
4119         .auth_info = {
4120                       .alg = HASH_ALG_SHA3_384,
4121                       .mode = HASH_MODE_HASH,
4122                       },
4123         },
4124        {
4125         .type = CRYPTO_ALG_TYPE_AHASH,
4126         .alg.hash = {
4127                      .halg.digestsize = SHA3_384_DIGEST_SIZE,
4128                      .halg.base = {
4129                                    .cra_name = "hmac(sha3-384)",
4130                                    .cra_driver_name = "hmac-sha3-384-iproc",
4131                                    .cra_blocksize = SHA3_384_BLOCK_SIZE,
4132                                }
4133                      },
4134         .cipher_info = {
4135                         .alg = CIPHER_ALG_NONE,
4136                         .mode = CIPHER_MODE_NONE,
4137                         },
4138         .auth_info = {
4139                       .alg = HASH_ALG_SHA3_384,
4140                       .mode = HASH_MODE_HMAC,
4141                       },
4142         },
4143        {
4144         .type = CRYPTO_ALG_TYPE_AHASH,
4145         .alg.hash = {
4146                      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4147                      .halg.base = {
4148                                    .cra_name = "sha3-512",
4149                                    .cra_driver_name = "sha3-512-iproc",
4150                                    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4151                                }
4152                      },
4153         .cipher_info = {
4154                         .alg = CIPHER_ALG_NONE,
4155                         .mode = CIPHER_MODE_NONE,
4156                         },
4157         .auth_info = {
4158                       .alg = HASH_ALG_SHA3_512,
4159                       .mode = HASH_MODE_HASH,
4160                       },
4161         },
4162        {
4163         .type = CRYPTO_ALG_TYPE_AHASH,
4164         .alg.hash = {
4165                      .halg.digestsize = SHA3_512_DIGEST_SIZE,
4166                      .halg.base = {
4167                                    .cra_name = "hmac(sha3-512)",
4168                                    .cra_driver_name = "hmac-sha3-512-iproc",
4169                                    .cra_blocksize = SHA3_512_BLOCK_SIZE,
4170                                }
4171                      },
4172         .cipher_info = {
4173                         .alg = CIPHER_ALG_NONE,
4174                         .mode = CIPHER_MODE_NONE,
4175                         },
4176         .auth_info = {
4177                       .alg = HASH_ALG_SHA3_512,
4178                       .mode = HASH_MODE_HMAC,
4179                       },
4180         },
4181        {
4182         .type = CRYPTO_ALG_TYPE_AHASH,
4183         .alg.hash = {
4184                      .halg.digestsize = AES_BLOCK_SIZE,
4185                      .halg.base = {
4186                                    .cra_name = "xcbc(aes)",
4187                                    .cra_driver_name = "xcbc-aes-iproc",
4188                                    .cra_blocksize = AES_BLOCK_SIZE,
4189                                }
4190                      },
4191         .cipher_info = {
4192                         .alg = CIPHER_ALG_NONE,
4193                         .mode = CIPHER_MODE_NONE,
4194                         },
4195         .auth_info = {
4196                       .alg = HASH_ALG_AES,
4197                       .mode = HASH_MODE_XCBC,
4198                       },
4199         },
4200        {
4201         .type = CRYPTO_ALG_TYPE_AHASH,
4202         .alg.hash = {
4203                      .halg.digestsize = AES_BLOCK_SIZE,
4204                      .halg.base = {
4205                                    .cra_name = "cmac(aes)",
4206                                    .cra_driver_name = "cmac-aes-iproc",
4207                                    .cra_blocksize = AES_BLOCK_SIZE,
4208                                }
4209                      },
4210         .cipher_info = {
4211                         .alg = CIPHER_ALG_NONE,
4212                         .mode = CIPHER_MODE_NONE,
4213                         },
4214         .auth_info = {
4215                       .alg = HASH_ALG_AES,
4216                       .mode = HASH_MODE_CMAC,
4217                       },
4218         },
4219};
4220
4221static int generic_cra_init(struct crypto_tfm *tfm,
4222                            struct iproc_alg_s *cipher_alg)
4223{
4224        struct spu_hw *spu = &iproc_priv.spu;
4225        struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4226        unsigned int blocksize = crypto_tfm_alg_blocksize(tfm);
