2019-05-27 14:55:05 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2008-06-23 19:50:15 +08:00
|
|
|
/*
|
|
|
|
* talitos - Freescale Integrated Security Engine (SEC) device driver
|
|
|
|
*
|
2011-07-15 11:21:38 +08:00
|
|
|
* Copyright (c) 2008-2011 Freescale Semiconductor, Inc.
|
2008-06-23 19:50:15 +08:00
|
|
|
*
|
|
|
|
* Scatterlist Crypto API glue code copied from files with the following:
|
|
|
|
* Copyright (c) 2006-2007 Herbert Xu <herbert@gondor.apana.org.au>
|
|
|
|
*
|
|
|
|
* Crypto algorithm registration code copied from hifn driver:
|
|
|
|
* 2007+ Copyright (c) Evgeniy Polyakov <johnpol@2ka.mipt.ru>
|
|
|
|
* All rights reserved.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/mod_devicetable.h>
|
|
|
|
#include <linux/device.h>
|
|
|
|
#include <linux/interrupt.h>
|
|
|
|
#include <linux/crypto.h>
|
|
|
|
#include <linux/hw_random.h>
|
2013-09-18 03:28:33 +08:00
|
|
|
#include <linux/of_address.h>
|
|
|
|
#include <linux/of_irq.h>
|
2008-06-23 19:50:15 +08:00
|
|
|
#include <linux/of_platform.h>
|
|
|
|
#include <linux/dma-mapping.h>
|
|
|
|
#include <linux/io.h>
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
#include <linux/rtnetlink.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/slab.h>
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
#include <crypto/algapi.h>
|
|
|
|
#include <crypto/aes.h>
|
2019-08-15 17:01:05 +08:00
|
|
|
#include <crypto/internal/des.h>
|
2020-11-13 13:20:21 +08:00
|
|
|
#include <crypto/sha1.h>
|
|
|
|
#include <crypto/sha2.h>
|
2010-05-19 17:20:36 +08:00
|
|
|
#include <crypto/md5.h>
|
2015-05-11 17:47:48 +08:00
|
|
|
#include <crypto/internal/aead.h>
|
2008-06-23 19:50:15 +08:00
|
|
|
#include <crypto/authenc.h>
|
2019-11-10 01:09:49 +08:00
|
|
|
#include <crypto/internal/skcipher.h>
|
2010-05-19 17:19:33 +08:00
|
|
|
#include <crypto/hash.h>
|
|
|
|
#include <crypto/internal/hash.h>
|
2009-03-29 15:52:32 +08:00
|
|
|
#include <crypto/scatterwalk.h>
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
#include "talitos.h"
|
|
|
|
|
2015-04-17 22:32:07 +08:00
|
|
|
static void to_talitos_ptr(struct talitos_ptr *ptr, dma_addr_t dma_addr,
|
2017-10-06 21:04:57 +08:00
|
|
|
unsigned int len, bool is_sec1)
|
2009-08-13 09:51:51 +08:00
|
|
|
{
|
2015-04-17 22:31:53 +08:00
|
|
|
ptr->ptr = cpu_to_be32(lower_32_bits(dma_addr));
|
2017-10-06 21:04:57 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
ptr->len1 = cpu_to_be16(len);
|
|
|
|
} else {
|
|
|
|
ptr->len = cpu_to_be16(len);
|
2015-04-17 22:32:07 +08:00
|
|
|
ptr->eptr = upper_32_bits(dma_addr);
|
2017-10-06 21:04:57 +08:00
|
|
|
}
|
2009-08-13 09:51:51 +08:00
|
|
|
}
|
|
|
|
|
2016-04-20 01:33:48 +08:00
|
|
|
static void copy_talitos_ptr(struct talitos_ptr *dst_ptr,
|
|
|
|
struct talitos_ptr *src_ptr, bool is_sec1)
|
|
|
|
{
|
|
|
|
dst_ptr->ptr = src_ptr->ptr;
|
2015-04-17 22:32:07 +08:00
|
|
|
if (is_sec1) {
|
2017-10-06 21:04:57 +08:00
|
|
|
dst_ptr->len1 = src_ptr->len1;
|
2015-04-17 22:32:07 +08:00
|
|
|
} else {
|
2017-10-06 21:04:57 +08:00
|
|
|
dst_ptr->len = src_ptr->len;
|
|
|
|
dst_ptr->eptr = src_ptr->eptr;
|
2015-04-17 22:32:07 +08:00
|
|
|
}
|
2015-04-17 22:31:59 +08:00
|
|
|
}
|
|
|
|
|
2015-04-17 22:32:07 +08:00
|
|
|
static unsigned short from_talitos_ptr_len(struct talitos_ptr *ptr,
|
|
|
|
bool is_sec1)
|
2015-04-17 22:31:59 +08:00
|
|
|
{
|
2015-04-17 22:32:07 +08:00
|
|
|
if (is_sec1)
|
|
|
|
return be16_to_cpu(ptr->len1);
|
|
|
|
else
|
|
|
|
return be16_to_cpu(ptr->len);
|
2015-04-17 22:31:59 +08:00
|
|
|
}
|
|
|
|
|
2016-06-06 19:20:34 +08:00
|
|
|
static void to_talitos_ptr_ext_set(struct talitos_ptr *ptr, u8 val,
|
|
|
|
bool is_sec1)
|
2015-04-17 22:31:55 +08:00
|
|
|
{
|
2015-04-17 22:32:07 +08:00
|
|
|
if (!is_sec1)
|
2016-06-06 19:20:34 +08:00
|
|
|
ptr->j_extent = val;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void to_talitos_ptr_ext_or(struct talitos_ptr *ptr, u8 val, bool is_sec1)
|
|
|
|
{
|
|
|
|
if (!is_sec1)
|
|
|
|
ptr->j_extent |= val;
|
2015-04-17 22:31:55 +08:00
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/*
|
|
|
|
* map virtual single (contiguous) pointer to h/w descriptor pointer
|
|
|
|
*/
|
2018-02-27 00:40:06 +08:00
|
|
|
static void __map_single_talitos_ptr(struct device *dev,
|
|
|
|
struct talitos_ptr *ptr,
|
|
|
|
unsigned int len, void *data,
|
|
|
|
enum dma_data_direction dir,
|
|
|
|
unsigned long attrs)
|
|
|
|
{
|
|
|
|
dma_addr_t dma_addr = dma_map_single_attrs(dev, data, len, dir, attrs);
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
|
|
|
|
to_talitos_ptr(ptr, dma_addr, len, is_sec1);
|
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
static void map_single_talitos_ptr(struct device *dev,
|
2015-04-17 22:31:53 +08:00
|
|
|
struct talitos_ptr *ptr,
|
2015-05-12 01:04:56 +08:00
|
|
|
unsigned int len, void *data,
|
2008-06-23 19:50:15 +08:00
|
|
|
enum dma_data_direction dir)
|
|
|
|
{
|
2018-02-27 00:40:06 +08:00
|
|
|
__map_single_talitos_ptr(dev, ptr, len, data, dir, 0);
|
|
|
|
}
|
2009-08-13 09:51:51 +08:00
|
|
|
|
2018-02-27 00:40:06 +08:00
|
|
|
static void map_single_talitos_ptr_nosync(struct device *dev,
|
|
|
|
struct talitos_ptr *ptr,
|
|
|
|
unsigned int len, void *data,
|
|
|
|
enum dma_data_direction dir)
|
|
|
|
{
|
|
|
|
__map_single_talitos_ptr(dev, ptr, len, data, dir,
|
|
|
|
DMA_ATTR_SKIP_CPU_SYNC);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* unmap bus single (contiguous) h/w descriptor pointer
|
|
|
|
*/
|
|
|
|
static void unmap_single_talitos_ptr(struct device *dev,
|
2015-04-17 22:31:53 +08:00
|
|
|
struct talitos_ptr *ptr,
|
2008-06-23 19:50:15 +08:00
|
|
|
enum dma_data_direction dir)
|
|
|
|
{
|
2015-04-17 22:32:07 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
|
2015-04-17 22:31:53 +08:00
|
|
|
dma_unmap_single(dev, be32_to_cpu(ptr->ptr),
|
2015-04-17 22:32:07 +08:00
|
|
|
from_talitos_ptr_len(ptr, is_sec1), dir);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int reset_channel(struct device *dev, int ch)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
unsigned int timeout = TALITOS_TIMEOUT;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR_LO,
|
|
|
|
TALITOS1_CCCR_LO_RESET);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
while ((in_be32(priv->chan[ch].reg + TALITOS_CCCR_LO) &
|
|
|
|
TALITOS1_CCCR_LO_RESET) && --timeout)
|
|
|
|
cpu_relax();
|
|
|
|
} else {
|
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR,
|
|
|
|
TALITOS2_CCCR_RESET);
|
|
|
|
|
|
|
|
while ((in_be32(priv->chan[ch].reg + TALITOS_CCCR) &
|
|
|
|
TALITOS2_CCCR_RESET) && --timeout)
|
|
|
|
cpu_relax();
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
if (timeout == 0) {
|
|
|
|
dev_err(dev, "failed to reset channel %d\n", ch);
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
2009-08-13 09:51:51 +08:00
|
|
|
/* set 36-bit addressing, done writeback enable and done IRQ enable */
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR_LO, TALITOS_CCCR_LO_EAE |
|
2009-08-13 09:51:51 +08:00
|
|
|
TALITOS_CCCR_LO_CDWE | TALITOS_CCCR_LO_CDIE);
|
2017-10-06 21:05:06 +08:00
|
|
|
/* enable chaining descriptors */
|
|
|
|
if (is_sec1)
|
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR_LO,
|
|
|
|
TALITOS_CCCR_LO_NE);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
/* and ICCR writeback, if available */
|
|
|
|
if (priv->features & TALITOS_FTR_HW_AUTH_CHECK)
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR_LO,
|
2008-10-12 20:33:14 +08:00
|
|
|
TALITOS_CCCR_LO_IWSE);
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int reset_device(struct device *dev)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
unsigned int timeout = TALITOS_TIMEOUT;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
u32 mcr = is_sec1 ? TALITOS1_MCR_SWR : TALITOS2_MCR_SWR;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->reg + TALITOS_MCR, mcr);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
while ((in_be32(priv->reg + TALITOS_MCR) & mcr)
|
2008-06-23 19:50:15 +08:00
|
|
|
&& --timeout)
|
|
|
|
cpu_relax();
|
|
|
|
|
2011-12-13 04:59:11 +08:00
|
|
|
if (priv->irq[1]) {
|
2011-11-21 16:13:27 +08:00
|
|
|
mcr = TALITOS_MCR_RCA1 | TALITOS_MCR_RCA3;
|
|
|
|
setbits32(priv->reg + TALITOS_MCR, mcr);
|
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
if (timeout == 0) {
|
|
|
|
dev_err(dev, "failed to reset device\n");
|
|
|
|
return -EIO;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Reset and initialize the device
|
|
|
|
*/
|
|
|
|
static int init_device(struct device *dev)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
int ch, err;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Master reset
|
|
|
|
* errata documentation: warning: certain SEC interrupts
|
|
|
|
* are not fully cleared by writing the MCR:SWR bit,
|
|
|
|
* set bit twice to completely reset
|
|
|
|
*/
|
|
|
|
err = reset_device(dev);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
err = reset_device(dev);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
/* reset channels */
|
|
|
|
for (ch = 0; ch < priv->num_channels; ch++) {
|
|
|
|
err = reset_channel(dev, ch);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* enable channel done and error interrupts */
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
clrbits32(priv->reg + TALITOS_IMR, TALITOS1_IMR_INIT);
|
|
|
|
clrbits32(priv->reg + TALITOS_IMR_LO, TALITOS1_IMR_LO_INIT);
|
|
|
|
/* disable parity error check in DEU (erroneous? test vect.) */
|
|
|
|
setbits32(priv->reg_deu + TALITOS_EUICR, TALITOS1_DEUICR_KPE);
|
|
|
|
} else {
|
|
|
|
setbits32(priv->reg + TALITOS_IMR, TALITOS2_IMR_INIT);
|
|
|
|
setbits32(priv->reg + TALITOS_IMR_LO, TALITOS2_IMR_LO_INIT);
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
/* disable integrity check error interrupts (use writeback instead) */
|
|
|
|
if (priv->features & TALITOS_FTR_HW_AUTH_CHECK)
|
2015-04-17 22:32:11 +08:00
|
|
|
setbits32(priv->reg_mdeu + TALITOS_EUICR_LO,
|
2008-10-12 20:33:14 +08:00
|
|
|
TALITOS_MDEUICR_LO_ICE);
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* talitos_submit - submits a descriptor to the device for processing
|
|
|
|
* @dev: the SEC device to be used
|
2011-07-15 11:21:38 +08:00
|
|
|
* @ch: the SEC device channel to be used
|
2008-06-23 19:50:15 +08:00
|
|
|
* @desc: the descriptor to be processed by the device
|
|
|
|
* @callback: whom to call when processing is complete
|
|
|
|
* @context: a handle for use by caller (optional)
|
|
|
|
*
|
|
|
|
* desc must contain valid dma-mapped (bus physical) address pointers.
|
|
|
|
* callback must check err and feedback in descriptor header
|
|
|
|
* for device processing status.
|
|
|
|
*/
|
2019-05-21 21:34:20 +08:00
|
|
|
static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
|
|
|
|
void (*callback)(struct device *dev,
|
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int error),
|
|
|
|
void *context)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
struct talitos_request *request;
|
2011-07-15 11:21:38 +08:00
|
|
|
unsigned long flags;
|
2008-06-23 19:50:15 +08:00
|
|
|
int head;
|
2015-04-17 22:32:09 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_lock_irqsave(&priv->chan[ch].head_lock, flags);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
if (!atomic_inc_not_zero(&priv->chan[ch].submit_count)) {
|
2008-07-17 20:16:40 +08:00
|
|
|
/* h/w fifo is full */
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_unlock_irqrestore(&priv->chan[ch].head_lock, flags);
|
2008-06-23 19:50:15 +08:00
|
|
|
return -EAGAIN;
|
|
|
|
}
|
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
head = priv->chan[ch].head;
|
|
|
|
request = &priv->chan[ch].fifo[head];
|
2008-07-17 20:16:40 +08:00
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/* map descriptor and save caller data */
|
2015-04-17 22:32:09 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
desc->hdr1 = desc->hdr;
|
|
|
|
request->dma_desc = dma_map_single(dev, &desc->hdr1,
|
|
|
|
TALITOS_DESC_SIZE,
|
|
|
|
DMA_BIDIRECTIONAL);
|
|
|
|
} else {
|
|
|
|
request->dma_desc = dma_map_single(dev, desc,
|
|
|
|
TALITOS_DESC_SIZE,
|
|
|
|
DMA_BIDIRECTIONAL);
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
request->callback = callback;
|
|
|
|
request->context = context;
|
|
|
|
|
|
|
|
/* increment fifo head */
|
2009-08-13 09:50:38 +08:00
|
|
|
priv->chan[ch].head = (priv->chan[ch].head + 1) & (priv->fifo_len - 1);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
smp_wmb();
|
|
|
|
request->desc = desc;
|
|
|
|
|
|
|
|
/* GO! */
|
|
|
|
wmb();
|
2011-11-21 16:13:27 +08:00
|
|
|
out_be32(priv->chan[ch].reg + TALITOS_FF,
|
|
|
|
upper_32_bits(request->dma_desc));
|
|
|
|
out_be32(priv->chan[ch].reg + TALITOS_FF_LO,
|
2010-09-23 15:56:38 +08:00
|
|
|
lower_32_bits(request->dma_desc));
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_unlock_irqrestore(&priv->chan[ch].head_lock, flags);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
return -EINPROGRESS;
|
|
|
|
}
|
|
|
|
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
static __be32 get_request_hdr(struct talitos_request *request, bool is_sec1)
|
|
|
|
{
|
|
|
|
struct talitos_edesc *edesc;
|
|
|
|
|
|
|
|
if (!is_sec1)
|
|
|
|
return request->desc->hdr;
|
|
|
|
|
|
|
|
if (!request->desc->next_desc)
|
|
|
|
return request->desc->hdr1;
|
|
|
|
|
|
|
|
edesc = container_of(request->desc, struct talitos_edesc, desc);
|
|
|
|
|
|
|
|
return ((struct talitos_desc *)(edesc->buf + edesc->dma_len))->hdr1;
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* process what was done, notify callback of error if not
|
|
|
|
*/
|
|
|
|
static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
struct talitos_request *request, saved_req;
|
|
|
|
unsigned long flags;
|
|
|
|
int tail, status;
|
2015-04-17 22:32:09 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_lock_irqsave(&priv->chan[ch].tail_lock, flags);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
tail = priv->chan[ch].tail;
|
|
|
|
while (priv->chan[ch].fifo[tail].desc) {
|
2015-04-17 22:32:09 +08:00
|
|
|
__be32 hdr;
|
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
request = &priv->chan[ch].fifo[tail];
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* descriptors with their done bits set don't get the error */
|
|
|
|
rmb();
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
hdr = get_request_hdr(request, is_sec1);
|
2015-04-17 22:32:09 +08:00
|
|
|
|
|
|
|
if ((hdr & DESC_HDR_DONE) == DESC_HDR_DONE)
|
2008-06-23 19:50:15 +08:00
|
|
|
status = 0;
|
2008-12-20 14:09:25 +08:00
|
|
|
else
|
2008-06-23 19:50:15 +08:00
|
|
|
if (!error)
|
|
|
|
break;
|
|
|
|
else
|
|
|
|
status = error;
|
|
|
|
|
|
|
|
dma_unmap_single(dev, request->dma_desc,
|
2015-04-17 22:32:09 +08:00
|
|
|
TALITOS_DESC_SIZE,
|
2009-03-29 15:53:23 +08:00
|
|
|
DMA_BIDIRECTIONAL);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* copy entries so we can call callback outside lock */
|
|
|
|
saved_req.desc = request->desc;
|
|
|
|
saved_req.callback = request->callback;
|
|
|
|
saved_req.context = request->context;
|
|
|
|
|
|
|
|
/* release request entry in fifo */
|
|
|
|
smp_wmb();
|
|
|
|
request->desc = NULL;
|
|
|
|
|
|
|
|
/* increment fifo tail */
|
2009-08-13 09:50:38 +08:00
|
|
|
priv->chan[ch].tail = (tail + 1) & (priv->fifo_len - 1);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_unlock_irqrestore(&priv->chan[ch].tail_lock, flags);
|
2008-07-17 20:16:40 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
atomic_dec(&priv->chan[ch].submit_count);
|
2008-07-17 20:16:40 +08:00
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
saved_req.callback(dev, saved_req.desc, saved_req.context,
|
|
|
|
status);
|
|
|
|
/* channel may resume processing in single desc error case */
|
|
|
|
if (error && !reset_ch && status == error)
|
|
|
|
return;
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_lock_irqsave(&priv->chan[ch].tail_lock, flags);
|
|
|
|
tail = priv->chan[ch].tail;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_unlock_irqrestore(&priv->chan[ch].tail_lock, flags);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* process completed requests for channels that have done status
|
|
|
|
*/
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
#define DEF_TALITOS1_DONE(name, ch_done_mask) \
|
|
|
|
static void talitos1_done_##name(unsigned long data) \
|
|
|
|
{ \
|
|
|
|
struct device *dev = (struct device *)data; \
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev); \
|
|
|
|
unsigned long flags; \
|
|
|
|
\
|
|
|
|
if (ch_done_mask & 0x10000000) \
|
|
|
|
flush_channel(dev, 0, 0, 0); \
|
|
|
|
if (ch_done_mask & 0x40000000) \
|
|
|
|
flush_channel(dev, 1, 0, 0); \
|
|
|
|
if (ch_done_mask & 0x00010000) \
|
|
|
|
flush_channel(dev, 2, 0, 0); \
|
|
|
|
if (ch_done_mask & 0x00040000) \
|
|
|
|
flush_channel(dev, 3, 0, 0); \
|
|
|
|
\
|
|
|
|
/* At this point, all completed channels have been processed */ \
|
|
|
|
/* Unmask done interrupts for channels completed later on. */ \
|
|
|
|
spin_lock_irqsave(&priv->reg_lock, flags); \
|
|
|
|
clrbits32(priv->reg + TALITOS_IMR, ch_done_mask); \
|
|
|
|
clrbits32(priv->reg + TALITOS_IMR_LO, TALITOS1_IMR_LO_INIT); \
|
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
|
|
|
}
|
|
|
|
|
|
|
|
DEF_TALITOS1_DONE(4ch, TALITOS1_ISR_4CHDONE)
|
2017-10-06 21:04:55 +08:00
|
|
|
DEF_TALITOS1_DONE(ch0, TALITOS1_ISR_CH_0_DONE)
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
|
|
|
|
#define DEF_TALITOS2_DONE(name, ch_done_mask) \
|
|
|
|
static void talitos2_done_##name(unsigned long data) \
|
2011-11-21 16:13:27 +08:00
|
|
|
{ \
|
|
|
|
struct device *dev = (struct device *)data; \
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev); \
|
2012-03-30 22:49:53 +08:00
|
|
|
unsigned long flags; \
|
2011-11-21 16:13:27 +08:00
|
|
|
\
|
|
|
|
if (ch_done_mask & 1) \
|
|
|
|
flush_channel(dev, 0, 0, 0); \
|
|
|
|
if (ch_done_mask & (1 << 2)) \
|
|
|
|
flush_channel(dev, 1, 0, 0); \
|
|
|
|
if (ch_done_mask & (1 << 4)) \
|
|
|
|
flush_channel(dev, 2, 0, 0); \
|
|
|
|
if (ch_done_mask & (1 << 6)) \
|
|
|
|
flush_channel(dev, 3, 0, 0); \
|
|
|
|
\
|
|
|
|
/* At this point, all completed channels have been processed */ \
|
|
|
|
/* Unmask done interrupts for channels completed later on. */ \
|
2012-03-30 22:49:53 +08:00
|
|
|
spin_lock_irqsave(&priv->reg_lock, flags); \
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->reg + TALITOS_IMR, ch_done_mask); \
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
setbits32(priv->reg + TALITOS_IMR_LO, TALITOS2_IMR_LO_INIT); \
|
2012-03-30 22:49:53 +08:00
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
|
|
|
|
DEF_TALITOS2_DONE(4ch, TALITOS2_ISR_4CHDONE)
|
2017-10-06 21:04:55 +08:00
|
|
|
DEF_TALITOS2_DONE(ch0, TALITOS2_ISR_CH_0_DONE)
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
DEF_TALITOS2_DONE(ch0_2, TALITOS2_ISR_CH_0_2_DONE)
|
|
|
|
DEF_TALITOS2_DONE(ch1_3, TALITOS2_ISR_CH_1_3_DONE)
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* locate current (offending) descriptor
|
|
|
|
*/
|
2020-10-08 17:34:56 +08:00
|
|
|
static __be32 current_desc_hdr(struct device *dev, int ch)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
2013-11-13 18:20:37 +08:00
|
|
|
int tail, iter;
|
2008-06-23 19:50:15 +08:00
|
|
|
dma_addr_t cur_desc;
|
|
|
|
|
2013-11-13 18:20:37 +08:00
|
|
|
cur_desc = ((u64)in_be32(priv->chan[ch].reg + TALITOS_CDPR)) << 32;
|
|
|
|
cur_desc |= in_be32(priv->chan[ch].reg + TALITOS_CDPR_LO);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2013-11-13 18:20:37 +08:00
|
|
|
if (!cur_desc) {
|
|
|
|
dev_err(dev, "CDPR is NULL, giving up search for offending descriptor\n");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
tail = priv->chan[ch].tail;
|
|
|
|
|
|
|
|
iter = tail;
|
2017-10-06 21:05:06 +08:00
|
|
|
while (priv->chan[ch].fifo[iter].dma_desc != cur_desc &&
|
2020-10-08 17:34:55 +08:00
|
|
|
priv->chan[ch].fifo[iter].desc->next_desc != cpu_to_be32(cur_desc)) {
|
2013-11-13 18:20:37 +08:00
|
|
|
iter = (iter + 1) & (priv->fifo_len - 1);
|
|
|
|
if (iter == tail) {
|
2008-06-23 19:50:15 +08:00
|
|
|
dev_err(dev, "couldn't locate current descriptor\n");
|
2011-10-21 21:20:28 +08:00
|
|
|
return 0;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-10-08 17:34:55 +08:00
|
|
|
if (priv->chan[ch].fifo[iter].desc->next_desc == cpu_to_be32(cur_desc)) {
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
struct talitos_edesc *edesc;
|
|
|
|
|
|
|
|
edesc = container_of(priv->chan[ch].fifo[iter].desc,
|
|
|
|
struct talitos_edesc, desc);
|
|
|
|
return ((struct talitos_desc *)
|
|
|
|
(edesc->buf + edesc->dma_len))->hdr;
|
|
|
|
}
|
2017-10-06 21:05:06 +08:00
|
|
|
|
2013-11-13 18:20:37 +08:00
|
|
|
return priv->chan[ch].fifo[iter].desc->hdr;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* user diagnostics; report root cause of error based on execution unit status
|
|
|
|
*/
|
2020-10-08 17:34:56 +08:00
|
|
|
static void report_eu_error(struct device *dev, int ch, __be32 desc_hdr)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
int i;
|
|
|
|
|
2011-10-21 21:20:28 +08:00
|
|
|
if (!desc_hdr)
|
2020-10-08 17:34:56 +08:00
|
|
|
desc_hdr = cpu_to_be32(in_be32(priv->chan[ch].reg + TALITOS_DESCBUF));
|
2011-10-21 21:20:28 +08:00
|
|
|
|
|
|
|
switch (desc_hdr & DESC_HDR_SEL0_MASK) {
|
2008-06-23 19:50:15 +08:00
|
|
|
case DESC_HDR_SEL0_AFEU:
|
|
|
|
dev_err(dev, "AFEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_afeu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_afeu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_DEU:
|
|
|
|
dev_err(dev, "DEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_deu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_deu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_MDEUA:
|
|
|
|
case DESC_HDR_SEL0_MDEUB:
|
|
|
|
dev_err(dev, "MDEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_mdeu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_mdeu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_RNG:
|
|
|
|
dev_err(dev, "RNGUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_rngu + TALITOS_ISR),
|
|
|
|
in_be32(priv->reg_rngu + TALITOS_ISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_PKEU:
|
|
|
|
dev_err(dev, "PKEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_pkeu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_pkeu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_AESU:
|
|
|
|
dev_err(dev, "AESUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_aesu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_aesu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_CRCU:
|
|
|
|
dev_err(dev, "CRCUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_crcu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_crcu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL0_KEU:
|
|
|
|
dev_err(dev, "KEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_pkeu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_pkeu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-10-21 21:20:28 +08:00
|
|
|
switch (desc_hdr & DESC_HDR_SEL1_MASK) {
|
2008-06-23 19:50:15 +08:00
|
|
|
case DESC_HDR_SEL1_MDEUA:
|
|
|
|
case DESC_HDR_SEL1_MDEUB:
|
|
|
|
dev_err(dev, "MDEUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_mdeu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_mdeu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
case DESC_HDR_SEL1_CRCU:
|
|
|
|
dev_err(dev, "CRCUISR 0x%08x_%08x\n",
|
2015-04-17 22:32:11 +08:00
|
|
|
in_be32(priv->reg_crcu + TALITOS_EUISR),
|
|
|
|
in_be32(priv->reg_crcu + TALITOS_EUISR_LO));
|
2008-06-23 19:50:15 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < 8; i++)
|
|
|
|
dev_err(dev, "DESCBUF 0x%08x_%08x\n",
|
2011-11-21 16:13:27 +08:00
|
|
|
in_be32(priv->chan[ch].reg + TALITOS_DESCBUF + 8*i),
|
|
|
|
in_be32(priv->chan[ch].reg + TALITOS_DESCBUF_LO + 8*i));
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* recover from error interrupts
|
|
|
|
*/
|
2011-12-13 04:59:12 +08:00
|
|
|
static void talitos_error(struct device *dev, u32 isr, u32 isr_lo)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
unsigned int timeout = TALITOS_TIMEOUT;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
int ch, error, reset_dev = 0;
|
2015-05-12 01:04:56 +08:00
|
|
|
u32 v_lo;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
int reset_ch = is_sec1 ? 1 : 0; /* only SEC2 supports continuation */
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
for (ch = 0; ch < priv->num_channels; ch++) {
|
|
|
|
/* skip channels without errors */
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
/* bits 29, 31, 17, 19 */
|
|
|
|
if (!(isr & (1 << (29 + (ch & 1) * 2 - (ch & 2) * 6))))
|
|
|
|
continue;
|
|
|
|
} else {
|
|
|
|
if (!(isr & (1 << (ch * 2 + 1))))
|
|
|
|
continue;
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
error = -EINVAL;
|
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
v_lo = in_be32(priv->chan[ch].reg + TALITOS_CCPSR_LO);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_DOF) {
|
|
|
|
dev_err(dev, "double fetch fifo overflow error\n");
|
|
|
|
error = -EAGAIN;
|
|
|
|
reset_ch = 1;
|
|
|
|
}
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_SOF) {
|
|
|
|
/* h/w dropped descriptor */
|
|
|
|
dev_err(dev, "single fetch fifo overflow error\n");
|
|
|
|
error = -EAGAIN;
|
|
|
|
}
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_MDTE)
|
|
|
|
dev_err(dev, "master data transfer error\n");
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_SGDLZ)
|
2016-11-02 10:14:04 +08:00
|
|
|
dev_err(dev, is_sec1 ? "pointer not complete error\n"
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
: "s/g data length zero error\n");
|
2008-06-23 19:50:15 +08:00
|
|
|
if (v_lo & TALITOS_CCPSR_LO_FPZ)
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
dev_err(dev, is_sec1 ? "parity error\n"
|
|
|
|
: "fetch pointer zero error\n");
|
2008-06-23 19:50:15 +08:00
|
|
|
if (v_lo & TALITOS_CCPSR_LO_IDH)
|
|
|
|
dev_err(dev, "illegal descriptor header error\n");
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_IEU)
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
dev_err(dev, is_sec1 ? "static assignment error\n"
|
|
|
|
: "invalid exec unit error\n");
|
2008-06-23 19:50:15 +08:00
|
|
|
if (v_lo & TALITOS_CCPSR_LO_EU)
|
2011-10-21 21:20:28 +08:00
|
|
|
report_eu_error(dev, ch, current_desc_hdr(dev, ch));
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (!is_sec1) {
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_GB)
|
|
|
|
dev_err(dev, "gather boundary error\n");
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_GRL)
|
|
|
|
dev_err(dev, "gather return/length error\n");
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_SB)
|
|
|
|
dev_err(dev, "scatter boundary error\n");
|
|
|
|
if (v_lo & TALITOS_CCPSR_LO_SRL)
|
|
|
|
dev_err(dev, "scatter return/length error\n");
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
flush_channel(dev, ch, error, reset_ch);
|
|
|
|
|
|
|
|
if (reset_ch) {
|
|
|
|
reset_channel(dev, ch);
|
|
|
|
} else {
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR,
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
TALITOS2_CCCR_CONT);
|
2011-11-21 16:13:27 +08:00
|
|
|
setbits32(priv->chan[ch].reg + TALITOS_CCCR_LO, 0);
|
|
|
|
while ((in_be32(priv->chan[ch].reg + TALITOS_CCCR) &
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
TALITOS2_CCCR_CONT) && --timeout)
|
2008-06-23 19:50:15 +08:00
|
|
|
cpu_relax();
|
|
|
|
if (timeout == 0) {
|
|
|
|
dev_err(dev, "failed to restart channel %d\n",
|
|
|
|
ch);
|
|
|
|
reset_dev = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (reset_dev || (is_sec1 && isr & ~TALITOS1_ISR_4CHERR) ||
|
|
|
|
(!is_sec1 && isr & ~TALITOS2_ISR_4CHERR) || isr_lo) {
|
|
|
|
if (is_sec1 && (isr_lo & TALITOS1_ISR_TEA_ERR))
|
|
|
|
dev_err(dev, "TEA error: ISR 0x%08x_%08x\n",
|
|
|
|
isr, isr_lo);
|
|
|
|
else
|
|
|
|
dev_err(dev, "done overflow, internal time out, or "
|
|
|
|
"rngu error: ISR 0x%08x_%08x\n", isr, isr_lo);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* purge request queues */
|
|
|
|
for (ch = 0; ch < priv->num_channels; ch++)
|
|
|
|
flush_channel(dev, ch, -EIO, 1);
|
|
|
|
|
|
|
|
/* reset and reinitialize the device */
|
|
|
|
init_device(dev);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
#define DEF_TALITOS1_INTERRUPT(name, ch_done_mask, ch_err_mask, tlet) \
|
|
|
|
static irqreturn_t talitos1_interrupt_##name(int irq, void *data) \
|
|
|
|
{ \
|
|
|
|
struct device *dev = data; \
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev); \
|
|
|
|
u32 isr, isr_lo; \
|
|
|
|
unsigned long flags; \
|
|
|
|
\
|
|
|
|
spin_lock_irqsave(&priv->reg_lock, flags); \
|
|
|
|
isr = in_be32(priv->reg + TALITOS_ISR); \
|
|
|
|
isr_lo = in_be32(priv->reg + TALITOS_ISR_LO); \
|
|
|
|
/* Acknowledge interrupt */ \
|
|
|
|
out_be32(priv->reg + TALITOS_ICR, isr & (ch_done_mask | ch_err_mask)); \
|
|
|
|
out_be32(priv->reg + TALITOS_ICR_LO, isr_lo); \
|
|
|
|
\
|
|
|
|
if (unlikely(isr & ch_err_mask || isr_lo & TALITOS1_IMR_LO_INIT)) { \
|
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
|
|
|
talitos_error(dev, isr & ch_err_mask, isr_lo); \
|
|
|
|
} \
|
|
|
|
else { \
|
|
|
|
if (likely(isr & ch_done_mask)) { \
|
|
|
|
/* mask further done interrupts. */ \
|
|
|
|
setbits32(priv->reg + TALITOS_IMR, ch_done_mask); \
|
|
|
|
/* done_task will unmask done interrupts at exit */ \
|
|
|
|
tasklet_schedule(&priv->done_task[tlet]); \
|
|
|
|
} \
|
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
|
|
|
} \
|
|
|
|
\
|
|
|
|
return (isr & (ch_done_mask | ch_err_mask) || isr_lo) ? IRQ_HANDLED : \
|
|
|
|
IRQ_NONE; \
|
|
|
|
}
|
|
|
|
|
|
|
|
DEF_TALITOS1_INTERRUPT(4ch, TALITOS1_ISR_4CHDONE, TALITOS1_ISR_4CHERR, 0)
|
|
|
|
|
|
|
|
#define DEF_TALITOS2_INTERRUPT(name, ch_done_mask, ch_err_mask, tlet) \
|
|
|
|
static irqreturn_t talitos2_interrupt_##name(int irq, void *data) \
|
2011-11-21 16:13:27 +08:00
|
|
|
{ \
|
|
|
|
struct device *dev = data; \
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev); \
|
|
|
|
u32 isr, isr_lo; \
|
2012-03-30 22:49:53 +08:00
|
|
|
unsigned long flags; \
|
2011-11-21 16:13:27 +08:00
|
|
|
\
|
2012-03-30 22:49:53 +08:00
|
|
|
spin_lock_irqsave(&priv->reg_lock, flags); \
|
2011-11-21 16:13:27 +08:00
|
|
|
isr = in_be32(priv->reg + TALITOS_ISR); \
|
|
|
|
isr_lo = in_be32(priv->reg + TALITOS_ISR_LO); \
|
|
|
|
/* Acknowledge interrupt */ \
|
|
|
|
out_be32(priv->reg + TALITOS_ICR, isr & (ch_done_mask | ch_err_mask)); \
|
|
|
|
out_be32(priv->reg + TALITOS_ICR_LO, isr_lo); \
|
|
|
|
\
|
2012-03-30 22:49:53 +08:00
|
|
|
if (unlikely(isr & ch_err_mask || isr_lo)) { \
|
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
|
|
|
talitos_error(dev, isr & ch_err_mask, isr_lo); \
|
|
|
|
} \
|
|
|
|
else { \
|
2011-11-21 16:13:27 +08:00
|
|
|
if (likely(isr & ch_done_mask)) { \
|
|
|
|
/* mask further done interrupts. */ \
|
|
|
|
clrbits32(priv->reg + TALITOS_IMR, ch_done_mask); \
|
|
|
|
/* done_task will unmask done interrupts at exit */ \
|
|
|
|
tasklet_schedule(&priv->done_task[tlet]); \
|
|
|
|
} \
|
2012-03-30 22:49:53 +08:00
|
|
|
spin_unlock_irqrestore(&priv->reg_lock, flags); \
|
|
|
|
} \
|
2011-11-21 16:13:27 +08:00
|
|
|
\
|
|
|
|
return (isr & (ch_done_mask | ch_err_mask) || isr_lo) ? IRQ_HANDLED : \
|
|
|
|
IRQ_NONE; \
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
|
|
|
|
DEF_TALITOS2_INTERRUPT(4ch, TALITOS2_ISR_4CHDONE, TALITOS2_ISR_4CHERR, 0)
|
|
|
|
DEF_TALITOS2_INTERRUPT(ch0_2, TALITOS2_ISR_CH_0_2_DONE, TALITOS2_ISR_CH_0_2_ERR,
|
|
|
|
0)
|
|
|
|
DEF_TALITOS2_INTERRUPT(ch1_3, TALITOS2_ISR_CH_1_3_DONE, TALITOS2_ISR_CH_1_3_ERR,
|
|
|
|
1)
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* hwrng
|
|
|
|
*/
|
|
|
|
static int talitos_rng_data_present(struct hwrng *rng, int wait)
|
|
|
|
{
|
|
|
|
struct device *dev = (struct device *)rng->priv;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
u32 ofl;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < 20; i++) {
|
2015-04-17 22:32:11 +08:00
|
|
|
ofl = in_be32(priv->reg_rngu + TALITOS_EUSR_LO) &
|
2008-06-23 19:50:15 +08:00
|
|
|
TALITOS_RNGUSR_LO_OFL;
|
|
|
|
if (ofl || !wait)
|
|
|
|
break;
|
|
|
|
udelay(10);
|
|
|
|
}
|
|
|
|
|
|
|
|
return !!ofl;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int talitos_rng_data_read(struct hwrng *rng, u32 *data)
|
|
|
|
{
|
|
|
|
struct device *dev = (struct device *)rng->priv;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
|
|
|
|
/* rng fifo requires 64-bit accesses */
|
2015-04-17 22:32:11 +08:00
|
|
|
*data = in_be32(priv->reg_rngu + TALITOS_EU_FIFO);
|
|
|
|
*data = in_be32(priv->reg_rngu + TALITOS_EU_FIFO_LO);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
return sizeof(u32);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int talitos_rng_init(struct hwrng *rng)
|
|
|
|
{
|
|
|
|
struct device *dev = (struct device *)rng->priv;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
unsigned int timeout = TALITOS_TIMEOUT;
|
|
|
|
|
2015-04-17 22:32:11 +08:00
|
|
|
setbits32(priv->reg_rngu + TALITOS_EURCR_LO, TALITOS_RNGURCR_LO_SR);
|
|
|
|
while (!(in_be32(priv->reg_rngu + TALITOS_EUSR_LO)
|
|
|
|
& TALITOS_RNGUSR_LO_RD)
|
2008-06-23 19:50:15 +08:00
|
|
|
&& --timeout)
|
|
|
|
cpu_relax();
|
|
|
|
if (timeout == 0) {
|
|
|
|
dev_err(dev, "failed to reset rng hw\n");
|
|
|
|
return -ENODEV;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* start generating */
|
2015-04-17 22:32:11 +08:00
|
|
|
setbits32(priv->reg_rngu + TALITOS_EUDSR_LO, 0);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int talitos_register_rng(struct device *dev)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
2015-08-06 05:52:08 +08:00
|
|
|
int err;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2020-09-28 03:12:23 +08:00
|
|
|
priv->rng.name = dev_driver_string(dev);
|
|
|
|
priv->rng.init = talitos_rng_init;
|
|
|
|
priv->rng.data_present = talitos_rng_data_present;
|
|
|
|
priv->rng.data_read = talitos_rng_data_read;
|
2008-06-23 19:50:15 +08:00
|
|
|
priv->rng.priv = (unsigned long)dev;
|
|
|
|
|
2015-08-06 05:52:08 +08:00
|
|
|
err = hwrng_register(&priv->rng);
|
|
|
|
if (!err)
|
|
|
|
priv->rng_registered = true;
|
|
|
|
|
|
|
|
return err;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void talitos_unregister_rng(struct device *dev)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
|
2015-08-06 05:52:08 +08:00
|
|
|
if (!priv->rng_registered)
|
|
|
|
return;
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
hwrng_unregister(&priv->rng);
|
2015-08-06 05:52:08 +08:00
|
|
|
priv->rng_registered = false;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* crypto alg
|
|
|
|
*/
|
|
|
|
#define TALITOS_CRA_PRIORITY 3000
|
2016-06-06 19:20:46 +08:00
|
|
|
/*
|
|
|
|
* Defines a priority for doing AEAD with descriptors type
|
|
|
|
* HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
|
|
|
|
*/
|
|
|
|
#define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
|
2019-06-12 13:49:50 +08:00
|
|
|
#ifdef CONFIG_CRYPTO_DEV_TALITOS2
|
2017-05-02 21:38:35 +08:00
|
|
|
#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE)
|
2019-05-21 21:34:09 +08:00
|
|
|
#else
|
|
|
|
#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE)
|
|
|
|
#endif
|