4227
4228        flow_log("%s()\n", __func__);
4229
4230        ctx->alg = cipher_alg;
4231        ctx->cipher = cipher_alg->cipher_info;
4232        ctx->auth = cipher_alg->auth_info;
4233        ctx->auth_first = cipher_alg->auth_first;
4234        ctx->max_payload = spu->spu_ctx_max_payload(ctx->cipher.alg,
4235                                                    ctx->cipher.mode,
4236                                                    blocksize);
4237        ctx->fallback_cipher = NULL;
4238
4239        ctx->enckeylen = 0;
4240        ctx->authkeylen = 0;
4241
4242        atomic_inc(&iproc_priv.stream_count);
4243        atomic_inc(&iproc_priv.session_count);
4244
4245        return 0;
4246}
4247
4248static int skcipher_init_tfm(struct crypto_skcipher *skcipher)
4249{
4250        struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
4251        struct skcipher_alg *alg = crypto_skcipher_alg(skcipher);
4252        struct iproc_alg_s *cipher_alg;
4253
4254        flow_log("%s()\n", __func__);
4255
4256        crypto_skcipher_set_reqsize(skcipher, sizeof(struct iproc_reqctx_s));
4257
4258        cipher_alg = container_of(alg, struct iproc_alg_s, alg.skcipher);
4259        return generic_cra_init(tfm, cipher_alg);
4260}
4261
4262static int ahash_cra_init(struct crypto_tfm *tfm)
4263{
4264        int err;
4265        struct crypto_alg *alg = tfm->__crt_alg;
4266        struct iproc_alg_s *cipher_alg;
4267
4268        cipher_alg = container_of(__crypto_ahash_alg(alg), struct iproc_alg_s,
4269                                  alg.hash);
4270
4271        err = generic_cra_init(tfm, cipher_alg);
4272        flow_log("%s()\n", __func__);
4273
4274        /*
4275         * export state size has to be < 512 bytes. So don't include msg bufs
4276         * in state size.
4277         */
4278        crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
4279                                 sizeof(struct iproc_reqctx_s));
4280
4281        return err;
4282}
4283
4284static int aead_cra_init(struct crypto_aead *aead)
4285{
4286        struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4287        struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4288        struct crypto_alg *alg = tfm->__crt_alg;
4289        struct aead_alg *aalg = container_of(alg, struct aead_alg, base);
4290        struct iproc_alg_s *cipher_alg = container_of(aalg, struct iproc_alg_s,
4291                                                      alg.aead);
4292
4293        int err = generic_cra_init(tfm, cipher_alg);
4294
4295        flow_log("%s()\n", __func__);
4296
4297        crypto_aead_set_reqsize(aead, sizeof(struct iproc_reqctx_s));
4298        ctx->is_esp = false;
4299        ctx->salt_len = 0;
4300        ctx->salt_offset = 0;
4301
4302        /* random first IV */
4303        get_random_bytes(ctx->iv, MAX_IV_SIZE);
4304        flow_dump("  iv: ", ctx->iv, MAX_IV_SIZE);
4305
4306        if (!err) {
4307                if (alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) {
4308                        flow_log("%s() creating fallback cipher\n", __func__);
4309
4310                        ctx->fallback_cipher =
4311                            crypto_alloc_aead(alg->cra_name, 0,
4312                                              CRYPTO_ALG_ASYNC |
4313                                              CRYPTO_ALG_NEED_FALLBACK);
4314                        if (IS_ERR(ctx->fallback_cipher)) {
4315                                pr_err("%s() Error: failed to allocate fallback for %s\n",
4316                                       __func__, alg->cra_name);
4317                                return PTR_ERR(ctx->fallback_cipher);
4318                        }
4319                }
4320        }
4321
4322        return err;
4323}
4324
4325static void generic_cra_exit(struct crypto_tfm *tfm)
4326{
4327        atomic_dec(&iproc_priv.session_count);
4328}
4329
4330static void skcipher_exit_tfm(struct crypto_skcipher *tfm)
4331{
4332        generic_cra_exit(crypto_skcipher_tfm(tfm));
4333}
4334
4335static void aead_cra_exit(struct crypto_aead *aead)
4336{
4337        struct crypto_tfm *tfm = crypto_aead_tfm(aead);
4338        struct iproc_ctx_s *ctx = crypto_tfm_ctx(tfm);
4339
4340        generic_cra_exit(tfm);
4341
4342        if (ctx->fallback_cipher) {
4343                crypto_free_aead(ctx->fallback_cipher);
4344                ctx->fallback_cipher = NULL;
4345        }
4346}
4347
4348/**
4349 * spu_functions_register() - Specify hardware-specific SPU functions based on
4350 * SPU type read from device tree.
4351 * @dev:        device structure
4352 * @spu_type:   SPU hardware generation
4353 * @spu_subtype: SPU hardware version
4354 */
4355static void spu_functions_register(struct device *dev,
4356                                   enum spu_spu_type spu_type,
4357                                   enum spu_spu_subtype spu_subtype)
4358{
4359        struct spu_hw *spu = &iproc_priv.spu;
4360
4361        if (spu_type == SPU_TYPE_SPUM) {
4362                dev_dbg(dev, "Registering SPUM functions");
4363                spu->spu_dump_msg_hdr = spum_dump_msg_hdr;
4364                spu->spu_payload_length = spum_payload_length;
4365                spu->spu_response_hdr_len = spum_response_hdr_len;
4366                spu->spu_hash_pad_len = spum_hash_pad_len;
4367                spu->spu_gcm_ccm_pad_len = spum_gcm_ccm_pad_len;
4368                spu->spu_assoc_resp_len = spum_assoc_resp_len;
4369                spu->spu_aead_ivlen = spum_aead_ivlen;
4370                spu->spu_hash_type = spum_hash_type;
4371                spu->spu_digest_size = spum_digest_size;
4372                spu->spu_create_request = spum_create_request;
4373                spu->spu_cipher_req_init = spum_cipher_req_init;
4374                spu->spu_cipher_req_finish = spum_cipher_req_finish;
4375                spu->spu_request_pad = spum_request_pad;
4376                spu->spu_tx_status_len = spum_tx_status_len;
4377                spu->spu_rx_status_len = spum_rx_status_len;
4378                spu->spu_status_process = spum_status_process;
4379                spu->spu_xts_tweak_in_payload = spum_xts_tweak_in_payload;
4380                spu->spu_ccm_update_iv = spum_ccm_update_iv;
4381                spu->spu_wordalign_padlen = spum_wordalign_padlen;
4382                if (spu_subtype == SPU_SUBTYPE_SPUM_NS2)
4383                        spu->spu_ctx_max_payload = spum_ns2_ctx_max_payload;
4384                else
4385                        spu->spu_ctx_max_payload = spum_nsp_ctx_max_payload;
4386        } else {
4387                dev_dbg(dev, "Registering SPU2 functions");
4388                spu->spu_dump_msg_hdr = spu2_dump_msg_hdr;
4389                spu->spu_ctx_max_payload = spu2_ctx_max_payload;
4390                spu->spu_payload_length = spu2_payload_length;
4391                spu->spu_response_hdr_len = spu2_response_hdr_len;
4392                spu->spu_hash_pad_len = spu2_hash_pad_len;
4393                spu->spu_gcm_ccm_pad_len = spu2_gcm_ccm_pad_len;
4394                spu->spu_assoc_resp_len = spu2_assoc_resp_len;
4395                spu->spu_aead_ivlen = spu2_aead_ivlen;
4396                spu->spu_hash_type = spu2_hash_type;
4397                spu->spu_digest_size = spu2_digest_size;
4398                spu->spu_create_request = spu2_create_request;
4399                spu->spu_cipher_req_init = spu2_cipher_req_init;
4400                spu->spu_cipher_req_finish = spu2_cipher_req_finish;
4401                spu->spu_request_pad = spu2_request_pad;
4402                spu->spu_tx_status_len = spu2_tx_status_len;
4403                spu->spu_rx_status_len = spu2_rx_status_len;
4404                spu->spu_status_process = spu2_status_process;
4405                spu->spu_xts_tweak_in_payload = spu2_xts_tweak_in_payload;
4406                spu->spu_ccm_update_iv = spu2_ccm_update_iv;
4407                spu->spu_wordalign_padlen = spu2_wordalign_padlen;
4408        }
4409}
4410
4411/**
4412 * spu_mb_init() - Initialize mailbox client. Request ownership of a mailbox
4413 * channel for the SPU being probed.