2008-07-10 18:29:18 +08:00
|
|
|
#define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
|
2008-07-03 19:08:46 +08:00
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_ctx {
|
|
|
|
struct device *dev;
|
2011-07-15 11:21:38 +08:00
|
|
|
int ch;
|
2008-06-23 19:50:15 +08:00
|
|
|
__be32 desc_hdr_template;
|
|
|
|
u8 key[TALITOS_MAX_KEY_SIZE];
|
2008-07-03 19:08:46 +08:00
|
|
|
u8 iv[TALITOS_MAX_IV_LENGTH];
|
2017-10-06 21:05:02 +08:00
|
|
|
dma_addr_t dma_key;
|
2008-06-23 19:50:15 +08:00
|
|
|
unsigned int keylen;
|
|
|
|
unsigned int enckeylen;
|
|
|
|
unsigned int authkeylen;
|
|
|
|
};
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
#define HASH_MAX_BLOCK_SIZE SHA512_BLOCK_SIZE
|
|
|
|
#define TALITOS_MDEU_MAX_CONTEXT_SIZE TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512
|
|
|
|
|
|
|
|
struct talitos_ahash_req_ctx {
|
2010-05-19 17:21:53 +08:00
|
|
|
u32 hw_context[TALITOS_MDEU_MAX_CONTEXT_SIZE / sizeof(u32)];
|
2010-05-19 17:20:36 +08:00
|
|
|
unsigned int hw_context_size;
|
2017-10-06 21:05:08 +08:00
|
|
|
u8 buf[2][HASH_MAX_BLOCK_SIZE];
|
|
|
|
int buf_idx;
|
2010-05-19 17:21:53 +08:00
|
|
|
unsigned int swinit;
|
2010-05-19 17:20:36 +08:00
|
|
|
unsigned int first;
|
|
|
|
unsigned int last;
|
|
|
|
unsigned int to_hash_later;
|
2015-05-12 01:04:56 +08:00
|
|
|
unsigned int nbuf;
|
2010-05-19 17:20:36 +08:00
|
|
|
struct scatterlist bufsl[2];
|
|
|
|
struct scatterlist *psrc;
|
|
|
|
};
|
|
|
|
|
2016-04-22 00:24:55 +08:00
|
|
|
struct talitos_export_state {
|
|
|
|
u32 hw_context[TALITOS_MDEU_MAX_CONTEXT_SIZE / sizeof(u32)];
|
|
|
|
u8 buf[HASH_MAX_BLOCK_SIZE];
|
|
|
|
unsigned int swinit;
|
|
|
|
unsigned int first;
|
|
|
|
unsigned int last;
|
|
|
|
unsigned int to_hash_later;
|
|
|
|
unsigned int nbuf;
|
|
|
|
};
|
|
|
|
|
2009-03-29 15:50:50 +08:00
|
|
|
static int aead_setkey(struct crypto_aead *authenc,
|
|
|
|
const u8 *key, unsigned int keylen)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
|
2017-10-06 21:05:02 +08:00
|
|
|
struct device *dev = ctx->dev;
|
2013-10-15 19:49:34 +08:00
|
|
|
struct crypto_authenc_keys keys;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2013-10-15 19:49:34 +08:00
|
|
|
if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
|
2008-06-23 19:50:15 +08:00
|
|
|
goto badkey;
|
|
|
|
|
2013-10-15 19:49:34 +08:00
|
|
|
if (keys.authkeylen + keys.enckeylen > TALITOS_MAX_KEY_SIZE)
|
2008-06-23 19:50:15 +08:00
|
|
|
goto badkey;
|
|
|
|
|
2017-10-06 21:05:02 +08:00
|
|
|
if (ctx->keylen)
|
|
|
|
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
|
|
|
|
|
2013-10-15 19:49:34 +08:00
|
|
|
memcpy(ctx->key, keys.authkey, keys.authkeylen);
|
|
|
|
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2013-10-15 19:49:34 +08:00
|
|
|
ctx->keylen = keys.authkeylen + keys.enckeylen;
|
|
|
|
ctx->enckeylen = keys.enckeylen;
|
|
|
|
ctx->authkeylen = keys.authkeylen;
|
2017-10-06 21:05:02 +08:00
|
|
|
ctx->dma_key = dma_map_single(dev, ctx->key, ctx->keylen,
|
|
|
|
DMA_TO_DEVICE);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2018-03-23 18:42:24 +08:00
|
|
|
memzero_explicit(&keys, sizeof(keys));
|
2008-06-23 19:50:15 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
badkey:
|
2018-03-23 18:42:24 +08:00
|
|
|
memzero_explicit(&keys, sizeof(keys));
|
2008-06-23 19:50:15 +08:00
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2019-04-11 16:51:21 +08:00
|
|
|
static int aead_des3_setkey(struct crypto_aead *authenc,
|
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
{
|
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
|
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
struct crypto_authenc_keys keys;
|
|
|
|
int err;
|
|
|
|
|
|
|
|
err = crypto_authenc_extractkeys(&keys, key, keylen);
|
|
|
|
if (unlikely(err))
|
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-31 11:19:36 +08:00
|
|
|
goto out;
|
2019-04-11 16:51:21 +08:00
|
|
|
|
|
|
|
err = -EINVAL;
|
|
|
|
if (keys.authkeylen + keys.enckeylen > TALITOS_MAX_KEY_SIZE)
|
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-31 11:19:36 +08:00
|
|
|
goto out;
|
2019-04-11 16:51:21 +08:00
|
|
|
|
2019-08-15 17:01:05 +08:00
|
|
|
err = verify_aead_des3_key(authenc, keys.enckey, keys.enckeylen);
|
|
|
|
if (err)
|
2019-04-11 16:51:21 +08:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (ctx->keylen)
|
|
|
|
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
memcpy(ctx->key, keys.authkey, keys.authkeylen);
|
|
|
|
memcpy(&ctx->key[keys.authkeylen], keys.enckey, keys.enckeylen);
|
|
|
|
|
|
|
|
ctx->keylen = keys.authkeylen + keys.enckeylen;
|
|
|
|
ctx->enckeylen = keys.enckeylen;
|
|
|
|
ctx->authkeylen = keys.authkeylen;
|
|
|
|
ctx->dma_key = dma_map_single(dev, ctx->key, ctx->keylen,
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
out:
|
|
|
|
memzero_explicit(&keys, sizeof(keys));
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2009-03-29 15:52:32 +08:00
|
|
|
static void talitos_sg_unmap(struct device *dev,
|
|
|
|
struct talitos_edesc *edesc,
|
|
|
|
struct scatterlist *src,
|
2016-06-06 19:20:38 +08:00
|
|
|
struct scatterlist *dst,
|
|
|
|
unsigned int len, unsigned int offset)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
2016-06-06 19:20:38 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2009-03-29 15:52:32 +08:00
|
|
|
unsigned int src_nents = edesc->src_nents ? : 1;
|
|
|
|
unsigned int dst_nents = edesc->dst_nents ? : 1;
|
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
if (is_sec1 && dst && dst_nents > 1) {
|
|
|
|
dma_sync_single_for_device(dev, edesc->dma_link_tbl + offset,
|
|
|
|
len, DMA_FROM_DEVICE);
|
|
|
|
sg_pcopy_from_buffer(dst, dst_nents, edesc->buf + offset, len,
|
|
|
|
offset);
|
|
|
|
}
|
2009-03-29 15:52:32 +08:00
|
|
|
if (src != dst) {
|
2016-06-06 19:20:38 +08:00
|
|
|
if (src_nents == 1 || !is_sec1)
|
|
|
|
dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
if (dst && (dst_nents == 1 || !is_sec1))
|
2015-09-23 19:55:25 +08:00
|
|
|
dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE);
|
2016-06-06 19:20:38 +08:00
|
|
|
} else if (src_nents == 1 || !is_sec1) {
|
2015-09-23 19:55:25 +08:00
|
|
|
dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL);
|
2016-06-06 19:20:36 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
static void ipsec_esp_unmap(struct device *dev,
|
2009-03-29 15:50:50 +08:00
|
|
|
struct talitos_edesc *edesc,
|
2019-05-21 21:34:14 +08:00
|
|
|
struct aead_request *areq, bool encrypt)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
2016-06-06 19:20:40 +08:00
|
|
|
struct crypto_aead *aead = crypto_aead_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(aead);
|
|
|
|
unsigned int ivsize = crypto_aead_ivsize(aead);
|
2019-05-21 21:34:14 +08:00
|
|
|
unsigned int authsize = crypto_aead_authsize(aead);
|
|
|
|
unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
|
2017-10-06 21:04:59 +08:00
|
|
|
bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP;
|
|
|
|
struct talitos_ptr *civ_ptr = &edesc->desc.ptr[is_ipsec_esp ? 2 : 3];
|
2016-06-06 19:20:40 +08:00
|
|
|
|
2017-10-06 21:04:59 +08:00
|
|
|
if (is_ipsec_esp)
|
2016-06-06 19:20:40 +08:00
|
|
|
unmap_single_talitos_ptr(dev, &edesc->desc.ptr[6],
|
|
|
|
DMA_FROM_DEVICE);
|
2017-10-06 21:04:59 +08:00
|
|
|
unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
talitos_sg_unmap(dev, edesc, areq->src, areq->dst,
|
|
|
|
cryptlen + authsize, areq->assoclen);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
if (edesc->dma_len)
|
|
|
|
dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
|
|
|
|
DMA_BIDIRECTIONAL);
|
2016-06-06 19:20:40 +08:00
|
|
|
|
2017-10-06 21:04:59 +08:00
|
|
|
if (!is_ipsec_esp) {
|
2016-06-06 19:20:40 +08:00
|
|
|
unsigned int dst_nents = edesc->dst_nents ? : 1;
|
|
|
|
|
|
|
|
sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize,
|
2019-05-21 21:34:14 +08:00
|
|
|
areq->assoclen + cryptlen - ivsize);
|
2016-06-06 19:20:40 +08:00
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ipsec_esp descriptor callbacks
|
|
|
|
*/
|
|
|
|
static void ipsec_esp_encrypt_done(struct device *dev,
|
|
|
|
struct talitos_desc *desc, void *context,
|
|
|
|
int err)
|
|
|
|
{
|
|
|
|
struct aead_request *areq = context;
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
|
2017-10-06 21:05:02 +08:00
|
|
|
unsigned int ivsize = crypto_aead_ivsize(authenc);
|
2009-03-29 15:53:59 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-03-29 15:53:59 +08:00
|
|
|
edesc = container_of(desc, struct talitos_edesc, desc);
|
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
ipsec_esp_unmap(dev, edesc, areq, true);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2017-10-06 21:05:02 +08:00
|
|
|
dma_unmap_single(dev, edesc->iv_dma, ivsize, DMA_TO_DEVICE);
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
kfree(edesc);
|
|
|
|
|
|
|
|
aead_request_complete(areq, err);
|
|
|
|
}
|
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
static void ipsec_esp_decrypt_swauth_done(struct device *dev,
|
2009-03-29 15:53:23 +08:00
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int err)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct aead_request *req = context;
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2015-07-30 17:53:22 +08:00
|
|
|
unsigned int authsize = crypto_aead_authsize(authenc);
|
2009-03-29 15:53:59 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2015-07-30 17:53:22 +08:00
|
|
|
char *oicv, *icv;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-03-29 15:53:59 +08:00
|
|
|
edesc = container_of(desc, struct talitos_edesc, desc);
|
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
ipsec_esp_unmap(dev, edesc, req, false);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
if (!err) {
|
|
|
|
/* auth check */
|
2019-05-21 21:34:19 +08:00
|
|
|
oicv = edesc->buf + edesc->dma_len;
|
|
|
|
icv = oicv - authsize;
|
2015-07-30 17:53:22 +08:00
|
|
|
|
2015-11-16 00:14:42 +08:00
|
|
|
err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
kfree(edesc);
|
|
|
|
|
|
|
|
aead_request_complete(req, err);
|
|
|
|
}
|
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
static void ipsec_esp_decrypt_hwauth_done(struct device *dev,
|
2009-03-29 15:53:23 +08:00
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int err)
|
2008-10-12 20:33:14 +08:00
|
|
|
{
|
|
|
|
struct aead_request *req = context;
|
2009-03-29 15:53:59 +08:00
|
|
|
struct talitos_edesc *edesc;
|
|
|
|
|
|
|
|
edesc = container_of(desc, struct talitos_edesc, desc);
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
ipsec_esp_unmap(dev, edesc, req, false);
|
2008-10-12 20:33:14 +08:00
|
|
|
|
|
|
|
/* check ICV auth status */
|
2009-03-29 15:53:23 +08:00
|
|
|
if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) !=
|
|
|
|
DESC_HDR_LO_ICCR1_PASS))
|
|
|
|
err = -EBADMSG;
|
2008-10-12 20:33:14 +08:00
|
|
|
|
|
|
|
kfree(edesc);
|
|
|
|
|
|
|
|
aead_request_complete(req, err);
|
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/*
|
|
|
|
* convert scatterlist to SEC h/w link table format
|
|
|
|
* stop at cryptlen bytes
|
|
|
|
*/
|
2015-07-30 17:53:22 +08:00
|
|
|
static int sg_to_link_tbl_offset(struct scatterlist *sg, int sg_count,
|
2019-05-21 21:34:19 +08:00
|
|
|
unsigned int offset, int datalen, int elen,
|
2021-01-21 02:57:24 +08:00
|
|
|
struct talitos_ptr *link_tbl_ptr, int align)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
2019-05-21 21:34:19 +08:00
|
|
|
int n_sg = elen ? sg_count + 1 : sg_count;
|
2015-07-30 17:53:22 +08:00
|
|
|
int count = 0;
|
2019-05-21 21:34:19 +08:00
|
|
|
int cryptlen = datalen + elen;
|
2021-01-21 02:57:24 +08:00
|
|
|
int padding = ALIGN(cryptlen, align) - cryptlen;
|
2008-07-03 19:08:46 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
while (cryptlen && sg && n_sg--) {
|
|
|
|
unsigned int len = sg_dma_len(sg);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
if (offset >= len) {
|
|
|
|
offset -= len;
|
|
|
|
goto next;
|
|
|
|
}
|
|
|
|
|
|
|
|
len -= offset;
|
|
|
|
|
|
|
|
if (len > cryptlen)
|
|
|
|
len = cryptlen;
|
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
if (datalen > 0 && len > datalen) {
|
|
|
|
to_talitos_ptr(link_tbl_ptr + count,
|
|
|
|
sg_dma_address(sg) + offset, datalen, 0);
|
|
|
|
to_talitos_ptr_ext_set(link_tbl_ptr + count, 0, 0);
|
|
|
|
count++;
|
|
|
|
len -= datalen;
|
|
|
|
offset += datalen;
|
|
|
|
}
|
2015-07-30 17:53:22 +08:00
|
|
|
to_talitos_ptr(link_tbl_ptr + count,
|
2021-01-21 02:57:24 +08:00
|
|
|
sg_dma_address(sg) + offset, sg_next(sg) ? len : len + padding, 0);
|
2016-06-06 19:20:34 +08:00
|
|
|
to_talitos_ptr_ext_set(link_tbl_ptr + count, 0, 0);
|
2015-07-30 17:53:22 +08:00
|
|
|
count++;
|
|
|
|
cryptlen -= len;
|
2019-05-21 21:34:19 +08:00
|
|
|
datalen -= len;
|
2015-07-30 17:53:22 +08:00
|
|
|
offset = 0;
|
|
|
|
|
|
|
|
next:
|
|
|
|
sg = sg_next(sg);
|
2008-07-03 19:08:46 +08:00
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* tag end of link table */
|
2015-07-30 17:53:22 +08:00
|
|
|
if (count > 0)
|
2016-06-06 19:20:34 +08:00
|
|
|
to_talitos_ptr_ext_set(link_tbl_ptr + count - 1,
|
2019-05-21 21:34:19 +08:00
|
|
|
DESC_PTR_LNKTBL_RET, 0);
|
2008-07-03 19:08:46 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2018-03-22 17:57:01 +08:00
|
|
|
static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src,
|
|
|
|
unsigned int len, struct talitos_edesc *edesc,
|
|
|
|
struct talitos_ptr *ptr, int sg_count,
|
2019-05-21 21:34:19 +08:00
|
|
|
unsigned int offset, int tbl_off, int elen,
|
2021-01-21 02:57:24 +08:00
|
|
|
bool force, int align)
|
2016-06-06 19:20:36 +08:00
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2021-01-21 02:57:24 +08:00
|
|
|
int aligned_len = ALIGN(len, align);
|
2016-06-06 19:20:36 +08:00
|
|
|
|
2018-01-27 00:09:59 +08:00
|
|
|
if (!src) {
|
|
|
|
to_talitos_ptr(ptr, 0, 0, is_sec1);
|
|
|
|
return 1;
|
|
|
|
}
|
2018-03-22 17:57:01 +08:00
|
|
|
to_talitos_ptr_ext_set(ptr, elen, is_sec1);
|
2019-05-21 21:34:19 +08:00
|
|
|
if (sg_count == 1 && !force) {
|
2021-01-21 02:57:24 +08:00
|
|
|
to_talitos_ptr(ptr, sg_dma_address(src) + offset, aligned_len, is_sec1);
|
2016-06-06 19:20:38 +08:00
|
|
|
return sg_count;
|
2016-06-06 19:20:36 +08:00
|
|
|
}
|
|
|
|
if (is_sec1) {
|
2021-01-21 02:57:24 +08:00
|
|
|
to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, aligned_len, is_sec1);
|
2016-06-06 19:20:38 +08:00
|
|
|
return sg_count;
|
2016-06-06 19:20:36 +08:00
|
|
|
}
|
2019-05-21 21:34:19 +08:00
|
|
|
sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len, elen,
|
2021-01-21 02:57:24 +08:00
|
|
|
&edesc->link_tbl[tbl_off], align);
|
2019-05-21 21:34:19 +08:00
|
|
|
if (sg_count == 1 && !force) {
|
2016-06-06 19:20:38 +08:00
|
|
|
/* Only one segment now, so no link tbl needed*/
|
|
|
|
copy_talitos_ptr(ptr, &edesc->link_tbl[tbl_off], is_sec1);
|
|
|
|
return sg_count;
|
|
|
|
}
|
|
|
|
to_talitos_ptr(ptr, edesc->dma_link_tbl +
|
2021-01-21 02:57:24 +08:00
|
|
|
tbl_off * sizeof(struct talitos_ptr), aligned_len, is_sec1);
|
2016-06-06 19:20:38 +08:00
|
|
|
to_talitos_ptr_ext_or(ptr, DESC_PTR_LNKTBL_JUMP, is_sec1);
|
|
|
|
|
|
|
|
return sg_count;
|
2016-06-06 19:20:36 +08:00
|
|
|
}
|
|
|
|
|
2018-03-22 17:57:01 +08:00
|
|
|
static int talitos_sg_map(struct device *dev, struct scatterlist *src,
|
|
|
|
unsigned int len, struct talitos_edesc *edesc,
|
|
|
|
struct talitos_ptr *ptr, int sg_count,
|
|
|
|
unsigned int offset, int tbl_off)
|
|
|
|
{
|
|
|
|
return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset,
|
2021-01-21 02:57:24 +08:00
|
|
|
tbl_off, 0, false, 1);
|
2018-03-22 17:57:01 +08:00
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/*
|
|
|
|
* fill in and submit ipsec_esp descriptor
|
|
|
|
*/
|
2009-03-29 15:50:50 +08:00
|
|
|
static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
|
2019-05-21 21:34:14 +08:00
|
|
|
bool encrypt,
|
2015-07-30 17:53:22 +08:00
|
|
|
void (*callback)(struct device *dev,
|
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int error))
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct crypto_aead *aead = crypto_aead_reqtfm(areq);
|
2015-07-30 17:53:22 +08:00
|
|
|
unsigned int authsize = crypto_aead_authsize(aead);
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(aead);
|
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
struct talitos_desc *desc = &edesc->desc;
|
2019-05-21 21:34:14 +08:00
|
|
|
unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
|
2009-08-13 09:49:06 +08:00
|
|
|
unsigned int ivsize = crypto_aead_ivsize(aead);
|
2015-07-30 17:53:22 +08:00
|
|
|
int tbl_off = 0;
|
2008-07-17 20:20:06 +08:00
|
|
|
int sg_count, ret;
|
2018-03-22 17:57:01 +08:00
|
|
|
int elen = 0;
|
2016-06-06 19:20:40 +08:00
|
|
|
bool sync_needed = false;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2017-10-06 21:04:59 +08:00
|
|
|
bool is_ipsec_esp = desc->hdr & DESC_HDR_TYPE_IPSEC_ESP;
|
|
|
|
struct talitos_ptr *civ_ptr = &desc->ptr[is_ipsec_esp ? 2 : 3];
|
|
|
|
struct talitos_ptr *ckey_ptr = &desc->ptr[is_ipsec_esp ? 3 : 2];
|
2019-05-21 21:34:19 +08:00
|
|
|
dma_addr_t dma_icv = edesc->dma_link_tbl + edesc->dma_len - authsize;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* hmac key */
|
2017-10-06 21:05:02 +08:00
|
|
|
to_talitos_ptr(&desc->ptr[0], ctx->dma_key, ctx->authkeylen, is_sec1);
|
2012-08-02 22:16:40 +08:00
|
|
|
|
2016-06-06 19:20:40 +08:00
|
|
|
sg_count = edesc->src_nents ?: 1;
|
|
|
|
if (is_sec1 && sg_count > 1)
|
|
|
|
sg_copy_to_buffer(areq->src, sg_count, edesc->buf,
|
|
|
|
areq->assoclen + cryptlen);
|
|
|
|
else
|
|
|
|
sg_count = dma_map_sg(dev, areq->src, sg_count,
|
|
|
|
(areq->src == areq->dst) ?