4414 * @dev:  SPU driver device structure
4415 *
4416 * Return: 0 if successful
4417 *         < 0 otherwise
4418 */
4419static int spu_mb_init(struct device *dev)
4420{
4421        struct mbox_client *mcl = &iproc_priv.mcl;
4422        int err, i;
4423
4424        iproc_priv.mbox = devm_kcalloc(dev, iproc_priv.spu.num_chan,
4425                                  sizeof(struct mbox_chan *), GFP_KERNEL);
4426        if (!iproc_priv.mbox)
4427                return -ENOMEM;
4428
4429        mcl->dev = dev;
4430        mcl->tx_block = false;
4431        mcl->tx_tout = 0;
4432        mcl->knows_txdone = true;
4433        mcl->rx_callback = spu_rx_callback;
4434        mcl->tx_done = NULL;
4435
4436        for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4437                iproc_priv.mbox[i] = mbox_request_channel(mcl, i);
4438                if (IS_ERR(iproc_priv.mbox[i])) {
4439                        err = PTR_ERR(iproc_priv.mbox[i]);
4440                        dev_err(dev,
4441                                "Mbox channel %d request failed with err %d",
4442                                i, err);
4443                        iproc_priv.mbox[i] = NULL;
4444                        goto free_channels;
4445                }
4446        }
4447
4448        return 0;
4449free_channels:
4450        for (i = 0; i < iproc_priv.spu.num_chan; i++) {
4451                if (iproc_priv.mbox[i])
4452                        mbox_free_channel(iproc_priv.mbox[i]);
4453        }
4454
4455        return err;
4456}
4457
4458static void spu_mb_release(struct platform_device *pdev)
4459{
4460        int i;
4461
4462        for (i = 0; i < iproc_priv.spu.num_chan; i++)
4463                mbox_free_channel(iproc_priv.mbox[i]);
4464}
4465
4466static void spu_counters_init(void)
4467{
4468        int i;
4469        int j;
4470
4471        atomic_set(&iproc_priv.session_count, 0);
4472        atomic_set(&iproc_priv.stream_count, 0);
4473        atomic_set(&iproc_priv.next_chan, (int)iproc_priv.spu.num_chan);
4474        atomic64_set(&iproc_priv.bytes_in, 0);
4475        atomic64_set(&iproc_priv.bytes_out, 0);
4476        for (i = 0; i < SPU_OP_NUM; i++) {
4477                atomic_set(&iproc_priv.op_counts[i], 0);
4478                atomic_set(&iproc_priv.setkey_cnt[i], 0);
4479        }
4480        for (i = 0; i < CIPHER_ALG_LAST; i++)
4481                for (j = 0; j < CIPHER_MODE_LAST; j++)
4482                        atomic_set(&iproc_priv.cipher_cnt[i][j], 0);
4483
4484        for (i = 0; i < HASH_ALG_LAST; i++) {
4485                atomic_set(&iproc_priv.hash_cnt[i], 0);
4486                atomic_set(&iproc_priv.hmac_cnt[i], 0);
4487        }
4488        for (i = 0; i < AEAD_TYPE_LAST; i++)
4489                atomic_set(&iproc_priv.aead_cnt[i], 0);
4490
4491        atomic_set(&iproc_priv.mb_no_spc, 0);
4492        atomic_set(&iproc_priv.mb_send_fail, 0);
4493        atomic_set(&iproc_priv.bad_icv, 0);
4494}
4495
4496static int spu_register_skcipher(struct iproc_alg_s *driver_alg)
4497{
4498        struct spu_hw *spu = &iproc_priv.spu;
4499        struct skcipher_alg *crypto = &driver_alg->alg.skcipher;
4500        int err;
4501
4502        /* SPU2 does not support RC4 */
4503        if ((driver_alg->cipher_info.alg == CIPHER_ALG_RC4) &&
4504            (spu->spu_type == SPU_TYPE_SPU2))
4505                return 0;
4506
4507        crypto->base.cra_module = THIS_MODULE;
4508        crypto->base.cra_priority = cipher_pri;
4509        crypto->base.cra_alignmask = 0;
4510        crypto->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4511        crypto->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
4512
4513        crypto->init = skcipher_init_tfm;
4514        crypto->exit = skcipher_exit_tfm;
4515        crypto->setkey = skcipher_setkey;
4516        crypto->encrypt = skcipher_encrypt;
4517        crypto->decrypt = skcipher_decrypt;
4518
4519        err = crypto_register_skcipher(crypto);
4520        /* Mark alg as having been registered, if successful */
4521        if (err == 0)
4522                driver_alg->registered = true;
4523        pr_debug("  registered skcipher %s\n", crypto->base.cra_driver_name);