|
|
|
|
DMA_BIDIRECTIONAL : DMA_TO_DEVICE);
|
2012-08-02 22:16:40 +08:00
|
|
|
|
2016-06-06 19:20:40 +08:00
|
|
|
/* hmac data */
|
|
|
|
ret = talitos_sg_map(dev, areq->src, areq->assoclen, edesc,
|
|
|
|
&desc->ptr[1], sg_count, 0, tbl_off);
|
2016-04-20 01:33:48 +08:00
|
|
|
|
2016-06-06 19:20:40 +08:00
|
|
|
if (ret > 1) {
|
2016-04-20 01:33:48 +08:00
|
|
|
tbl_off += ret;
|
2016-06-06 19:20:40 +08:00
|
|
|
sync_needed = true;
|
2012-08-02 22:16:40 +08:00
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/* cipher iv */
|
2017-10-06 21:04:59 +08:00
|
|
|
to_talitos_ptr(civ_ptr, edesc->iv_dma, ivsize, is_sec1);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* cipher key */
|
2017-10-06 21:05:02 +08:00
|
|
|
to_talitos_ptr(ckey_ptr, ctx->dma_key + ctx->authkeylen,
|
|
|
|
ctx->enckeylen, is_sec1);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* cipher in
|
|
|
|
* map and adjust cipher len to aead request cryptlen.
|
|
|
|
* extent is bytes of HMAC postpended to ciphertext,
|
|
|
|
* typically 12 for ipsec
|
|
|
|
*/
|
2018-03-22 17:57:01 +08:00
|
|
|
if (is_ipsec_esp && (desc->hdr & DESC_HDR_MODE1_MDEU_CICV))
|
|
|
|
elen = authsize;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2018-03-22 17:57:01 +08:00
|
|
|
ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
|
2019-05-21 21:34:19 +08:00
|
|
|
sg_count, areq->assoclen, tbl_off, elen,
|
2021-01-21 02:57:24 +08:00
|
|
|
false, 1);
|
2016-06-06 19:20:40 +08:00
|
|
|
|
2017-10-06 21:04:33 +08:00
|
|
|
if (ret > 1) {
|
|
|
|
tbl_off += ret;
|
2016-06-06 19:20:40 +08:00
|
|
|
sync_needed = true;
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2016-06-06 19:20:40 +08:00
|
|
|
/* cipher out */
|
|
|
|
if (areq->src != areq->dst) {
|
|
|
|
sg_count = edesc->dst_nents ? : 1;
|
|
|
|
if (!is_sec1 || sg_count == 1)
|
|
|
|
dma_map_sg(dev, areq->dst, sg_count, DMA_FROM_DEVICE);
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
if (is_ipsec_esp && encrypt)
|
|
|
|
elen = authsize;
|
|
|
|
else
|
|
|
|
elen = 0;
|
|
|
|
ret = talitos_sg_map_ext(dev, areq->dst, cryptlen, edesc, &desc->ptr[5],
|
|
|
|
sg_count, areq->assoclen, tbl_off, elen,
|
2021-01-21 02:57:24 +08:00
|
|
|
is_ipsec_esp && !encrypt, 1);
|
2019-05-21 21:34:19 +08:00
|
|
|
tbl_off += ret;
|
2016-06-06 19:20:40 +08:00
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
if (!encrypt && is_ipsec_esp) {
|
|
|
|
struct talitos_ptr *tbl_ptr = &edesc->link_tbl[tbl_off];
|
2017-10-06 21:04:35 +08:00
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
/* Add an entry to the link table for ICV data */
|
|
|
|
to_talitos_ptr_ext_set(tbl_ptr - 1, 0, is_sec1);
|
|
|
|
to_talitos_ptr_ext_set(tbl_ptr, DESC_PTR_LNKTBL_RET, is_sec1);
|
2017-10-06 21:04:35 +08:00
|
|
|
|
2019-05-21 21:34:19 +08:00
|
|
|
/* icv data follows link tables */
|
|
|
|
to_talitos_ptr(tbl_ptr, dma_icv, authsize, is_sec1);
|
|
|
|
to_talitos_ptr_ext_or(&desc->ptr[5], authsize, is_sec1);
|
|
|
|
sync_needed = true;
|
|
|
|
} else if (!encrypt) {
|
|
|
|
to_talitos_ptr(&desc->ptr[6], dma_icv, authsize, is_sec1);
|
|
|
|
sync_needed = true;
|
2017-10-06 21:04:59 +08:00
|
|
|
} else if (!is_ipsec_esp) {
|
2019-05-21 21:34:19 +08:00
|
|
|
talitos_sg_map(dev, areq->dst, authsize, edesc, &desc->ptr[6],
|
|
|
|
sg_count, areq->assoclen + cryptlen, tbl_off);
|
2016-06-06 19:20:40 +08:00
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/* iv out */
|
2017-10-06 21:04:59 +08:00
|
|
|
if (is_ipsec_esp)
|
2016-06-06 19:20:40 +08:00
|
|
|
map_single_talitos_ptr(dev, &desc->ptr[6], ivsize, ctx->iv,
|
|
|
|
DMA_FROM_DEVICE);
|
|
|
|
|
|
|
|
if (sync_needed)
|
|
|
|
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
|
|
|
|
edesc->dma_len,
|
|
|
|
DMA_BIDIRECTIONAL);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2011-07-15 11:21:38 +08:00
|
|
|
ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
|
2008-07-17 20:20:06 +08:00
|
|
|
if (ret != -EINPROGRESS) {
|
2019-05-21 21:34:14 +08:00
|
|
|
ipsec_esp_unmap(dev, edesc, areq, encrypt);
|
2008-07-17 20:20:06 +08:00
|
|
|
kfree(edesc);
|
|
|
|
}
|
|
|
|
return ret;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2009-03-29 15:50:50 +08:00
|
|
|
* allocate and map the extended descriptor
|
2008-06-23 19:50:15 +08:00
|
|
|
*/
|
2009-03-29 15:52:32 +08:00
|
|
|
static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
|
|
|
|
struct scatterlist *src,
|
|
|
|
struct scatterlist *dst,
|
2012-08-02 22:16:40 +08:00
|
|
|
u8 *iv,
|
|
|
|
unsigned int assoclen,
|
2009-03-29 15:52:32 +08:00
|
|
|
unsigned int cryptlen,
|
|
|
|
unsigned int authsize,
|
2012-08-02 22:16:40 +08:00
|
|
|
unsigned int ivsize,
|
2009-03-29 15:52:32 +08:00
|
|
|
int icv_stashing,
|
2013-11-28 21:11:17 +08:00
|
|
|
u32 cryptoflags,
|
|
|
|
bool encrypt)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
2009-03-29 15:50:50 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2016-06-06 19:20:38 +08:00
|
|
|
int src_nents, dst_nents, alloc_len, dma_len, src_len, dst_len;
|
2012-08-02 22:16:40 +08:00
|
|
|
dma_addr_t iv_dma = 0;
|
2009-03-29 15:52:32 +08:00
|
|
|
gfp_t flags = cryptoflags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
|
2008-07-17 20:19:18 +08:00
|
|
|
GFP_ATOMIC;
|
2015-04-17 22:32:15 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2015-04-17 22:32:15 +08:00
|
|
|
if (cryptlen + authsize > max_len) {
|
2009-03-29 15:52:32 +08:00
|
|
|
dev_err(dev, "length exceeds h/w max limit\n");
|
2008-06-23 19:50:15 +08:00
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
}
|
|
|
|
|
2013-11-28 21:11:17 +08:00
|
|
|
if (!dst || dst == src) {
|
2016-06-06 19:20:38 +08:00
|
|
|
src_len = assoclen + cryptlen + authsize;
|
|
|
|
src_nents = sg_nents_for_len(src, src_len);
|
2015-11-05 04:13:34 +08:00
|
|
|
if (src_nents < 0) {
|
|
|
|
dev_err(dev, "Invalid number of src SG.\n");
|
2019-01-08 14:56:46 +08:00
|
|
|
return ERR_PTR(-EINVAL);
|
2015-11-05 04:13:34 +08:00
|
|
|
}
|
2013-11-28 21:11:17 +08:00
|
|
|
src_nents = (src_nents == 1) ? 0 : src_nents;
|
|
|
|
dst_nents = dst ? src_nents : 0;
|
2016-06-06 19:20:38 +08:00
|
|
|
dst_len = 0;
|
2013-11-28 21:11:17 +08:00
|
|
|
} else { /* dst && dst != src*/
|
2016-06-06 19:20:38 +08:00
|
|
|
src_len = assoclen + cryptlen + (encrypt ? 0 : authsize);
|
|
|
|
src_nents = sg_nents_for_len(src, src_len);
|
2015-11-05 04:13:34 +08:00
|
|
|
if (src_nents < 0) {
|
|
|
|
dev_err(dev, "Invalid number of src SG.\n");
|
2019-01-08 14:56:46 +08:00
|
|
|
return ERR_PTR(-EINVAL);
|
2015-11-05 04:13:34 +08:00
|
|
|
}
|
2013-11-28 21:11:17 +08:00
|
|
|
src_nents = (src_nents == 1) ? 0 : src_nents;
|
2016-06-06 19:20:38 +08:00
|
|
|
dst_len = assoclen + cryptlen + (encrypt ? authsize : 0);
|
|
|
|
dst_nents = sg_nents_for_len(dst, dst_len);
|
2015-11-05 04:13:34 +08:00
|
|
|
if (dst_nents < 0) {
|
|
|
|
dev_err(dev, "Invalid number of dst SG.\n");
|
2019-01-08 14:56:46 +08:00
|
|
|
return ERR_PTR(-EINVAL);
|
2015-11-05 04:13:34 +08:00
|
|
|
}
|
2013-11-28 21:11:17 +08:00
|
|
|
dst_nents = (dst_nents == 1) ? 0 : dst_nents;
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* allocate space for base edesc plus the link tables,
|
2015-07-30 17:53:22 +08:00
|
|
|
* allowing for two separate entries for AD and generated ICV (+ 2),
|
|
|
|
* and space for two sets of ICVs (stashed and generated)
|
2008-06-23 19:50:15 +08:00
|
|
|
*/
|
2009-03-29 15:50:50 +08:00
|
|
|
alloc_len = sizeof(struct talitos_edesc);
|
2019-05-21 21:34:19 +08:00
|
|
|
if (src_nents || dst_nents || !encrypt) {
|
2015-04-17 22:32:15 +08:00
|
|
|
if (is_sec1)
|
2016-06-06 19:20:38 +08:00
|
|
|
dma_len = (src_nents ? src_len : 0) +
|
2019-05-21 21:34:19 +08:00
|
|
|
(dst_nents ? dst_len : 0) + authsize;
|
2015-04-17 22:32:15 +08:00
|
|
|
else
|
2015-07-30 17:53:22 +08:00
|
|
|
dma_len = (src_nents + dst_nents + 2) *
|
2019-05-21 21:34:19 +08:00
|
|
|
sizeof(struct talitos_ptr) + authsize;
|
2008-06-23 19:50:15 +08:00
|
|
|
alloc_len += dma_len;
|
|
|
|
} else {
|
|
|
|
dma_len = 0;
|
|
|
|
}
|
2019-05-21 21:34:19 +08:00
|
|
|
alloc_len += icv_stashing ? authsize : 0;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2017-10-06 21:05:06 +08:00
|
|
|
/* if its a ahash, add space for a second desc next to the first one */
|
|
|
|
if (is_sec1 && !dst)
|
|
|
|
alloc_len += sizeof(struct talitos_desc);
|
2019-01-08 14:56:48 +08:00
|
|
|
alloc_len += ivsize;
|
2017-10-06 21:05:06 +08:00
|
|
|
|
2008-07-17 20:19:18 +08:00
|
|
|
edesc = kmalloc(alloc_len, GFP_DMA | flags);
|
2019-01-08 14:56:46 +08:00
|
|
|
if (!edesc)
|
|
|
|
return ERR_PTR(-ENOMEM);
|
2019-01-08 14:56:48 +08:00
|
|
|
if (ivsize) {
|
|
|
|
iv = memcpy(((u8 *)edesc) + alloc_len - ivsize, iv, ivsize);
|
2019-01-08 14:56:46 +08:00
|
|
|
iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE);
|
2019-01-08 14:56:48 +08:00
|
|
|
}
|
2017-10-06 21:04:45 +08:00
|
|
|
memset(&edesc->desc, 0, sizeof(edesc->desc));
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
edesc->src_nents = src_nents;
|
|
|
|
edesc->dst_nents = dst_nents;
|
2012-08-02 22:16:40 +08:00
|
|
|
edesc->iv_dma = iv_dma;
|
2008-06-23 19:50:15 +08:00
|
|
|
edesc->dma_len = dma_len;
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
if (dma_len)
|
|
|
|
edesc->dma_link_tbl = dma_map_single(dev, &edesc->link_tbl[0],
|
2010-05-19 17:20:36 +08:00
|
|
|
edesc->dma_len,
|
|
|
|
DMA_BIDIRECTIONAL);
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
return edesc;
|
|
|
|
}
|
|
|
|
|
2012-08-02 22:16:40 +08:00
|
|
|
static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv,
|
2013-11-28 21:11:17 +08:00
|
|
|
int icv_stashing, bool encrypt)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
|
2015-07-30 17:53:22 +08:00
|
|
|
unsigned int authsize = crypto_aead_authsize(authenc);
|
2009-03-29 15:52:32 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
|
2012-08-02 22:16:40 +08:00
|
|
|
unsigned int ivsize = crypto_aead_ivsize(authenc);
|
2019-05-21 21:34:14 +08:00
|
|
|
unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
|
2019-05-21 21:34:14 +08:00
|
|
|
iv, areq->assoclen, cryptlen,
|
2015-07-30 17:53:22 +08:00
|
|
|
authsize, ivsize, icv_stashing,
|
2013-11-28 21:11:17 +08:00
|
|
|
areq->base.flags, encrypt);
|
2009-03-29 15:52:32 +08:00
|
|
|
}
|
|
|
|
|
2009-03-29 15:50:50 +08:00
|
|
|
static int aead_encrypt(struct aead_request *req)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
|
2009-03-29 15:50:50 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* allocate extended descriptor */
|
2013-11-28 21:11:17 +08:00
|
|
|
edesc = aead_edesc_alloc(req, req->iv, 0, true);
|
2008-06-23 19:50:15 +08:00
|
|
|
if (IS_ERR(edesc))
|
|
|
|
return PTR_ERR(edesc);
|
|
|
|
|
|
|
|
/* set encrypt */
|
2008-07-03 19:08:46 +08:00
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
return ipsec_esp(edesc, req, true, ipsec_esp_encrypt_done);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
2009-03-29 15:50:50 +08:00
|
|
|
static int aead_decrypt(struct aead_request *req)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
|
2015-07-30 17:53:22 +08:00
|
|
|
unsigned int authsize = crypto_aead_authsize(authenc);
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
|
2008-10-12 20:33:14 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(ctx->dev);
|
2009-03-29 15:50:50 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2008-06-23 19:50:15 +08:00
|
|
|
void *icvdata;
|
|
|
|
|
|
|
|
/* allocate extended descriptor */
|
2013-11-28 21:11:17 +08:00
|
|
|
edesc = aead_edesc_alloc(req, req->iv, 1, false);
|
2008-06-23 19:50:15 +08:00
|
|
|
if (IS_ERR(edesc))
|
|
|
|
return PTR_ERR(edesc);
|
|
|
|
|
2019-05-21 21:34:15 +08:00
|
|
|
if ((edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP) &&
|
|
|
|
(priv->features & TALITOS_FTR_HW_AUTH_CHECK) &&
|
2009-03-29 15:53:23 +08:00
|
|
|
((!edesc->src_nents && !edesc->dst_nents) ||
|
|
|
|
priv->features & TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT)) {
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
/* decrypt and check the ICV */
|
2009-03-29 15:53:23 +08:00
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template |
|
|
|
|
DESC_HDR_DIR_INBOUND |
|
2008-10-12 20:33:14 +08:00
|
|
|
DESC_HDR_MODE1_MDEU_CICV;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
/* reset integrity check result bits */
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
return ipsec_esp(edesc, req, false,
|
|
|
|
ipsec_esp_decrypt_hwauth_done);
|
2009-03-29 15:53:23 +08:00
|
|
|
}
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2009-03-29 15:53:23 +08:00
|
|
|
/* Have to check the ICV with software */
|
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_DIR_INBOUND;
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2009-03-29 15:53:23 +08:00
|
|
|
/* stash incoming ICV for later cmp with ICV generated by the h/w */
|
2019-05-21 21:34:19 +08:00
|
|
|
icvdata = edesc->buf + edesc->dma_len;
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2019-05-21 21:34:17 +08:00
|
|
|
sg_pcopy_to_buffer(req->src, edesc->src_nents ? : 1, icvdata, authsize,
|
|
|
|
req->assoclen + req->cryptlen - authsize);
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2019-05-21 21:34:14 +08:00
|
|
|
return ipsec_esp(edesc, req, false, ipsec_esp_decrypt_swauth_done);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_setkey(struct crypto_skcipher *cipher,
|
2009-03-29 15:52:32 +08:00
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
2017-10-06 21:05:02 +08:00
|
|
|
struct device *dev = ctx->dev;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
2019-04-11 16:51:21 +08:00
|
|
|
if (ctx->keylen)
|
|
|
|
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
memcpy(&ctx->key, key, keylen);
|
|
|
|
ctx->keylen = keylen;
|
|
|
|
|
|
|
|
ctx->dma_key = dma_map_single(dev, ctx->key, keylen, DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_des_setkey(struct crypto_skcipher *cipher,
|
2019-04-11 16:51:21 +08:00
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
return verify_skcipher_des_key(cipher, key) ?:
|
|
|
|
skcipher_setkey(cipher, key, keylen);
|
2019-04-11 16:51:21 +08:00
|
|
|
}
|
2017-10-06 21:05:02 +08:00
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_des3_setkey(struct crypto_skcipher *cipher,
|
2019-04-11 16:51:21 +08:00
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
return verify_skcipher_des3_key(cipher, key) ?:
|
|
|
|
skcipher_setkey(cipher, key, keylen);
|
2009-03-29 15:52:32 +08:00
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_aes_setkey(struct crypto_skcipher *cipher,
|
2019-05-21 21:34:10 +08:00
|
|
|
const u8 *key, unsigned int keylen)
|
|
|
|
{
|
|
|
|
if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
|
|
|
|
keylen == AES_KEYSIZE_256)
|
2019-11-10 01:09:49 +08:00
|
|
|
return skcipher_setkey(cipher, key, keylen);
|
2019-05-21 21:34:10 +08:00
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
2009-03-29 15:52:32 +08:00
|
|
|
static void common_nonsnoop_unmap(struct device *dev,
|
|
|
|
struct talitos_edesc *edesc,
|
2019-11-10 01:09:49 +08:00
|
|
|
struct skcipher_request *areq)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
|
|
|
unmap_single_talitos_ptr(dev, &edesc->desc.ptr[5], DMA_FROM_DEVICE);
|
2015-04-17 22:31:51 +08:00
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen, 0);
|
2009-03-29 15:52:32 +08:00
|
|
|
unmap_single_talitos_ptr(dev, &edesc->desc.ptr[1], DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
if (edesc->dma_len)
|
|
|
|
dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
|
|
|
|
DMA_BIDIRECTIONAL);
|
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static void skcipher_done(struct device *dev,
|
2009-03-29 15:52:32 +08:00
|
|
|
struct talitos_desc *desc, void *context,
|
|
|
|
int err)
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct skcipher_request *areq = context;
|
|
|
|
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
|
|
|
unsigned int ivsize = crypto_skcipher_ivsize(cipher);
|
2009-03-29 15:53:59 +08:00
|
|
|
struct talitos_edesc *edesc;
|
|
|
|
|
|
|
|
edesc = container_of(desc, struct talitos_edesc, desc);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
common_nonsnoop_unmap(dev, edesc, areq);
|
2019-11-10 01:09:49 +08:00
|
|
|
memcpy(areq->iv, ctx->iv, ivsize);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
kfree(edesc);
|
|
|
|
|
|
|
|
areq->base.complete(&areq->base, err);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int common_nonsnoop(struct talitos_edesc *edesc,
|
2019-11-10 01:09:49 +08:00
|
|
|
struct skcipher_request *areq,
|
2009-03-29 15:52:32 +08:00
|
|
|
void (*callback) (struct device *dev,
|
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int error))
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
2009-03-29 15:52:32 +08:00
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
struct talitos_desc *desc = &edesc->desc;
|
2019-11-10 01:09:49 +08:00
|
|
|
unsigned int cryptlen = areq->cryptlen;
|
|
|
|
unsigned int ivsize = crypto_skcipher_ivsize(cipher);
|
2009-03-29 15:52:32 +08:00
|
|
|
int sg_count, ret;
|
2016-06-06 19:20:38 +08:00
|
|
|
bool sync_needed = false;
|
2015-04-17 22:32:07 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2021-01-21 02:57:24 +08:00
|
|
|
bool is_ctr = (desc->hdr & DESC_HDR_SEL0_MASK) == DESC_HDR_SEL0_AESU &&
|
|
|
|
(desc->hdr & DESC_HDR_MODE0_AESU_MASK) == DESC_HDR_MODE0_AESU_CTR;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* first DWORD empty */
|
|
|
|
|
|
|
|
/* cipher iv */
|
2017-10-06 21:04:57 +08:00
|
|
|
to_talitos_ptr(&desc->ptr[1], edesc->iv_dma, ivsize, is_sec1);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* cipher key */
|
2017-10-06 21:05:02 +08:00
|
|
|
to_talitos_ptr(&desc->ptr[2], ctx->dma_key, ctx->keylen, is_sec1);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
sg_count = edesc->src_nents ?: 1;
|
|
|
|
if (is_sec1 && sg_count > 1)
|
|
|
|
sg_copy_to_buffer(areq->src, sg_count, edesc->buf,
|
|
|
|
cryptlen);
|
|
|
|
else
|
|
|
|
sg_count = dma_map_sg(dev, areq->src, sg_count,
|
|
|
|
(areq->src == areq->dst) ?
|
|
|
|
DMA_BIDIRECTIONAL : DMA_TO_DEVICE);
|
2009-03-29 15:52:32 +08:00
|
|
|
/*
|
|
|
|
* cipher in
|
|
|
|
*/
|
2021-01-21 02:57:24 +08:00
|
|
|
sg_count = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[3],
|
|
|
|
sg_count, 0, 0, 0, false, is_ctr ? 16 : 1);
|
2016-06-06 19:20:38 +08:00
|
|
|
if (sg_count > 1)
|
|
|
|
sync_needed = true;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* cipher out */
|
2016-06-06 19:20:38 +08:00
|
|
|
if (areq->src != areq->dst) {
|
|
|
|
sg_count = edesc->dst_nents ? : 1;
|
|
|
|
if (!is_sec1 || sg_count == 1)
|
|
|
|
dma_map_sg(dev, areq->dst, sg_count, DMA_FROM_DEVICE);
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = talitos_sg_map(dev, areq->dst, cryptlen, edesc, &desc->ptr[4],
|
|
|
|
sg_count, 0, (edesc->src_nents + 1));
|
|
|
|
if (ret > 1)
|
|
|
|
sync_needed = true;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* iv out */
|
2015-04-17 22:31:57 +08:00
|
|
|
map_single_talitos_ptr(dev, &desc->ptr[5], ivsize, ctx->iv,
|
2009-03-29 15:52:32 +08:00
|
|
|
DMA_FROM_DEVICE);
|
|
|
|
|
|
|
|
/* last DWORD empty */
|
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
if (sync_needed)
|
|
|
|
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
|
|
|
|
edesc->dma_len, DMA_BIDIRECTIONAL);
|
|
|
|
|
2011-07-15 11:21:38 +08:00
|
|
|
ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
|
2009-03-29 15:52:32 +08:00
|
|
|
if (ret != -EINPROGRESS) {
|
|
|
|
common_nonsnoop_unmap(dev, edesc, areq);
|
|
|
|
kfree(edesc);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static struct talitos_edesc *skcipher_edesc_alloc(struct skcipher_request *
|
2013-11-28 21:11:17 +08:00
|
|
|
areq, bool encrypt)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
|
|
|
unsigned int ivsize = crypto_skcipher_ivsize(cipher);
|
2009-03-29 15:52:32 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
|
2019-11-10 01:09:49 +08:00
|
|
|
areq->iv, 0, areq->cryptlen, 0, ivsize, 0,
|
2013-11-28 21:11:17 +08:00
|
|
|
areq->base.flags, encrypt);
|
2009-03-29 15:52:32 +08:00
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_encrypt(struct skcipher_request *areq)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
2009-03-29 15:52:32 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2019-05-21 21:34:12 +08:00
|
|
|
unsigned int blocksize =
|
2019-11-10 01:09:49 +08:00
|
|
|
crypto_tfm_alg_blocksize(crypto_skcipher_tfm(cipher));
|
2019-05-21 21:34:12 +08:00
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
if (!areq->cryptlen)
|
2019-05-21 21:34:12 +08:00
|
|
|
return 0;
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
if (areq->cryptlen % blocksize)
|
2019-05-21 21:34:12 +08:00
|
|
|
return -EINVAL;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* allocate extended descriptor */
|
2019-11-10 01:09:49 +08:00
|
|
|
edesc = skcipher_edesc_alloc(areq, true);
|
2009-03-29 15:52:32 +08:00
|
|
|
if (IS_ERR(edesc))
|
|
|
|
return PTR_ERR(edesc);
|
|
|
|
|
|
|
|
/* set encrypt */
|
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
return common_nonsnoop(edesc, areq, skcipher_done);
|
2009-03-29 15:52:32 +08:00
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int skcipher_decrypt(struct skcipher_request *areq)
|
2009-03-29 15:52:32 +08:00
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(cipher);
|
2009-03-29 15:52:32 +08:00
|
|
|
struct talitos_edesc *edesc;
|
2019-05-21 21:34:12 +08:00
|
|
|
unsigned int blocksize =
|
2019-11-10 01:09:49 +08:00
|
|
|
crypto_tfm_alg_blocksize(crypto_skcipher_tfm(cipher));
|
2019-05-21 21:34:12 +08:00
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
if (!areq->cryptlen)
|
2019-05-21 21:34:12 +08:00
|
|
|
return 0;
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
if (areq->cryptlen % blocksize)
|
2019-05-21 21:34:12 +08:00
|
|
|
return -EINVAL;
|
2009-03-29 15:52:32 +08:00
|
|
|
|
|
|
|
/* allocate extended descriptor */
|
2019-11-10 01:09:49 +08:00
|
|
|
edesc = skcipher_edesc_alloc(areq, false);
|
2009-03-29 15:52:32 +08:00
|
|
|
if (IS_ERR(edesc))
|
|
|
|
return PTR_ERR(edesc);
|
|
|
|
|
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_DIR_INBOUND;
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
return common_nonsnoop(edesc, areq, skcipher_done);
|
2009-03-29 15:52:32 +08:00
|
|
|
}
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
static void common_nonsnoop_hash_unmap(struct device *dev,
|
|
|
|
struct talitos_edesc *edesc,
|
|
|
|
struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
2019-09-10 14:04:14 +08:00
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
2018-02-27 00:40:04 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
struct talitos_desc *desc = &edesc->desc;
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
struct talitos_desc *desc2 = (struct talitos_desc *)
|
|
|
|
(edesc->buf + edesc->dma_len);
|
2018-02-27 00:40:04 +08:00
|
|
|
|
|
|
|
unmap_single_talitos_ptr(dev, &edesc->desc.ptr[5], DMA_FROM_DEVICE);
|
|
|
|
if (desc->next_desc &&
|
|
|
|
desc->ptr[5].ptr != desc2->ptr[5].ptr)
|
|
|
|
unmap_single_talitos_ptr(dev, &desc2->ptr[5], DMA_FROM_DEVICE);
|
2019-09-10 14:04:14 +08:00
|
|
|
if (req_ctx->last)
|
|
|
|
memcpy(areq->result, req_ctx->hw_context,
|
|
|
|
crypto_ahash_digestsize(tfm));
|
2010-05-19 17:20:36 +08:00
|
|
|
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
if (req_ctx->psrc)
|
|
|
|
talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0);
|
2015-04-17 22:31:51 +08:00
|
|
|
|
2018-02-27 00:40:04 +08:00
|
|
|
/* When using hashctx-in, must unmap it. */
|
|
|
|
if (from_talitos_ptr_len(&edesc->desc.ptr[1], is_sec1))
|
|
|
|
unmap_single_talitos_ptr(dev, &edesc->desc.ptr[1],
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
else if (desc->next_desc)
|
|
|
|
unmap_single_talitos_ptr(dev, &desc2->ptr[1],
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
|
|
|
|
if (is_sec1 && req_ctx->nbuf)
|
|
|
|
unmap_single_talitos_ptr(dev, &desc->ptr[3],
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
if (edesc->dma_len)
|
|
|
|
dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
|
|
|
|
DMA_BIDIRECTIONAL);
|
|
|
|
|
2017-10-06 21:05:06 +08:00
|
|
|
if (edesc->desc.next_desc)
|
|
|
|
dma_unmap_single(dev, be32_to_cpu(edesc->desc.next_desc),
|
|
|
|
TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void ahash_done(struct device *dev,
|
|
|
|
struct talitos_desc *desc, void *context,
|
|
|
|
int err)
|
|
|
|
{
|
|
|
|
struct ahash_request *areq = context;
|
|
|
|
struct talitos_edesc *edesc =
|
|
|
|
container_of(desc, struct talitos_edesc, desc);
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
|
|
|
|
if (!req_ctx->last && req_ctx->to_hash_later) {
|
|
|
|
/* Position any partial block for next update/final/finup */
|
2017-10-06 21:05:08 +08:00
|
|
|
req_ctx->buf_idx = (req_ctx->buf_idx + 1) & 1;
|
2010-06-16 13:29:15 +08:00
|
|
|
req_ctx->nbuf = req_ctx->to_hash_later;
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
common_nonsnoop_hash_unmap(dev, edesc, areq);
|
|
|
|
|
|
|
|
kfree(edesc);
|
|
|
|
|
|
|
|
areq->base.complete(&areq->base, err);
|
|
|
|
}
|
|
|
|
|
2015-04-17 22:32:18 +08:00
|
|
|
/*
|
|
|
|
* SEC1 doesn't like hashing of 0 sized message, so we do the padding
|
|
|
|
* ourself and submit a padded block
|
|
|
|
*/
|
2017-10-06 21:04:47 +08:00
|
|
|
static void talitos_handle_buggy_hash(struct talitos_ctx *ctx,
|
2015-04-17 22:32:18 +08:00
|
|
|
struct talitos_edesc *edesc,
|
|
|
|
struct talitos_ptr *ptr)
|
|
|
|
{
|
|
|
|
static u8 padded_hash[64] = {
|
|
|
|
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
|
|
};
|
|
|
|
|
|
|
|
pr_err_once("Bug in SEC1, padding ourself\n");
|
|
|
|
edesc->desc.hdr &= ~DESC_HDR_MODE0_MDEU_PAD;
|
|
|
|
map_single_talitos_ptr(ctx->dev, ptr, sizeof(padded_hash),
|
|
|
|
(char *)padded_hash, DMA_TO_DEVICE);
|
|
|
|
}
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
static int common_nonsnoop_hash(struct talitos_edesc *edesc,
|
|
|
|
struct ahash_request *areq, unsigned int length,
|
|
|
|
void (*callback) (struct device *dev,
|
|
|
|
struct talitos_desc *desc,
|
|
|
|
void *context, int error))
|
|
|
|
{
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
struct talitos_desc *desc = &edesc->desc;
|
2015-04-17 22:31:51 +08:00
|
|
|
int ret;
|
2016-06-06 19:20:38 +08:00
|
|
|
bool sync_needed = false;
|
2015-04-17 22:32:07 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2016-06-06 19:20:38 +08:00
|
|
|
int sg_count;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
/* first DWORD empty */
|
|
|
|
|
2010-05-19 17:21:53 +08:00
|
|
|
/* hash context in */
|
|
|
|
if (!req_ctx->first || req_ctx->swinit) {
|
2018-02-27 00:40:06 +08:00
|
|
|
map_single_talitos_ptr_nosync(dev, &desc->ptr[1],
|
|
|
|
req_ctx->hw_context_size,
|
|
|
|
req_ctx->hw_context,
|
|
|
|
DMA_TO_DEVICE);
|
2010-05-19 17:21:53 +08:00
|
|
|
req_ctx->swinit = 0;
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
2017-09-13 18:44:51 +08:00
|
|
|
/* Indicate next op is not the first. */
|
|
|
|
req_ctx->first = 0;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
/* HMAC key */
|
|
|
|
if (ctx->keylen)
|
2017-10-06 21:05:02 +08:00
|
|
|
to_talitos_ptr(&desc->ptr[2], ctx->dma_key, ctx->keylen,
|
|
|
|
is_sec1);
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2017-10-06 21:05:06 +08:00
|
|
|
if (is_sec1 && req_ctx->nbuf)
|
|
|
|
length -= req_ctx->nbuf;
|
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
sg_count = edesc->src_nents ?: 1;
|
|
|
|
if (is_sec1 && sg_count > 1)
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
sg_copy_to_buffer(req_ctx->psrc, sg_count, edesc->buf, length);
|
2017-10-06 21:05:06 +08:00
|
|
|
else if (length)
|
2016-06-06 19:20:38 +08:00
|
|
|
sg_count = dma_map_sg(dev, req_ctx->psrc, sg_count,
|
|
|
|
DMA_TO_DEVICE);
|
2010-05-19 17:20:36 +08:00
|
|
|
/*
|
|
|
|
* data in
|
|
|
|
*/
|
2017-10-06 21:05:06 +08:00
|
|
|
if (is_sec1 && req_ctx->nbuf) {
|
2018-02-27 00:40:04 +08:00
|
|
|
map_single_talitos_ptr(dev, &desc->ptr[3], req_ctx->nbuf,
|
|
|
|
req_ctx->buf[req_ctx->buf_idx],
|
|
|
|
DMA_TO_DEVICE);
|
2017-10-06 21:05:06 +08:00
|
|
|
} else {
|
|
|
|
sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
&desc->ptr[3], sg_count, 0, 0);
|
2017-10-06 21:05:06 +08:00
|
|
|
if (sg_count > 1)
|
|
|
|
sync_needed = true;
|
|
|
|
}
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
/* fifth DWORD empty */
|
|
|
|
|
|
|
|
/* hash/HMAC out -or- hash context out */
|
|
|
|
if (req_ctx->last)
|
|
|
|
map_single_talitos_ptr(dev, &desc->ptr[5],
|
|
|
|
crypto_ahash_digestsize(tfm),
|
2019-09-10 14:04:14 +08:00
|
|
|
req_ctx->hw_context, DMA_FROM_DEVICE);
|
2010-05-19 17:20:36 +08:00
|
|
|
else
|
2018-02-27 00:40:06 +08:00
|
|
|
map_single_talitos_ptr_nosync(dev, &desc->ptr[5],
|
|
|
|
req_ctx->hw_context_size,
|
|
|
|
req_ctx->hw_context,
|
|
|
|
DMA_FROM_DEVICE);
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
/* last DWORD empty */
|
|
|
|
|
2015-04-17 22:32:18 +08:00
|
|
|
if (is_sec1 && from_talitos_ptr_len(&desc->ptr[3], true) == 0)
|
|
|
|
talitos_handle_buggy_hash(ctx, edesc, &desc->ptr[3]);
|
|
|
|
|
2017-10-06 21:05:06 +08:00
|
|
|
if (is_sec1 && req_ctx->nbuf && length) {
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
struct talitos_desc *desc2 = (struct talitos_desc *)
|
|
|
|
(edesc->buf + edesc->dma_len);
|
2017-10-06 21:05:06 +08:00
|
|
|
dma_addr_t next_desc;
|
|
|
|
|
|
|
|
memset(desc2, 0, sizeof(*desc2));
|
|
|
|
desc2->hdr = desc->hdr;
|
|
|
|
desc2->hdr &= ~DESC_HDR_MODE0_MDEU_INIT;
|
|
|
|
desc2->hdr1 = desc2->hdr;
|
|
|
|
desc->hdr &= ~DESC_HDR_MODE0_MDEU_PAD;
|
|
|
|
desc->hdr |= DESC_HDR_MODE0_MDEU_CONT;
|
|
|
|
desc->hdr &= ~DESC_HDR_DONE_NOTIFY;
|
|
|
|
|
2018-02-27 00:40:04 +08:00
|
|
|
if (desc->ptr[1].ptr)
|
|
|
|
copy_talitos_ptr(&desc2->ptr[1], &desc->ptr[1],
|
|
|
|
is_sec1);
|
|
|
|
else
|
2018-02-27 00:40:06 +08:00
|
|
|
map_single_talitos_ptr_nosync(dev, &desc2->ptr[1],
|
|
|
|
req_ctx->hw_context_size,
|
|
|
|
req_ctx->hw_context,
|
|
|
|
DMA_TO_DEVICE);
|
2017-10-06 21:05:06 +08:00
|
|
|
copy_talitos_ptr(&desc2->ptr[2], &desc->ptr[2], is_sec1);
|
|
|
|
sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
&desc2->ptr[3], sg_count, 0, 0);
|
2017-10-06 21:05:06 +08:00
|
|
|
if (sg_count > 1)
|
|
|
|
sync_needed = true;
|
|
|
|
copy_talitos_ptr(&desc2->ptr[5], &desc->ptr[5], is_sec1);
|
|
|
|
if (req_ctx->last)
|
2018-02-27 00:40:06 +08:00
|
|
|
map_single_talitos_ptr_nosync(dev, &desc->ptr[5],
|
|
|
|
req_ctx->hw_context_size,
|
|
|
|
req_ctx->hw_context,
|
|
|
|
DMA_FROM_DEVICE);
|
2017-10-06 21:05:06 +08:00
|
|
|
|
|
|
|
next_desc = dma_map_single(dev, &desc2->hdr1, TALITOS_DESC_SIZE,
|
|
|
|
DMA_BIDIRECTIONAL);
|
|
|
|
desc->next_desc = cpu_to_be32(next_desc);
|
|
|
|
}
|
|
|
|
|
2016-06-06 19:20:38 +08:00
|
|
|
if (sync_needed)
|
|
|
|
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
|
|
|
|
edesc->dma_len, DMA_BIDIRECTIONAL);
|
|
|
|
|
2011-07-15 11:21:38 +08:00
|
|
|
ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
|
2010-05-19 17:20:36 +08:00
|
|
|
if (ret != -EINPROGRESS) {
|
|
|
|
common_nonsnoop_hash_unmap(dev, edesc, areq);
|
|
|
|
kfree(edesc);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct talitos_edesc *ahash_edesc_alloc(struct ahash_request *areq,
|
|
|
|
unsigned int nbytes)
|
|
|
|
{
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
2017-10-06 21:05:06 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(ctx->dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
|
|
|
|
|
|
|
if (is_sec1)
|
|
|
|
nbytes -= req_ctx->nbuf;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2015-07-30 17:53:22 +08:00
|
|
|
return talitos_edesc_alloc(ctx->dev, req_ctx->psrc, NULL, NULL, 0,
|
2013-11-28 21:11:17 +08:00
|
|
|
nbytes, 0, 0, 0, areq->base.flags, false);
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_init(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
2018-02-27 00:40:06 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct device *dev = ctx->dev;
|
2010-05-19 17:20:36 +08:00
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
2017-10-06 21:05:04 +08:00
|
|
|
unsigned int size;
|
2018-02-27 00:40:06 +08:00
|
|
|
dma_addr_t dma;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
/* Initialize the context */
|
2017-10-06 21:05:08 +08:00
|
|
|
req_ctx->buf_idx = 0;
|
2010-06-16 13:29:15 +08:00
|
|
|
req_ctx->nbuf = 0;
|
2010-05-19 17:21:53 +08:00
|
|
|
req_ctx->first = 1; /* first indicates h/w must init its context */
|
|
|
|
req_ctx->swinit = 0; /* assume h/w init of context */
|
2017-10-06 21:05:04 +08:00
|
|
|
size = (crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE)
|
2010-05-19 17:20:36 +08:00
|
|
|
? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
|
|
|
|
: TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
|
2017-10-06 21:05:04 +08:00
|
|
|
req_ctx->hw_context_size = size;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2018-02-27 00:40:06 +08:00
|
|
|
dma = dma_map_single(dev, req_ctx->hw_context, req_ctx->hw_context_size,
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
dma_unmap_single(dev, dma, req_ctx->hw_context_size, DMA_TO_DEVICE);
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-05-19 17:21:53 +08:00
|
|
|
/*
|
|
|
|
* on h/w without explicit sha224 support, we initialize h/w context
|
|
|
|
* manually with sha224 constants, and tell it to run sha256.