4524        return err;
4525}
4526
4527static int spu_register_ahash(struct iproc_alg_s *driver_alg)
4528{
4529        struct spu_hw *spu = &iproc_priv.spu;
4530        struct ahash_alg *hash = &driver_alg->alg.hash;
4531        int err;
4532
4533        /* AES-XCBC is the only AES hash type currently supported on SPU-M */
4534        if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4535            (driver_alg->auth_info.mode != HASH_MODE_XCBC) &&
4536            (spu->spu_type == SPU_TYPE_SPUM))
4537                return 0;
4538
4539        /* SHA3 algorithm variants are not registered for SPU-M or SPU2. */
4540        if ((driver_alg->auth_info.alg >= HASH_ALG_SHA3_224) &&
4541            (spu->spu_subtype != SPU_SUBTYPE_SPU2_V2))
4542                return 0;
4543
4544        hash->halg.base.cra_module = THIS_MODULE;
4545        hash->halg.base.cra_priority = hash_pri;
4546        hash->halg.base.cra_alignmask = 0;
4547        hash->halg.base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4548        hash->halg.base.cra_init = ahash_cra_init;
4549        hash->halg.base.cra_exit = generic_cra_exit;
4550        hash->halg.base.cra_flags = CRYPTO_ALG_ASYNC;
4551        hash->halg.statesize = sizeof(struct spu_hash_export_s);
4552
4553        if (driver_alg->auth_info.mode != HASH_MODE_HMAC) {
4554                hash->init = ahash_init;
4555                hash->update = ahash_update;
4556                hash->final = ahash_final;
4557                hash->finup = ahash_finup;
4558                hash->digest = ahash_digest;
4559                if ((driver_alg->auth_info.alg == HASH_ALG_AES) &&
4560                    ((driver_alg->auth_info.mode == HASH_MODE_XCBC) ||
4561                    (driver_alg->auth_info.mode == HASH_MODE_CMAC))) {
4562                        hash->setkey = ahash_setkey;
4563                }
4564        } else {
4565                hash->setkey = ahash_hmac_setkey;
4566                hash->init = ahash_hmac_init;
4567                hash->update = ahash_hmac_update;
4568                hash->final = ahash_hmac_final;
4569                hash->finup = ahash_hmac_finup;
4570                hash->digest = ahash_hmac_digest;
4571        }
4572        hash->export = ahash_export;
4573        hash->import = ahash_import;
4574
4575        err = crypto_register_ahash(hash);
4576        /* Mark alg as having been registered, if successful */
4577        if (err == 0)
4578                driver_alg->registered = true;
4579        pr_debug("  registered ahash %s\n",
4580                 hash->halg.base.cra_driver_name);
4581        return err;
4582}
4583
4584static int spu_register_aead(struct iproc_alg_s *driver_alg)
4585{
4586        struct aead_alg *aead = &driver_alg->alg.aead;
4587        int err;
4588
4589        aead->base.cra_module = THIS_MODULE;
4590        aead->base.cra_priority = aead_pri;
4591        aead->base.cra_alignmask = 0;
4592        aead->base.cra_ctxsize = sizeof(struct iproc_ctx_s);
4593
4594        aead->base.cra_flags |= CRYPTO_ALG_ASYNC;
4595        /* setkey set in alg initialization */
4596        aead->setauthsize = aead_setauthsize;
4597        aead->encrypt = aead_encrypt;
4598        aead->decrypt = aead_decrypt;
4599        aead->init = aead_cra_init;
4600        aead->exit = aead_cra_exit;
4601
4602        err = crypto_register_aead(aead);
4603        /* Mark alg as having been registered, if successful */
4604        if (err == 0)
4605                driver_alg->registered = true;
4606        pr_debug("  registered aead %s\n", aead->base.cra_driver_name);
4607        return err;
4608}
4609
4610/* register crypto algorithms the device supports */
4611static int spu_algs_register(struct device *dev)
4612{
4613        int i, j;
4614        int err;
4615
4616        for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4617                switch (driver_algs[i].type) {
4618                case CRYPTO_ALG_TYPE_SKCIPHER:
4619                        err = spu_register_skcipher(&driver_algs[i]);
4620                        break;
4621                case CRYPTO_ALG_TYPE_AHASH:
4622                        err = spu_register_ahash(&driver_algs[i]);
4623                        break;
4624                case CRYPTO_ALG_TYPE_AEAD:
4625                        err = spu_register_aead(&driver_algs[i]);
4626                        break;
4627                default:
4628                        dev_err(dev,
4629                                "iproc-crypto: unknown alg type: %d",
4630                                driver_algs[i].type);
4631                        err = -EINVAL;
4632                }
4633
4634                if (err) {
4635                        dev_err(dev, "alg registration failed with error %d\n",
4636                                err);
4637                        goto err_algs;
4638                }
4639        }
4640
4641        return 0;
4642
4643err_algs:
4644        for (j = 0; j < i; j++) {
4645                /* Skip any algorithm not registered */
4646                if (!driver_algs[j].registered)
4647                        continue;
4648                switch (driver_algs[j].type) {
4649                case CRYPTO_ALG_TYPE_SKCIPHER:
4650                        crypto_unregister_skcipher(&driver_algs[j].alg.skcipher);
4651                        driver_algs[j].registered = false;
4652                        break;
4653                case CRYPTO_ALG_TYPE_AHASH:
4654                        crypto_unregister_ahash(&driver_algs[j].alg.hash);
4655                        driver_algs[j].registered = false;
4656                        break;
4657                case CRYPTO_ALG_TYPE_AEAD:
4658                        crypto_unregister_aead(&driver_algs[j].alg.aead);
4659                        driver_algs[j].registered = false;
4660                        break;
4661                }
4662        }
4663        return err;
4664}
4665
4666/* ==================== Kernel Platform API ==================== */
4667
4668static struct spu_type_subtype spum_ns2_types = {
4669        SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NS2
4670};
4671
4672static struct spu_type_subtype spum_nsp_types = {
4673        SPU_TYPE_SPUM, SPU_SUBTYPE_SPUM_NSP
4674};
4675
4676static struct spu_type_subtype spu2_types = {
4677        SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V1
4678};
4679
4680static struct spu_type_subtype spu2_v2_types = {
4681        SPU_TYPE_SPU2, SPU_SUBTYPE_SPU2_V2
4682};
4683
4684static const struct of_device_id bcm_spu_dt_ids[] = {
4685        {
4686                .compatible = "brcm,spum-crypto",
4687                .data = &spum_ns2_types,
4688        },
4689        {
4690                .compatible = "brcm,spum-nsp-crypto",
4691                .data = &spum_nsp_types,
4692        },
4693        {
4694                .compatible = "brcm,spu2-crypto",
4695                .data = &spu2_types,
4696        },
4697        {
4698                .compatible = "brcm,spu2-v2-crypto",
4699                .data = &spu2_v2_types,
4700        },
4701        { /* sentinel */ }
4702};
4703
4704MODULE_DEVICE_TABLE(of, bcm_spu_dt_ids);
4705
4706static int spu_dt_read(struct platform_device *pdev)
4707{
4708        struct device *dev = &pdev->dev;
4709        struct spu_hw *spu = &iproc_priv.spu;
4710        struct resource *spu_ctrl_regs;
4711        const struct spu_type_subtype *matched_spu_type;
4712        struct device_node *dn = pdev->dev.of_node;
4713        int err, i;
4714
4715        /* Count number of mailbox channels */
4716        spu->num_chan = of_count_phandle_with_args(dn, "mboxes", "#mbox-cells");
4717
4718        matched_spu_type = of_device_get_match_data(dev);
4719        if (!matched_spu_type) {
4720                dev_err(dev, "Failed to match device\n");
4721                return -ENODEV;
4722        }
4723
4724        spu->spu_type = matched_spu_type->type;
4725        spu->spu_subtype = matched_spu_type->subtype;
4726
4727        for (i = 0; (i < MAX_SPUS) && ((spu_ctrl_regs =
4728                platform_get_resource(pdev, IORESOURCE_MEM, i)) != NULL); i++) {
4729
4730                spu->reg_vbase[i] = devm_ioremap_resource(dev, spu_ctrl_regs);
4731                if (IS_ERR(spu->reg_vbase[i])) {