|
|
|
|
*/
|
|
|
|
static int ahash_init_sha224_swinit(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
|
2010-09-23 15:56:38 +08:00
|
|
|
req_ctx->hw_context[0] = SHA224_H0;
|
|
|
|
req_ctx->hw_context[1] = SHA224_H1;
|
|
|
|
req_ctx->hw_context[2] = SHA224_H2;
|
|
|
|
req_ctx->hw_context[3] = SHA224_H3;
|
|
|
|
req_ctx->hw_context[4] = SHA224_H4;
|
|
|
|
req_ctx->hw_context[5] = SHA224_H5;
|
|
|
|
req_ctx->hw_context[6] = SHA224_H6;
|
|
|
|
req_ctx->hw_context[7] = SHA224_H7;
|
2010-05-19 17:21:53 +08:00
|
|
|
|
|
|
|
/* init 64-bit count */
|
|
|
|
req_ctx->hw_context[8] = 0;
|
|
|
|
req_ctx->hw_context[9] = 0;
|
|
|
|
|
2018-02-27 00:40:06 +08:00
|
|
|
ahash_init(areq);
|
|
|
|
req_ctx->swinit = 1;/* prevent h/w initting context with sha256 values*/
|
|
|
|
|
2010-05-19 17:21:53 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
|
|
|
|
{
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
struct talitos_edesc *edesc;
|
|
|
|
unsigned int blocksize =
|
|
|
|
crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
|
|
|
|
unsigned int nbytes_to_hash;
|
|
|
|
unsigned int to_hash_later;
|
2010-06-16 13:29:15 +08:00
|
|
|
unsigned int nsg;
|
2015-11-05 04:13:34 +08:00
|
|
|
int nents;
|
2017-10-06 21:05:06 +08:00
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2017-10-06 21:05:08 +08:00
|
|
|
u8 *ctx_buf = req_ctx->buf[req_ctx->buf_idx];
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2010-06-16 13:29:15 +08:00
|
|
|
if (!req_ctx->last && (nbytes + req_ctx->nbuf <= blocksize)) {
|
|
|
|
/* Buffer up to one whole block */
|
2015-11-05 04:13:34 +08:00
|
|
|
nents = sg_nents_for_len(areq->src, nbytes);
|
|
|
|
if (nents < 0) {
|
|
|
|
dev_err(ctx->dev, "Invalid number of src SG.\n");
|
|
|
|
return nents;
|
|
|
|
}
|
|
|
|
sg_copy_to_buffer(areq->src, nents,
|
2017-10-06 21:05:08 +08:00
|
|
|
ctx_buf + req_ctx->nbuf, nbytes);
|
2010-06-16 13:29:15 +08:00
|
|
|
req_ctx->nbuf += nbytes;
|
2010-05-19 17:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-06-16 13:29:15 +08:00
|
|
|
/* At least (blocksize + 1) bytes are available to hash */
|
|
|
|
nbytes_to_hash = nbytes + req_ctx->nbuf;
|
|
|
|
to_hash_later = nbytes_to_hash & (blocksize - 1);
|
|
|
|
|
|
|
|
if (req_ctx->last)
|
|
|
|
to_hash_later = 0;
|
|
|
|
else if (to_hash_later)
|
|
|
|
/* There is a partial block. Hash the full block(s) now */
|
|
|
|
nbytes_to_hash -= to_hash_later;
|
|
|
|
else {
|
|
|
|
/* Keep one block buffered */
|
|
|
|
nbytes_to_hash -= blocksize;
|
|
|
|
to_hash_later = blocksize;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Chain in any previously buffered data */
|
2017-10-06 21:05:06 +08:00
|
|
|
if (!is_sec1 && req_ctx->nbuf) {
|
2010-06-16 13:29:15 +08:00
|
|
|
nsg = (req_ctx->nbuf < nbytes_to_hash) ? 2 : 1;
|
|
|
|
sg_init_table(req_ctx->bufsl, nsg);
|
2017-10-06 21:05:08 +08:00
|
|
|
sg_set_buf(req_ctx->bufsl, ctx_buf, req_ctx->nbuf);
|
2010-06-16 13:29:15 +08:00
|
|
|
if (nsg > 1)
|
2015-08-08 00:15:13 +08:00
|
|
|
sg_chain(req_ctx->bufsl, 2, areq->src);
|
2010-05-19 17:20:36 +08:00
|
|
|
req_ctx->psrc = req_ctx->bufsl;
|
2017-10-06 21:05:06 +08:00
|
|
|
} else if (is_sec1 && req_ctx->nbuf && req_ctx->nbuf < blocksize) {
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
int offset;
|
|
|
|
|
2017-10-06 21:05:06 +08:00
|
|
|
if (nbytes_to_hash > blocksize)
|
|
|
|
offset = blocksize - req_ctx->nbuf;
|
|
|
|
else
|
|
|
|
offset = nbytes_to_hash - req_ctx->nbuf;
|
|
|
|
nents = sg_nents_for_len(areq->src, offset);
|
|
|
|
if (nents < 0) {
|
|
|
|
dev_err(ctx->dev, "Invalid number of src SG.\n");
|
|
|
|
return nents;
|
|
|
|
}
|
|
|
|
sg_copy_to_buffer(areq->src, nents,
|
2017-10-06 21:05:08 +08:00
|
|
|
ctx_buf + req_ctx->nbuf, offset);
|
2017-10-06 21:05:06 +08:00
|
|
|
req_ctx->nbuf += offset;
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
req_ctx->psrc = scatterwalk_ffwd(req_ctx->bufsl, areq->src,
|
|
|
|
offset);
|
2010-06-16 13:29:15 +08:00
|
|
|
} else
|
2010-05-19 17:20:36 +08:00
|
|
|
req_ctx->psrc = areq->src;
|
2010-06-16 13:29:15 +08:00
|
|
|
|
|
|
|
if (to_hash_later) {
|
2015-11-05 04:13:34 +08:00
|
|
|
nents = sg_nents_for_len(areq->src, nbytes);
|
|
|
|
if (nents < 0) {
|
|
|
|
dev_err(ctx->dev, "Invalid number of src SG.\n");
|
|
|
|
return nents;
|
|
|
|
}
|
2013-07-09 07:01:55 +08:00
|
|
|
sg_pcopy_to_buffer(areq->src, nents,
|
2017-10-06 21:05:08 +08:00
|
|
|
req_ctx->buf[(req_ctx->buf_idx + 1) & 1],
|
2010-06-16 13:29:15 +08:00
|
|
|
to_hash_later,
|
|
|
|
nbytes - to_hash_later);
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
2010-06-16 13:29:15 +08:00
|
|
|
req_ctx->to_hash_later = to_hash_later;
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2010-06-16 13:29:15 +08:00
|
|
|
/* Allocate extended descriptor */
|
2010-05-19 17:20:36 +08:00
|
|
|
edesc = ahash_edesc_alloc(areq, nbytes_to_hash);
|
|
|
|
if (IS_ERR(edesc))
|
|
|
|
return PTR_ERR(edesc);
|
|
|
|
|
|
|
|
edesc->desc.hdr = ctx->desc_hdr_template;
|
|
|
|
|
|
|
|
/* On last one, request SEC to pad; otherwise continue */
|
|
|
|
if (req_ctx->last)
|
|
|
|
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_PAD;
|
|
|
|
else
|
|
|
|
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_CONT;
|
|
|
|
|
2010-05-19 17:21:53 +08:00
|
|
|
/* request SEC to INIT hash. */
|
|
|
|
if (req_ctx->first && !req_ctx->swinit)
|
2010-05-19 17:20:36 +08:00
|
|
|
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT;
|
|
|
|
|
|
|
|
/* When the tfm context has a keylen, it's an HMAC.
|
|
|
|
* A first or last (ie. not middle) descriptor must request HMAC.
|
|
|
|
*/
|
|
|
|
if (ctx->keylen && (req_ctx->first || req_ctx->last))
|
|
|
|
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_HMAC;
|
|
|
|
|
crypto: talitos - fix hash on SEC1.
On SEC1, hash provides wrong result when performing hashing in several
steps with input data SG list has more than one element. This was
detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS:
[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[<reimport>25.88%@+8063, <flush>24.19%@+9588, 28.63%@+16333, <reimport>4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+"
[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[<flush,nosimd>16.56%@+16378, <reimport>52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39"
[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[<reimport>52.27%@+7401, <reimport>17.34%@+16285, <flush>17.71%@+26, 12.68%@+10644] iv_offset=43"
[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[<reimport>60.6%@+12790, 17.86%@+1329, <reimport>12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, <reimport>0.51%@+16322, <reimport>0.24%@+16339] dst_divs"
This is due to two issues:
- We have an overlap between the buffer used for copying the input
data (SEC1 doesn't do scatter/gather) and the chained descriptor.
- Data copy is wrong when the previous hash left less than one
blocksize of data to hash, implying a complement of the previous
block with a few bytes from the new request.
Fix it by:
- Moving the second descriptor after the buffer, as moving the buffer
after the descriptor would make it more complex for other cipher
operations (AEAD, ABLKCIPHER)
- Skip the bytes taken from the new request to complete the previous
one by moving the SG list forward.
Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
Cc: stable@vger.kernel.org
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-24 15:20:16 +08:00
|
|
|
return common_nonsnoop_hash(edesc, areq, nbytes_to_hash, ahash_done);
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_update(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
|
|
|
|
req_ctx->last = 0;
|
|
|
|
|
|
|
|
return ahash_process_req(areq, areq->nbytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_final(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
|
|
|
|
req_ctx->last = 1;
|
|
|
|
|
|
|
|
return ahash_process_req(areq, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_finup(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
|
|
|
|
req_ctx->last = 1;
|
|
|
|
|
|
|
|
return ahash_process_req(areq, areq->nbytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_digest(struct ahash_request *areq)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
2010-05-19 17:21:53 +08:00
|
|
|
struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
|
2010-05-19 17:20:36 +08:00
|
|
|
|
2010-05-19 17:21:53 +08:00
|
|
|
ahash->init(areq);
|
2010-05-19 17:20:36 +08:00
|
|
|
req_ctx->last = 1;
|
|
|
|
|
|
|
|
return ahash_process_req(areq, areq->nbytes);
|
|
|
|
}
|
|
|
|
|
2016-04-22 00:24:55 +08:00
|
|
|
static int ahash_export(struct ahash_request *areq, void *out)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
struct talitos_export_state *export = out;
|
2018-02-27 00:40:06 +08:00
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
dma_addr_t dma;
|
|
|
|
|
|
|
|
dma = dma_map_single(dev, req_ctx->hw_context, req_ctx->hw_context_size,
|
|
|
|
DMA_FROM_DEVICE);
|
|
|
|
dma_unmap_single(dev, dma, req_ctx->hw_context_size, DMA_FROM_DEVICE);
|
2016-04-22 00:24:55 +08:00
|
|
|
|
|
|
|
memcpy(export->hw_context, req_ctx->hw_context,
|
|
|
|
req_ctx->hw_context_size);
|
2017-10-06 21:05:08 +08:00
|
|
|
memcpy(export->buf, req_ctx->buf[req_ctx->buf_idx], req_ctx->nbuf);
|
2016-04-22 00:24:55 +08:00
|
|
|
export->swinit = req_ctx->swinit;
|
|
|
|
export->first = req_ctx->first;
|
|
|
|
export->last = req_ctx->last;
|
|
|
|
export->to_hash_later = req_ctx->to_hash_later;
|
|
|
|
export->nbuf = req_ctx->nbuf;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_import(struct ahash_request *areq, const void *in)
|
|
|
|
{
|
|
|
|
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
|
2018-02-27 00:40:06 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
|
|
struct device *dev = ctx->dev;
|
2016-04-22 00:24:55 +08:00
|
|
|
const struct talitos_export_state *export = in;
|
2017-10-06 21:05:04 +08:00
|
|
|
unsigned int size;
|
2018-02-27 00:40:06 +08:00
|
|
|
dma_addr_t dma;
|
2016-04-22 00:24:55 +08:00
|
|
|
|
|
|
|
memset(req_ctx, 0, sizeof(*req_ctx));
|
2017-10-06 21:05:04 +08:00
|
|
|
size = (crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE)
|
2016-04-22 00:24:55 +08:00
|
|
|
? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
|
|
|
|
: TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
|
2017-10-06 21:05:04 +08:00
|
|
|
req_ctx->hw_context_size = size;
|
|
|
|
memcpy(req_ctx->hw_context, export->hw_context, size);
|
2017-10-06 21:05:08 +08:00
|
|
|
memcpy(req_ctx->buf[0], export->buf, export->nbuf);
|
2016-04-22 00:24:55 +08:00
|
|
|
req_ctx->swinit = export->swinit;
|
|
|
|
req_ctx->first = export->first;
|
|
|
|
req_ctx->last = export->last;
|
|
|
|
req_ctx->to_hash_later = export->to_hash_later;
|
|
|
|
req_ctx->nbuf = export->nbuf;
|
|
|
|
|
2018-02-27 00:40:06 +08:00
|
|
|
dma = dma_map_single(dev, req_ctx->hw_context, req_ctx->hw_context_size,
|
|
|
|
DMA_TO_DEVICE);
|
|
|
|
dma_unmap_single(dev, dma, req_ctx->hw_context_size, DMA_TO_DEVICE);
|
|
|
|
|
2016-04-22 00:24:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-11-21 16:13:25 +08:00
|
|
|
static int keyhash(struct crypto_ahash *tfm, const u8 *key, unsigned int keylen,
|
|
|
|
u8 *hash)
|
|
|
|
{
|
|
|
|
struct talitos_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
|
|
|
|
|
|
|
|
struct scatterlist sg[1];
|
|
|
|
struct ahash_request *req;
|
2017-10-18 15:00:49 +08:00
|
|
|
struct crypto_wait wait;
|
2011-11-21 16:13:25 +08:00
|
|
|
int ret;
|
|
|
|
|
2017-10-18 15:00:49 +08:00
|
|
|
crypto_init_wait(&wait);
|
2011-11-21 16:13:25 +08:00
|
|
|
|
|
|
|
req = ahash_request_alloc(tfm, GFP_KERNEL);
|
|
|
|
if (!req)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
/* Keep tfm keylen == 0 during hash of the long key */
|
|
|
|
ctx->keylen = 0;
|
|
|
|
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
|
2017-10-18 15:00:49 +08:00
|
|
|
crypto_req_done, &wait);
|
2011-11-21 16:13:25 +08:00
|
|
|
|
|
|
|
sg_init_one(&sg[0], key, keylen);
|
|
|
|
|
|
|
|
ahash_request_set_crypt(req, sg, hash, keylen);
|
2017-10-18 15:00:49 +08:00
|
|
|
ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
|
|
|
|
|
2011-11-21 16:13:25 +08:00
|
|
|
ahash_request_free(req);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
|
|
|
|
unsigned int keylen)
|
|
|
|
{
|
|
|
|
struct talitos_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
|
2017-10-06 21:05:02 +08:00
|
|
|
struct device *dev = ctx->dev;
|
2011-11-21 16:13:25 +08:00
|
|
|
unsigned int blocksize =
|
|
|
|
crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
|
|
|
|
unsigned int digestsize = crypto_ahash_digestsize(tfm);
|
|
|
|
unsigned int keysize = keylen;
|
|
|
|
u8 hash[SHA512_DIGEST_SIZE];
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (keylen <= blocksize)
|
|
|
|
memcpy(ctx->key, key, keysize);
|
|
|
|
else {
|
|
|
|
/* Must get the hash of the long key */
|
|
|
|
ret = keyhash(tfm, key, keylen, hash);
|
|
|
|
|
crypto: remove CRYPTO_TFM_RES_BAD_KEY_LEN
The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
make the ->setkey() functions provide more information about errors.
However, no one actually checks for this flag, which makes it pointless.
Also, many algorithms fail to set this flag when given a bad length key.
Reviewing just the generic implementations, this is the case for
aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
many more in arch/*/crypto/ and drivers/crypto/.
Some algorithms can even set this flag when the key is the correct
length. For example, authenc and authencesn set it when the key payload
is malformed in any way (not just a bad length), the atmel-sha and ccree
drivers can set it if a memory allocation fails, and the chelsio driver
sets it for bad auth tag lengths, not just bad key lengths.
So even if someone actually wanted to start checking this flag (which
seems unlikely, since it's been unused for a long time), there would be
a lot of work needed to get it working correctly. But it would probably
be much better to go back to the drawing board and just define different
return values, like -EINVAL if the key is invalid for the algorithm vs.
-EKEYREJECTED if the key was rejected by a policy like "no weak keys".
That would be much simpler, less error-prone, and easier to test.
So just remove this flag.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-31 11:19:36 +08:00
|
|
|
if (ret)
|
2011-11-21 16:13:25 +08:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
keysize = digestsize;
|
|
|
|
memcpy(ctx->key, hash, digestsize);
|
|
|
|
}
|
|
|
|
|
2017-10-06 21:05:02 +08:00
|
|
|
if (ctx->keylen)
|
|
|
|
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
|
|
|
|
|
2011-11-21 16:13:25 +08:00
|
|
|
ctx->keylen = keysize;
|
2017-10-06 21:05:02 +08:00
|
|
|
ctx->dma_key = dma_map_single(dev, ctx->key, keysize, DMA_TO_DEVICE);
|
2011-11-21 16:13:25 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_alg_template {
|
2010-05-19 17:18:38 +08:00
|
|
|
u32 type;
|
2016-06-06 19:20:44 +08:00
|
|
|
u32 priority;
|
2010-05-19 17:18:38 +08:00
|
|
|
union {
|
2019-11-10 01:09:49 +08:00
|
|
|
struct skcipher_alg skcipher;
|
2010-05-19 17:19:33 +08:00
|
|
|
struct ahash_alg hash;
|
2015-07-30 17:53:22 +08:00
|
|
|
struct aead_alg aead;
|
2010-05-19 17:18:38 +08:00
|
|
|
} alg;
|
2008-06-23 19:50:15 +08:00
|
|
|
__be32 desc_hdr_template;
|
|
|
|
};
|
|
|
|
|
|
|
|
static struct talitos_alg_template driver_algs[] = {
|
Revert "crypto: talitos - add IPsec ESN support"
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-03-20 22:31:38 +08:00
|
|
|
/* AEAD algorithms. These use a single-pass ipsec_esp descriptor */
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha1),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha1-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA1_DIGEST_SIZE,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-06-23 19:50:15 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA1_HMAC,
|
2008-07-03 19:08:46 +08:00
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha1),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha1-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-aes-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA1_DIGEST_SIZE,
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA1_HMAC,
|
|
|
|
},
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha1),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha1-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA1_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-07-03 19:08:46 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA1_HMAC,
|
2008-07-10 18:29:18 +08:00
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha1),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha1-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-3des-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA1_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA1_HMAC,
|
|
|
|
},
|
2012-07-04 00:16:53 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha224),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha224-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA224_DIGEST_SIZE,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA224_HMAC,
|
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha224),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha224-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-aes-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA224_DIGEST_SIZE,
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA224_HMAC,
|
|
|
|
},
|
2012-07-04 00:16:53 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha224),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha224-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA224_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA224_HMAC,
|
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha224),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha224-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-3des-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA224_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA224_HMAC,
|
|
|
|
},
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha256),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha256-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA256_DIGEST_SIZE,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-07-10 18:29:18 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA256_HMAC,
|
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha256),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha256-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-aes-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA256_DIGEST_SIZE,
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA256_HMAC,
|
|
|
|
},
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha256),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha256-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA256_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-07-10 18:29:18 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA256_HMAC,
|
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha256),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha256-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-3des-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA256_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_SHA256_HMAC,
|
|
|
|
},
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha384),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha384-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA384_DIGEST_SIZE,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUB |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEUB_SHA384_HMAC,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha384),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha384-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA384_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUB |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEUB_SHA384_HMAC,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha512),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha512-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA512_DIGEST_SIZE,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUB |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEUB_SHA512_HMAC,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(sha512),"
|
|
|
|
"cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-sha512-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = SHA512_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2012-07-04 00:16:53 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUB |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEUB_SHA512_HMAC,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(md5),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-md5-"
|
|
|
|
"cbc-aes-talitos",
|
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = MD5_DIGEST_SIZE,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-07-10 18:29:18 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_MD5_HMAC,
|
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(md5),cbc(aes))",
|
|
|
|
.cra_driver_name = "authenc-hmac-md5-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-aes-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.maxauthsize = MD5_DIGEST_SIZE,
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_MD5_HMAC,
|
|
|
|
},
|
2010-05-19 17:18:38 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
2015-07-30 17:53:22 +08:00
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-md5-"
|
|
|
|
"cbc-3des-talitos",
|
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2015-07-30 17:53:22 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = MD5_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2009-03-29 15:50:50 +08:00
|
|
|
},
|
2008-07-10 18:29:18 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_MD5_HMAC,
|
2009-03-29 15:52:32 +08:00
|
|
|
},
|
2016-06-06 19:20:46 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AEAD,
|
|
|
|
.priority = TALITOS_CRA_PRIORITY_AEAD_HSNA,
|
|
|
|
.alg.aead = {
|
|
|
|
.base = {
|
|
|
|
.cra_name = "authenc(hmac(md5),cbc(des3_ede))",
|
|
|
|
.cra_driver_name = "authenc-hmac-md5-"
|
2019-05-21 21:34:08 +08:00
|
|
|
"cbc-3des-talitos-hsna",
|
2016-06-06 19:20:46 +08:00
|
|
|
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.maxauthsize = MD5_DIGEST_SIZE,
|
2019-04-11 16:51:21 +08:00
|
|
|
.setkey = aead_des3_setkey,
|
2016-06-06 19:20:46 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_HMAC_SNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES |
|
|
|
|
DESC_HDR_SEL1_MDEUA |
|
|
|
|
DESC_HDR_MODE1_MDEU_INIT |
|
|
|
|
DESC_HDR_MODE1_MDEU_PAD |
|
|
|
|
DESC_HDR_MODE1_MDEU_MD5_HMAC,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
/* SKCIPHER algorithms. */
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "ecb(aes)",
|
|
|
|
.base.cra_driver_name = "ecb-aes-talitos",
|
|
|
|
.base.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = AES_MIN_KEY_SIZE,
|
|
|
|
.max_keysize = AES_MAX_KEY_SIZE,
|
|
|
|
.setkey = skcipher_aes_setkey,
|
2015-12-01 19:44:15 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "cbc(aes)",
|
|
|
|
.base.cra_driver_name = "cbc-aes-talitos",
|
|
|
|
.base.cra_blocksize = AES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = AES_MIN_KEY_SIZE,
|
|
|
|
.max_keysize = AES_MAX_KEY_SIZE,
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.setkey = skcipher_aes_setkey,
|
2009-03-29 15:52:32 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CBC,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "ctr(aes)",
|
|
|
|
.base.cra_driver_name = "ctr-aes-talitos",
|
|
|
|
.base.cra_blocksize = 1,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = AES_MIN_KEY_SIZE,
|
|
|
|
.max_keysize = AES_MAX_KEY_SIZE,
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.setkey = skcipher_aes_setkey,
|
2015-12-01 19:44:15 +08:00
|
|
|
},
|
2017-10-06 21:04:43 +08:00
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP |
|
2015-12-01 19:44:15 +08:00
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CTR,
|
|
|
|
},
|
2021-01-21 02:57:25 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "ctr(aes)",
|
|
|
|
.base.cra_driver_name = "ctr-aes-talitos",
|
|
|
|
.base.cra_blocksize = 1,
|
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
|
|
|
.min_keysize = AES_MIN_KEY_SIZE,
|
|
|
|
.max_keysize = AES_MAX_KEY_SIZE,
|
|
|
|
.ivsize = AES_BLOCK_SIZE,
|
|
|
|
.setkey = skcipher_aes_setkey,
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_AESU |
|
|
|
|
DESC_HDR_MODE0_AESU_CTR,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "ecb(des)",
|
|
|
|
.base.cra_driver_name = "ecb-des-talitos",
|
|
|
|
.base.cra_blocksize = DES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = DES_KEY_SIZE,
|
|
|
|
.max_keysize = DES_KEY_SIZE,
|
|
|
|
.setkey = skcipher_des_setkey,
|
2015-12-01 19:44:15 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "cbc(des)",
|
|
|
|
.base.cra_driver_name = "cbc-des-talitos",
|
|
|
|
.base.cra_blocksize = DES_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = DES_KEY_SIZE,
|
|
|
|
.max_keysize = DES_KEY_SIZE,
|
|
|
|
.ivsize = DES_BLOCK_SIZE,
|
|
|
|
.setkey = skcipher_des_setkey,
|
2015-12-01 19:44:15 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "ecb(des3_ede)",
|
|
|
|
.base.cra_driver_name = "ecb-3des-talitos",
|
|
|
|
.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = DES3_EDE_KEY_SIZE,
|
|
|
|
.max_keysize = DES3_EDE_KEY_SIZE,
|
|
|
|
.setkey = skcipher_des3_setkey,
|
2015-12-01 19:44:15 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES,
|
|
|
|
},
|
2019-11-10 01:09:49 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_SKCIPHER,
|
|
|
|
.alg.skcipher = {
|
|
|
|
.base.cra_name = "cbc(des3_ede)",
|
|
|
|
.base.cra_driver_name = "cbc-3des-talitos",
|
|
|
|
.base.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.base.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2019-11-10 01:09:49 +08:00
|
|
|
.min_keysize = DES3_EDE_KEY_SIZE,
|
|
|
|
.max_keysize = DES3_EDE_KEY_SIZE,
|
|
|
|
.ivsize = DES3_EDE_BLOCK_SIZE,
|
|
|
|
.setkey = skcipher_des3_setkey,
|
2009-03-29 15:52:32 +08:00
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_DEU |
|
|
|
|
DESC_HDR_MODE0_DEU_CBC |
|
|
|
|
DESC_HDR_MODE0_DEU_3DES,
|
2010-05-19 17:20:36 +08:00
|
|
|
},
|
|
|
|
/* AHASH algorithms. */
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = MD5_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:20:36 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "md5",
|
|
|
|
.cra_driver_name = "md5-talitos",
|
2015-03-03 21:21:34 +08:00
|
|
|
.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_MD5,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA1_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:20:36 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "sha1",
|
|
|
|
.cra_driver_name = "sha1-talitos",
|
|
|
|
.cra_blocksize = SHA1_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA1,
|
|
|
|
},
|
2010-05-19 17:21:53 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA224_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:21:53 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "sha224",
|
|
|
|
.cra_driver_name = "sha224-talitos",
|
|
|
|
.cra_blocksize = SHA224_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:21:53 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA224,
|
|
|
|
},
|
2010-05-19 17:20:36 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA256_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:20:36 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "sha256",
|
|
|
|
.cra_driver_name = "sha256-talitos",
|
|
|
|
.cra_blocksize = SHA256_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA256,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA384_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:20:36 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "sha384",
|
|
|
|
.cra_driver_name = "sha384-talitos",
|
|
|
|
.cra_blocksize = SHA384_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUB |
|
|
|
|
DESC_HDR_MODE0_MDEUB_SHA384,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA512_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2010-05-19 17:20:36 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "sha512",
|
|
|
|
.cra_driver_name = "sha512-talitos",
|
|
|
|
.cra_blocksize = SHA512_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUB |
|
|
|
|
DESC_HDR_MODE0_MDEUB_SHA512,
|
|
|
|
},
|
2011-11-21 16:13:25 +08:00
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = MD5_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(md5)",
|
|
|
|
.cra_driver_name = "hmac-md5-talitos",
|
2015-03-03 21:21:34 +08:00
|
|
|
.cra_blocksize = MD5_HMAC_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_MD5,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA1_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(sha1)",
|
|
|
|
.cra_driver_name = "hmac-sha1-talitos",
|
|
|
|
.cra_blocksize = SHA1_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA1,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA224_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(sha224)",
|
|
|
|
.cra_driver_name = "hmac-sha224-talitos",
|
|
|
|
.cra_blocksize = SHA224_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA224,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA256_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(sha256)",
|
|
|
|
.cra_driver_name = "hmac-sha256-talitos",
|
|
|
|
.cra_blocksize = SHA256_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA256,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA384_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(sha384)",
|
|
|
|
.cra_driver_name = "hmac-sha384-talitos",
|
|
|
|
.cra_blocksize = SHA384_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUB |
|
|
|
|
DESC_HDR_MODE0_MDEUB_SHA384,
|
|
|
|
},
|
|
|
|
{ .type = CRYPTO_ALG_TYPE_AHASH,
|
|
|
|
.alg.hash = {
|
|
|
|
.halg.digestsize = SHA512_DIGEST_SIZE,
|
2016-04-22 00:24:55 +08:00
|
|
|
.halg.statesize = sizeof(struct talitos_export_state),
|
2011-11-21 16:13:25 +08:00
|
|
|
.halg.base = {
|
|
|
|
.cra_name = "hmac(sha512)",
|
|
|
|
.cra_driver_name = "hmac-sha512-talitos",
|
|
|
|
.cra_blocksize = SHA512_BLOCK_SIZE,
|
2020-07-10 14:20:41 +08:00
|
|
|
.cra_flags = CRYPTO_ALG_ASYNC |
|
|
|
|
CRYPTO_ALG_ALLOCATES_MEMORY,
|
2011-11-21 16:13:25 +08:00
|
|
|
}
|
|
|
|
},
|
|
|
|
.desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUB |
|
|
|
|
DESC_HDR_MODE0_MDEUB_SHA512,
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct talitos_crypto_alg {
|
|
|
|
struct list_head entry;
|
|
|
|
struct device *dev;
|
2010-05-19 17:19:33 +08:00
|
|
|
struct talitos_alg_template algt;
|
2008-06-23 19:50:15 +08:00
|
|
|
};
|
|
|
|
|
2016-04-20 01:33:47 +08:00
|
|
|
static int talitos_init_common(struct talitos_ctx *ctx,
|
|
|
|
struct talitos_crypto_alg *talitos_alg)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
2011-07-15 11:21:38 +08:00
|
|
|
struct talitos_private *priv;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
/* update context with ptr to dev */
|
|
|
|
ctx->dev = talitos_alg->dev;
|
2009-03-29 15:53:59 +08:00
|
|
|
|
2011-07-15 11:21:38 +08:00
|
|
|
/* assign SEC channel to tfm in round-robin fashion */
|
|
|
|
priv = dev_get_drvdata(ctx->dev);
|
|
|
|
ctx->ch = atomic_inc_return(&priv->last_chan) &
|
|
|
|
(priv->num_channels - 1);
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/* copy descriptor header template value */
|
2010-05-19 17:19:33 +08:00
|
|
|
ctx->desc_hdr_template = talitos_alg->algt.desc_hdr_template;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2011-07-15 11:21:39 +08:00
|
|
|
/* select done notification */
|
|
|
|
ctx->desc_hdr_template |= DESC_HDR_DONE_NOTIFY;
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int talitos_cra_init_aead(struct crypto_aead *tfm)
|
2016-04-20 01:33:47 +08:00
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct aead_alg *alg = crypto_aead_alg(tfm);
|
2016-04-20 01:33:47 +08:00
|
|
|
struct talitos_crypto_alg *talitos_alg;
|
2019-11-10 01:09:49 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_aead_ctx(tfm);
|
2016-04-20 01:33:47 +08:00
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
talitos_alg = container_of(alg, struct talitos_crypto_alg,
|
|
|
|
algt.alg.aead);
|
2016-04-20 01:33:47 +08:00
|
|
|
|
|
|
|
return talitos_init_common(ctx, talitos_alg);
|
|
|
|
}
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
static int talitos_cra_init_skcipher(struct crypto_skcipher *tfm)
|
2010-05-19 17:20:36 +08:00
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct skcipher_alg *alg = crypto_skcipher_alg(tfm);
|
2016-04-20 01:33:47 +08:00
|
|
|
struct talitos_crypto_alg *talitos_alg;
|
2019-11-10 01:09:49 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_skcipher_ctx(tfm);
|
2016-04-20 01:33:47 +08:00
|
|
|
|
|
|
|
talitos_alg = container_of(alg, struct talitos_crypto_alg,
|
2019-11-10 01:09:49 +08:00
|
|
|
algt.alg.skcipher);
|
2016-04-20 01:33:47 +08:00
|
|
|
|
|
|
|
return talitos_init_common(ctx, talitos_alg);
|
2008-06-23 19:50:15 +08:00
|
|
|
}
|
|
|
|
|
2010-05-19 17:20:36 +08:00
|
|
|
static int talitos_cra_init_ahash(struct crypto_tfm *tfm)
|
|
|
|
{
|
2019-11-10 01:09:49 +08:00
|
|
|
struct crypto_alg *alg = tfm->__crt_alg;
|
|
|
|
struct talitos_crypto_alg *talitos_alg;
|
2010-05-19 17:20:36 +08:00
|
|
|
struct talitos_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
talitos_alg = container_of(__crypto_ahash_alg(alg),
|
|
|
|
struct talitos_crypto_alg,
|
|
|
|
algt.alg.hash);
|
2010-05-19 17:20:36 +08:00
|
|
|
|
|
|
|
ctx->keylen = 0;
|
|
|
|
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
|
|
|
|
sizeof(struct talitos_ahash_req_ctx));
|
|
|
|
|
2019-11-10 01:09:49 +08:00
|
|
|
return talitos_init_common(ctx, talitos_alg);
|
2010-05-19 17:20:36 +08:00
|
|
|
}
|
|
|
|
|
2017-10-06 21:05:02 +08:00
|
|
|
static void talitos_cra_exit(struct crypto_tfm *tfm)
|
|
|
|
{
|
|
|
|
struct talitos_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
|
|
struct device *dev = ctx->dev;
|
|
|
|
|
|
|
|
if (ctx->keylen)
|
|
|
|
dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
|
|
|
|
}
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/*
|
|
|
|
* given the alg's descriptor header template, determine whether descriptor
|
|
|
|
* type and primary/secondary execution units required match the hw
|
|
|
|
* capabilities description provided in the device tree node.
|
|
|
|
*/
|
|
|
|
static int hw_supports(struct device *dev, __be32 desc_hdr_template)
|
|
|
|
{
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = (1 << DESC_TYPE(desc_hdr_template) & priv->desc_types) &&
|
|
|
|
(1 << PRIMARY_EU(desc_hdr_template) & priv->exec_units);
|
|
|
|
|
|
|
|
if (SECONDARY_EU(desc_hdr_template))
|
|
|
|
ret = ret && (1 << SECONDARY_EU(desc_hdr_template)
|
|
|
|
& priv->exec_units);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-08-06 23:25:50 +08:00
|
|
|
static int talitos_remove(struct platform_device *ofdev)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct device *dev = &ofdev->dev;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
struct talitos_crypto_alg *t_alg, *n;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
list_for_each_entry_safe(t_alg, n, &priv->alg_list, entry) {
|
2010-05-19 17:19:33 +08:00
|
|
|
switch (t_alg->algt.type) {
|
2019-11-10 01:09:49 +08:00
|
|
|
case CRYPTO_ALG_TYPE_SKCIPHER:
|
|
|
|
crypto_unregister_skcipher(&t_alg->algt.alg.skcipher);
|
2010-05-19 17:19:33 +08:00
|
|
|
break;
|
2015-07-30 17:53:22 +08:00
|
|
|
case CRYPTO_ALG_TYPE_AEAD:
|
|
|
|
crypto_unregister_aead(&t_alg->algt.alg.aead);
|
2019-09-09 13:29:52 +08:00
|
|
|
break;
|
2010-05-19 17:19:33 +08:00
|
|
|
case CRYPTO_ALG_TYPE_AHASH:
|
|
|
|
crypto_unregister_ahash(&t_alg->algt.alg.hash);
|
|
|
|
break;
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
list_del(&t_alg->entry);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hw_supports(dev, DESC_HDR_SEL0_RNG))
|
|
|
|
talitos_unregister_rng(dev);
|
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
for (i = 0; i < 2; i++)
|
2011-12-13 04:59:11 +08:00
|
|
|
if (priv->irq[i]) {
|
2011-11-21 16:13:27 +08:00
|
|
|
free_irq(priv->irq[i], dev);
|
|
|
|
irq_dispose_mapping(priv->irq[i]);
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
tasklet_kill(&priv->done_task[0]);
|
2011-12-13 04:59:11 +08:00
|
|
|
if (priv->irq[1])
|
2011-11-21 16:13:27 +08:00
|
|
|
tasklet_kill(&priv->done_task[1]);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev,
|
|
|
|
struct talitos_alg_template
|
|
|
|
*template)
|
|
|
|
{
|
2010-05-19 17:21:53 +08:00
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_crypto_alg *t_alg;
|
|
|
|
struct crypto_alg *alg;
|
|
|
|
|
2017-10-06 21:04:49 +08:00
|
|
|
t_alg = devm_kzalloc(dev, sizeof(struct talitos_crypto_alg),
|
|
|
|
GFP_KERNEL);
|
2008-06-23 19:50:15 +08:00
|
|
|
if (!t_alg)
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
|
2010-05-19 17:19:33 +08:00
|
|
|
t_alg->algt = *template;
|
|
|
|
|
|
|
|
switch (t_alg->algt.type) {
|
2019-11-10 01:09:49 +08:00
|
|
|
case CRYPTO_ALG_TYPE_SKCIPHER:
|
|
|
|
alg = &t_alg->algt.alg.skcipher.base;
|
2017-10-06 21:05:02 +08:00
|
|
|
alg->cra_exit = talitos_cra_exit;
|
2019-11-10 01:09:49 +08:00
|
|
|
t_alg->algt.alg.skcipher.init = talitos_cra_init_skcipher;
|
|
|
|
t_alg->algt.alg.skcipher.setkey =
|
|
|
|
t_alg->algt.alg.skcipher.setkey ?: skcipher_setkey;
|
|
|
|
t_alg->algt.alg.skcipher.encrypt = skcipher_encrypt;
|
|
|
|
t_alg->algt.alg.skcipher.decrypt = skcipher_decrypt;
|
2021-01-21 02:57:25 +08:00
|
|
|
if (!strcmp(alg->cra_name, "ctr(aes)") && !has_ftr_sec1(priv) &&
|
|
|
|
DESC_TYPE(t_alg->algt.desc_hdr_template) !=
|
|
|
|
DESC_TYPE(DESC_HDR_TYPE_AESU_CTR_NONSNOOP)) {
|
|
|
|
devm_kfree(dev, t_alg);
|
|
|
|
return ERR_PTR(-ENOTSUPP);
|
|
|
|
}
|
2010-05-19 17:20:36 +08:00
|
|
|
break;
|
2010-05-19 17:19:33 +08:00
|
|
|
case CRYPTO_ALG_TYPE_AEAD:
|
2015-07-30 17:53:22 +08:00
|
|
|
alg = &t_alg->algt.alg.aead.base;
|
2017-10-06 21:05:02 +08:00
|
|
|
alg->cra_exit = talitos_cra_exit;
|
2015-07-30 17:53:22 +08:00
|
|
|
t_alg->algt.alg.aead.init = talitos_cra_init_aead;
|
2019-04-11 16:51:21 +08:00
|
|
|
t_alg->algt.alg.aead.setkey = t_alg->algt.alg.aead.setkey ?:
|
|
|
|
aead_setkey;
|
2015-07-30 17:53:22 +08:00
|
|
|
t_alg->algt.alg.aead.encrypt = aead_encrypt;
|
|
|
|
t_alg->algt.alg.aead.decrypt = aead_decrypt;
|
2017-10-06 21:04:39 +08:00
|
|
|
if (!(priv->features & TALITOS_FTR_SHA224_HWINIT) &&
|
|
|
|
!strncmp(alg->cra_name, "authenc(hmac(sha224)", 20)) {
|
2017-10-06 21:04:49 +08:00
|
|
|
devm_kfree(dev, t_alg);
|
2017-10-06 21:04:39 +08:00
|
|
|
return ERR_PTR(-ENOTSUPP);
|
|
|
|
}
|
2010-05-19 17:19:33 +08:00
|
|
|
break;
|
|
|
|
case CRYPTO_ALG_TYPE_AHASH:
|
|
|
|
alg = &t_alg->algt.alg.hash.halg.base;
|
2010-05-19 17:20:36 +08:00
|
|
|
alg->cra_init = talitos_cra_init_ahash;
|
2018-02-27 00:40:04 +08:00
|
|
|
alg->cra_exit = talitos_cra_exit;
|
2012-08-09 09:33:34 +08:00
|
|
|
t_alg->algt.alg.hash.init = ahash_init;
|
|
|
|
t_alg->algt.alg.hash.update = ahash_update;
|
|
|
|
t_alg->algt.alg.hash.final = ahash_final;
|
|
|
|
t_alg->algt.alg.hash.finup = ahash_finup;
|
|
|
|
t_alg->algt.alg.hash.digest = ahash_digest;
|
crypto: talitos - Don't provide setkey for non hmac hashing algs.
Today, md5sum fails with error -ENOKEY because a setkey
function is set for non hmac hashing algs, see strace output below:
mmap(NULL, 378880, PROT_READ, MAP_SHARED, 6, 0) = 0x77f50000
accept(3, 0, NULL) = 7
vmsplice(5, [{"bin/\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 378880}], 1, SPLICE_F_MORE|SPLICE_F_GIFT) = 262144
splice(4, NULL, 7, NULL, 262144, SPLICE_F_MORE) = -1 ENOKEY (Required key not available)
write(2, "Generation of hash for file kcap"..., 50) = 50
munmap(0x77f50000, 378880) = 0
This patch ensures that setkey() function is set only
for hmac hashing.