4732                        err = PTR_ERR(spu->reg_vbase[i]);
4733                        dev_err(dev, "Failed to map registers: %d\n",
4734                                err);
4735                        spu->reg_vbase[i] = NULL;
4736                        return err;
4737                }
4738        }
4739        spu->num_spu = i;
4740        dev_dbg(dev, "Device has %d SPUs", spu->num_spu);
4741
4742        return 0;
4743}
4744
4745static int bcm_spu_probe(struct platform_device *pdev)
4746{
4747        struct device *dev = &pdev->dev;
4748        struct spu_hw *spu = &iproc_priv.spu;
4749        int err;
4750
4751        iproc_priv.pdev  = pdev;
4752        platform_set_drvdata(iproc_priv.pdev,
4753                             &iproc_priv);
4754
4755        err = spu_dt_read(pdev);
4756        if (err < 0)
4757                goto failure;
4758
4759        err = spu_mb_init(dev);
4760        if (err < 0)
4761                goto failure;
4762
4763        if (spu->spu_type == SPU_TYPE_SPUM)
4764                iproc_priv.bcm_hdr_len = 8;
4765        else if (spu->spu_type == SPU_TYPE_SPU2)
4766                iproc_priv.bcm_hdr_len = 0;
4767
4768        spu_functions_register(dev, spu->spu_type, spu->spu_subtype);
4769
4770        spu_counters_init();
4771
4772        spu_setup_debugfs();
4773
4774        err = spu_algs_register(dev);
4775        if (err < 0)
4776                goto fail_reg;
4777
4778        return 0;
4779
4780fail_reg:
4781        spu_free_debugfs();
4782failure:
4783        spu_mb_release(pdev);
4784        dev_err(dev, "%s failed with error %d.\n", __func__, err);
4785
4786        return err;
4787}
4788
4789static int bcm_spu_remove(struct platform_device *pdev)
4790{
4791        int i;
4792        struct device *dev = &pdev->dev;
4793        char *cdn;
4794
4795        for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
4796                /*
4797                 * Not all algorithms were registered, depending on whether
4798                 * hardware is SPU or SPU2.  So here we make sure to skip
4799                 * those algorithms that were not previously registered.
4800                 */
4801                if (!driver_algs[i].registered)
4802                        continue;
4803
4804                switch (driver_algs[i].type) {
4805                case CRYPTO_ALG_TYPE_SKCIPHER:
4806                        crypto_unregister_skcipher(&driver_algs[i].alg.skcipher);
4807                        dev_dbg(dev, "  unregistered cipher %s\n",
4808                                driver_algs[i].alg.skcipher.base.cra_driver_name);
4809                        driver_algs[i].registered = false;
4810                        break;
4811                case CRYPTO_ALG_TYPE_AHASH:
4812                        crypto_unregister_ahash(&driver_algs[i].alg.hash);
4813                        cdn = driver_algs[i].alg.hash.halg.base.cra_driver_name;
4814                        dev_dbg(dev, "  unregistered hash %s\n", cdn);
4815                        driver_algs[i].registered = false;
4816                        break;
4817                case CRYPTO_ALG_TYPE_AEAD:
4818                        crypto_unregister_aead(&driver_algs[i].alg.aead);
4819                        dev_dbg(dev, "  unregistered aead %s\n",
4820                                driver_algs[i].alg.aead.base.cra_driver_name);
4821                        driver_algs[i].registered = false;
4822                        break;
4823                }
4824        }
4825        spu_free_debugfs();
4826        spu_mb_release(pdev);
4827        return 0;
4828}
4829
4830/* ===== Kernel Module API ===== */
4831
4832static struct platform_driver bcm_spu_pdriver = {
4833        .driver = {
4834                   .name = "brcm-spu-crypto",
4835                   .of_match_table = of_match_ptr(bcm_spu_dt_ids),
4836                   },
4837        .probe = bcm_spu_probe,
4838        .remove = bcm_spu_remove,
4839};
4840module_platform_driver(bcm_spu_pdriver);
4841
4842MODULE_AUTHOR("Rob Rice <rob.rice@broadcom.com>");
4843MODULE_DESCRIPTION("Broadcom symmetric crypto offload driver");
4844MODULE_LICENSE("GPL v2");
4845