Cc: <stable@vger.kernel.org>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-09-12 17:03:39 +08:00
|
|
|
if (!strncmp(alg->cra_name, "hmac", 4))
|
|
|
|
t_alg->algt.alg.hash.setkey = ahash_setkey;
|
2016-04-22 00:24:55 +08:00
|
|
|
t_alg->algt.alg.hash.import = ahash_import;
|
|
|
|
t_alg->algt.alg.hash.export = ahash_export;
|
2012-08-09 09:33:34 +08:00
|
|
|
|
2011-11-21 16:13:25 +08:00
|
|
|
if (!(priv->features & TALITOS_FTR_HMAC_OK) &&
|
2011-12-13 04:59:10 +08:00
|
|
|
!strncmp(alg->cra_name, "hmac", 4)) {
|
2017-10-06 21:04:49 +08:00
|
|
|
devm_kfree(dev, t_alg);
|
2011-11-21 16:13:25 +08:00
|
|
|
return ERR_PTR(-ENOTSUPP);
|
2011-12-13 04:59:10 +08:00
|
|
|
}
|
2010-05-19 17:21:53 +08:00
|
|
|
if (!(priv->features & TALITOS_FTR_SHA224_HWINIT) &&
|
2011-11-21 16:13:25 +08:00
|
|
|
(!strcmp(alg->cra_name, "sha224") ||
|
|
|
|
!strcmp(alg->cra_name, "hmac(sha224)"))) {
|
2010-05-19 17:21:53 +08:00
|
|
|
t_alg->algt.alg.hash.init = ahash_init_sha224_swinit;
|
|
|
|
t_alg->algt.desc_hdr_template =
|
|
|
|
DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
|
|
|
|
DESC_HDR_SEL0_MDEUA |
|
|
|
|
DESC_HDR_MODE0_MDEU_SHA256;
|
|
|
|
}
|
2010-05-19 17:20:36 +08:00
|
|
|
break;
|
2010-09-23 15:55:27 +08:00
|
|
|
default:
|
|
|
|
dev_err(dev, "unknown algorithm type %d\n", t_alg->algt.type);
|
2017-10-06 21:04:49 +08:00
|
|
|
devm_kfree(dev, t_alg);
|
2010-09-23 15:55:27 +08:00
|
|
|
return ERR_PTR(-EINVAL);
|
2010-05-19 17:19:33 +08:00
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
alg->cra_module = THIS_MODULE;
|
2016-06-06 19:20:44 +08:00
|
|
|
if (t_alg->algt.priority)
|
|
|
|
alg->cra_priority = t_alg->algt.priority;
|
|
|
|
else
|
|
|
|
alg->cra_priority = TALITOS_CRA_PRIORITY;
|
2019-05-21 21:34:18 +08:00
|
|
|
if (has_ftr_sec1(priv))
|
|
|
|
alg->cra_alignmask = 3;
|
|
|
|
else
|
|
|
|
alg->cra_alignmask = 0;
|
2008-06-23 19:50:15 +08:00
|
|
|
alg->cra_ctxsize = sizeof(struct talitos_ctx);
|
2011-11-01 20:39:56 +08:00
|
|
|
alg->cra_flags |= CRYPTO_ALG_KERN_DRIVER_ONLY;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
t_alg->dev = dev;
|
|
|
|
|
|
|
|
return t_alg;
|
|
|
|
}
|
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
static int talitos_probe_irq(struct platform_device *ofdev)
|
|
|
|
{
|
|
|
|
struct device *dev = &ofdev->dev;
|
|
|
|
struct device_node *np = ofdev->dev.of_node;
|
|
|
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
|
|
|
int err;
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
bool is_sec1 = has_ftr_sec1(priv);
|
2011-11-21 16:13:27 +08:00
|
|
|
|
|
|
|
priv->irq[0] = irq_of_parse_and_map(np, 0);
|
2011-12-13 04:59:11 +08:00
|
|
|
if (!priv->irq[0]) {
|
2011-11-21 16:13:27 +08:00
|
|
|
dev_err(dev, "failed to map irq\n");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
if (is_sec1) {
|
|
|
|
err = request_irq(priv->irq[0], talitos1_interrupt_4ch, 0,
|
|
|
|
dev_driver_string(dev), dev);
|
|
|
|
goto primary_out;
|
|
|
|
}
|
2011-11-21 16:13:27 +08:00
|
|
|
|
|
|
|
priv->irq[1] = irq_of_parse_and_map(np, 1);
|
|
|
|
|
|
|
|
/* get the primary irq line */
|
2011-12-13 04:59:11 +08:00
|
|
|
if (!priv->irq[1]) {
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
err = request_irq(priv->irq[0], talitos2_interrupt_4ch, 0,
|
2011-11-21 16:13:27 +08:00
|
|
|
dev_driver_string(dev), dev);
|
|
|
|
goto primary_out;
|
|
|
|
}
|
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
err = request_irq(priv->irq[0], talitos2_interrupt_ch0_2, 0,
|
2011-11-21 16:13:27 +08:00
|
|
|
dev_driver_string(dev), dev);
|
|
|
|
if (err)
|
|
|
|
goto primary_out;
|
|
|
|
|
|
|
|
/* get the secondary irq line */
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
err = request_irq(priv->irq[1], talitos2_interrupt_ch1_3, 0,
|
2011-11-21 16:13:27 +08:00
|
|
|
dev_driver_string(dev), dev);
|
|
|
|
if (err) {
|
|
|
|
dev_err(dev, "failed to request secondary irq\n");
|
|
|
|
irq_dispose_mapping(priv->irq[1]);
|
2011-12-13 04:59:11 +08:00
|
|
|
priv->irq[1] = 0;
|
2011-11-21 16:13:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
primary_out:
|
|
|
|
if (err) {
|
|
|
|
dev_err(dev, "failed to request primary irq\n");
|
|
|
|
irq_dispose_mapping(priv->irq[0]);
|
2011-12-13 04:59:11 +08:00
|
|
|
priv->irq[0] = 0;
|
2011-11-21 16:13:27 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2011-02-17 17:43:24 +08:00
|
|
|
static int talitos_probe(struct platform_device *ofdev)
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
struct device *dev = &ofdev->dev;
|
2010-04-14 07:12:29 +08:00
|
|
|
struct device_node *np = ofdev->dev.of_node;
|
2008-06-23 19:50:15 +08:00
|
|
|
struct talitos_private *priv;
|
|
|
|
int i, err;
|
2015-04-17 22:32:11 +08:00
|
|
|
int stride;
|
2017-10-06 21:04:53 +08:00
|
|
|
struct resource *res;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2017-10-06 21:04:49 +08:00
|
|
|
priv = devm_kzalloc(dev, sizeof(struct talitos_private), GFP_KERNEL);
|
2008-06-23 19:50:15 +08:00
|
|
|
if (!priv)
|
|
|
|
return -ENOMEM;
|
|
|
|
|
2014-01-28 20:17:23 +08:00
|
|
|
INIT_LIST_HEAD(&priv->alg_list);
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
dev_set_drvdata(dev, priv);
|
|
|
|
|
|
|
|
priv->ofdev = ofdev;
|
|
|
|
|
2012-03-30 22:49:53 +08:00
|
|
|
spin_lock_init(&priv->reg_lock);
|
|
|
|
|
2017-10-06 21:04:53 +08:00
|
|
|
res = platform_get_resource(ofdev, IORESOURCE_MEM, 0);
|
|
|
|
if (!res)
|
|
|
|
return -ENXIO;
|
|
|
|
priv->reg = devm_ioremap(dev, res->start, resource_size(res));
|
2008-06-23 19:50:15 +08:00
|
|
|
if (!priv->reg) {
|
|
|
|
dev_err(dev, "failed to of_iomap\n");
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* get SEC version capabilities from device tree */
|
2017-10-06 21:04:51 +08:00
|
|
|
of_property_read_u32(np, "fsl,num-channels", &priv->num_channels);
|
|
|
|
of_property_read_u32(np, "fsl,channel-fifo-len", &priv->chfifo_len);
|
|
|
|
of_property_read_u32(np, "fsl,exec-units-mask", &priv->exec_units);
|
|
|
|
of_property_read_u32(np, "fsl,descriptor-types-mask",
|
|
|
|
&priv->desc_types);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
if (!is_power_of_2(priv->num_channels) || !priv->chfifo_len ||
|
|
|
|
!priv->exec_units || !priv->desc_types) {
|
|
|
|
dev_err(dev, "invalid property data in device tree node\n");
|
|
|
|
err = -EINVAL;
|
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
2008-07-30 16:26:57 +08:00
|
|
|
if (of_device_is_compatible(np, "fsl,sec3.0"))
|
|
|
|
priv->features |= TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT;
|
|
|
|
|
2008-10-12 20:33:14 +08:00
|
|
|
if (of_device_is_compatible(np, "fsl,sec2.1"))
|
2010-05-19 17:21:53 +08:00
|
|
|
priv->features |= TALITOS_FTR_HW_AUTH_CHECK |
|
2011-11-21 16:13:25 +08:00
|
|
|
TALITOS_FTR_SHA224_HWINIT |
|
|
|
|
TALITOS_FTR_HMAC_OK;
|
2008-10-12 20:33:14 +08:00
|
|
|
|
2015-04-17 22:32:05 +08:00
|
|
|
if (of_device_is_compatible(np, "fsl,sec1.0"))
|
|
|
|
priv->features |= TALITOS_FTR_SEC1;
|
|
|
|
|
2015-04-17 22:32:11 +08:00
|
|
|
if (of_device_is_compatible(np, "fsl,sec1.2")) {
|
|
|
|
priv->reg_deu = priv->reg + TALITOS12_DEU;
|
|
|
|
priv->reg_aesu = priv->reg + TALITOS12_AESU;
|
|
|
|
priv->reg_mdeu = priv->reg + TALITOS12_MDEU;
|
|
|
|
stride = TALITOS1_CH_STRIDE;
|
|
|
|
} else if (of_device_is_compatible(np, "fsl,sec1.0")) {
|
|
|
|
priv->reg_deu = priv->reg + TALITOS10_DEU;
|
|
|
|
priv->reg_aesu = priv->reg + TALITOS10_AESU;
|
|
|
|
priv->reg_mdeu = priv->reg + TALITOS10_MDEU;
|
|
|
|
priv->reg_afeu = priv->reg + TALITOS10_AFEU;
|
|
|
|
priv->reg_rngu = priv->reg + TALITOS10_RNGU;
|
|
|
|
priv->reg_pkeu = priv->reg + TALITOS10_PKEU;
|
|
|
|
stride = TALITOS1_CH_STRIDE;
|
|
|
|
} else {
|
|
|
|
priv->reg_deu = priv->reg + TALITOS2_DEU;
|
|
|
|
priv->reg_aesu = priv->reg + TALITOS2_AESU;
|
|
|
|
priv->reg_mdeu = priv->reg + TALITOS2_MDEU;
|
|
|
|
priv->reg_afeu = priv->reg + TALITOS2_AFEU;
|
|
|
|
priv->reg_rngu = priv->reg + TALITOS2_RNGU;
|
|
|
|
priv->reg_pkeu = priv->reg + TALITOS2_PKEU;
|
|
|
|
priv->reg_keu = priv->reg + TALITOS2_KEU;
|
|
|
|
priv->reg_crcu = priv->reg + TALITOS2_CRCU;
|
|
|
|
stride = TALITOS2_CH_STRIDE;
|
|
|
|
}
|
|
|
|
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
err = talitos_probe_irq(ofdev);
|
|
|
|
if (err)
|
|
|
|
goto err_out;
|
|
|
|
|
2019-06-18 05:14:45 +08:00
|
|
|
if (has_ftr_sec1(priv)) {
|
2017-10-06 21:04:55 +08:00
|
|
|
if (priv->num_channels == 1)
|
|
|
|
tasklet_init(&priv->done_task[0], talitos1_done_ch0,
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
(unsigned long)dev);
|
2017-10-06 21:04:55 +08:00
|
|
|
else
|
|
|
|
tasklet_init(&priv->done_task[0], talitos1_done_4ch,
|
|
|
|
(unsigned long)dev);
|
|
|
|
} else {
|
|
|
|
if (priv->irq[1]) {
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
tasklet_init(&priv->done_task[0], talitos2_done_ch0_2,
|
|
|
|
(unsigned long)dev);
|
|
|
|
tasklet_init(&priv->done_task[1], talitos2_done_ch1_3,
|
|
|
|
(unsigned long)dev);
|
2017-10-06 21:04:55 +08:00
|
|
|
} else if (priv->num_channels == 1) {
|
|
|
|
tasklet_init(&priv->done_task[0], talitos2_done_ch0,
|
|
|
|
(unsigned long)dev);
|
|
|
|
} else {
|
|
|
|
tasklet_init(&priv->done_task[0], talitos2_done_4ch,
|
|
|
|
(unsigned long)dev);
|
crypto: talitos - adapt interrupts and reset functions to SEC1
This patch adapts the interrupts handling and reset function for
SEC1. On SEC1, registers are almost similar to SEC2+, but bits
are sometimes located at different places. So we need to define
TALITOS1 and TALITOS2 versions of some fields, and manage according
to whether it is SEC1 or SEC2.
On SEC1, only one interrupt vector is dedicated to the SEC, so only
interrupt_4ch is needed.
On SEC1, interrupts are enabled by clearing related bits in IMR,
while on SEC2, interrupts are enabled by seting the bits in IMR.
SEC1 also performs parity verification in the DES Unit. We have
to disable this feature because the test vectors provided in
the kernel have parity errors.
In reset functions, only SEC2 supports continuation after error.
For SEC1, we have to reset in all cases.
For errors handling, SEC2+ names have been kept, but displayed
text have been amended to reflect exact meaning on SEC1.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-17 22:32:13 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
treewide: devm_kzalloc() -> devm_kcalloc()
The devm_kzalloc() function has a 2-factor argument form, devm_kcalloc().
This patch replaces cases of:
devm_kzalloc(handle, a * b, gfp)
with:
devm_kcalloc(handle, a * b, gfp)
as well as handling cases of:
devm_kzalloc(handle, a * b * c, gfp)
with:
devm_kzalloc(handle, array3_size(a, b, c), gfp)
as it's slightly less ugly than:
devm_kcalloc(handle, array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
devm_kzalloc(handle, 4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.
Some manual whitespace fixes were needed in this patch, as Coccinelle
really liked to write "=devm_kcalloc..." instead of "= devm_kcalloc...".
The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
expression HANDLE;
type TYPE;
expression THING, E;
@@
(
devm_kzalloc(HANDLE,
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
devm_kzalloc(HANDLE,
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)
// Drop single-byte sizes and redundant parens.
@@
expression HANDLE;
expression COUNT;
typedef u8;
typedef __u8;
@@
(
devm_kzalloc(HANDLE,
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(char) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)
// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
expression HANDLE;
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@
(
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)
// 2-factor product, only identifiers.
@@
expression HANDLE;
identifier SIZE, COUNT;
@@
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- SIZE * COUNT
+ COUNT, SIZE
, ...)
// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression HANDLE;
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@
(
devm_kzalloc(HANDLE,
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)
// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression HANDLE;
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@
(
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)
// 3-factor product, only identifiers, with redundant parens removed.
@@
expression HANDLE;
identifier STRIDE, SIZE, COUNT;
@@
(
devm_kzalloc(HANDLE,
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)
// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression HANDLE;
expression E1, E2, E3;
constant C1, C2, C3;
@@
(
devm_kzalloc(HANDLE, C1 * C2 * C3, ...)
|
devm_kzalloc(HANDLE,
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)
// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression HANDLE;
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@
(
devm_kzalloc(HANDLE, sizeof(THING) * C2, ...)
|
devm_kzalloc(HANDLE, sizeof(TYPE) * C2, ...)
|
devm_kzalloc(HANDLE, C1 * C2 * C3, ...)
|
devm_kzalloc(HANDLE, C1 * C2, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- (E1) * E2
+ E1, E2
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- (E1) * (E2)
+ E1, E2
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- E1 * E2
+ E1, E2
, ...)
)
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-13 05:07:58 +08:00
|
|
|
priv->chan = devm_kcalloc(dev,
|
|
|
|
priv->num_channels,
|
|
|
|
sizeof(struct talitos_channel),
|
|
|
|
GFP_KERNEL);
|
2009-08-13 09:50:38 +08:00
|
|
|
if (!priv->chan) {
|
|
|
|
dev_err(dev, "failed to allocate channel management space\n");
|
2008-06-23 19:50:15 +08:00
|
|
|
err = -ENOMEM;
|
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
2015-03-03 21:21:33 +08:00
|
|
|
priv->fifo_len = roundup_pow_of_two(priv->chfifo_len);
|
|
|
|
|
2011-11-21 16:13:27 +08:00
|
|
|
for (i = 0; i < priv->num_channels; i++) {
|
2015-04-17 22:32:11 +08:00
|
|
|
priv->chan[i].reg = priv->reg + stride * (i + 1);
|
2011-12-13 04:59:11 +08:00
|
|
|
if (!priv->irq[1] || !(i & 1))
|
2011-11-21 16:13:27 +08:00
|
|
|
priv->chan[i].reg += TALITOS_CH_BASE_OFFSET;
|
2011-11-21 16:13:27 +08:00
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
spin_lock_init(&priv->chan[i].head_lock);
|
|
|
|
spin_lock_init(&priv->chan[i].tail_lock);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
treewide: devm_kzalloc() -> devm_kcalloc()
The devm_kzalloc() function has a 2-factor argument form, devm_kcalloc().
This patch replaces cases of:
devm_kzalloc(handle, a * b, gfp)
with:
devm_kcalloc(handle, a * b, gfp)
as well as handling cases of:
devm_kzalloc(handle, a * b * c, gfp)
with:
devm_kzalloc(handle, array3_size(a, b, c), gfp)
as it's slightly less ugly than:
devm_kcalloc(handle, array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
devm_kzalloc(handle, 4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.
Some manual whitespace fixes were needed in this patch, as Coccinelle
really liked to write "=devm_kcalloc..." instead of "= devm_kcalloc...".
The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
expression HANDLE;
type TYPE;
expression THING, E;
@@
(
devm_kzalloc(HANDLE,
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
devm_kzalloc(HANDLE,
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)
// Drop single-byte sizes and redundant parens.
@@
expression HANDLE;
expression COUNT;
typedef u8;
typedef __u8;
@@
(
devm_kzalloc(HANDLE,
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(char) * COUNT
+ COUNT
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)
// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
expression HANDLE;
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@
(
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)
// 2-factor product, only identifiers.
@@
expression HANDLE;
identifier SIZE, COUNT;
@@
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- SIZE * COUNT
+ COUNT, SIZE
, ...)
// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression HANDLE;
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@
(
devm_kzalloc(HANDLE,
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)
// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression HANDLE;
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@
(
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
devm_kzalloc(HANDLE,
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)
// 3-factor product, only identifiers, with redundant parens removed.
@@
expression HANDLE;
identifier STRIDE, SIZE, COUNT;
@@
(
devm_kzalloc(HANDLE,
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
devm_kzalloc(HANDLE,
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)
// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression HANDLE;
expression E1, E2, E3;
constant C1, C2, C3;
@@
(
devm_kzalloc(HANDLE, C1 * C2 * C3, ...)
|
devm_kzalloc(HANDLE,
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
devm_kzalloc(HANDLE,
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)
// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression HANDLE;
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@
(
devm_kzalloc(HANDLE, sizeof(THING) * C2, ...)
|
devm_kzalloc(HANDLE, sizeof(TYPE) * C2, ...)
|
devm_kzalloc(HANDLE, C1 * C2 * C3, ...)
|
devm_kzalloc(HANDLE, C1 * C2, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- (E1) * E2
+ E1, E2
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- (E1) * (E2)
+ E1, E2
, ...)
|
- devm_kzalloc
+ devm_kcalloc
(HANDLE,
- E1 * E2
+ E1, E2
, ...)
)
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-06-13 05:07:58 +08:00
|
|
|
priv->chan[i].fifo = devm_kcalloc(dev,
|
|
|
|
priv->fifo_len,
|
|
|
|
sizeof(struct talitos_request),
|
|
|
|
GFP_KERNEL);
|
2009-08-13 09:50:38 +08:00
|
|
|
if (!priv->chan[i].fifo) {
|
2008-06-23 19:50:15 +08:00
|
|
|
dev_err(dev, "failed to allocate request fifo %d\n", i);
|
|
|
|
err = -ENOMEM;
|
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
2009-08-13 09:50:38 +08:00
|
|
|
atomic_set(&priv->chan[i].submit_count,
|
|
|
|
-(priv->chfifo_len - 1));
|
2015-03-03 21:21:33 +08:00
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
|
2009-08-13 09:51:51 +08:00
|
|
|
dma_set_mask(dev, DMA_BIT_MASK(36));
|
|
|
|
|
2008-06-23 19:50:15 +08:00
|
|
|
/* reset and initialize the h/w */
|
|
|
|
err = init_device(dev);
|
|
|
|
if (err) {
|
|
|
|
dev_err(dev, "failed to initialize device\n");
|
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* register the RNG, if available */
|
|
|
|
if (hw_supports(dev, DESC_HDR_SEL0_RNG)) {
|
|
|
|
err = talitos_register_rng(dev);
|
|
|
|
if (err) {
|
|
|
|
dev_err(dev, "failed to register hwrng: %d\n", err);
|
|
|
|
goto err_out;
|
|
|
|
} else
|
|
|
|
dev_info(dev, "hwrng\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* register crypto algorithms the device supports */
|
|
|
|
for (i = 0; i < ARRAY_SIZE(driver_algs); i++) {
|
|
|
|
if (hw_supports(dev, driver_algs[i].desc_hdr_template)) {
|
|
|
|
struct talitos_crypto_alg *t_alg;
|
2015-07-30 17:53:22 +08:00
|
|
|
struct crypto_alg *alg = NULL;
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
t_alg = talitos_alg_alloc(dev, &driver_algs[i]);
|
|
|
|
if (IS_ERR(t_alg)) {
|
|
|
|
err = PTR_ERR(t_alg);
|
2011-12-13 04:59:10 +08:00
|
|
|
if (err == -ENOTSUPP)
|
2011-11-21 16:13:25 +08:00
|
|
|
continue;
|
2008-06-23 19:50:15 +08:00
|
|
|
goto err_out;
|
|
|
|
}
|
|
|
|
|
2010-05-19 17:19:33 +08:00
|
|
|
switch (t_alg->algt.type) {
|
2019-11-10 01:09:49 +08:00
|
|
|
case CRYPTO_ALG_TYPE_SKCIPHER:
|
|
|
|
err = crypto_register_skcipher(
|
|
|
|
&t_alg->algt.alg.skcipher);
|
|
|
|
alg = &t_alg->algt.alg.skcipher.base;
|
2010-05-19 17:19:33 +08:00
|
|
|
break;
|
2015-07-30 17:53:22 +08:00
|
|
|
|
|
|
|
case CRYPTO_ALG_TYPE_AEAD:
|
|
|
|
err = crypto_register_aead(
|
|
|
|
&t_alg->algt.alg.aead);
|
|
|
|
alg = &t_alg->algt.alg.aead.base;
|
|
|
|
break;
|
|
|
|
|
2010-05-19 17:19:33 +08:00
|
|
|
case CRYPTO_ALG_TYPE_AHASH:
|
|
|
|
err = crypto_register_ahash(
|
|
|
|
&t_alg->algt.alg.hash);
|
2015-07-30 17:53:22 +08:00
|
|
|
alg = &t_alg->algt.alg.hash.halg.base;
|
2010-05-19 17:19:33 +08:00
|
|
|
break;
|
|
|
|
}
|
2008-06-23 19:50:15 +08:00
|
|
|
if (err) {
|
|
|
|
dev_err(dev, "%s alg registration failed\n",
|
2015-07-30 17:53:22 +08:00
|
|
|
alg->cra_driver_name);
|
2017-10-06 21:04:49 +08:00
|
|
|
devm_kfree(dev, t_alg);
|
Revert "crypto: talitos - add IPsec ESN support"
This reverts commit e763eb699be723fb41af818118068c6b3afdaf8d.
Current IPsec ESN implementation for authencesn(cbc(aes), hmac(sha))
(separate encryption and integrity algorithms) does not conform
to RFC4303.
ICV is generated by hashing the sequence
SPI, SeqNum-High, SeqNum-Low, IV, Payload
instead of
SPI, SeqNum-Low, IV, Payload, SeqNum-High.
Cc: <stable@vger.kernel.org> # 3.8, 3.7
Reported-by: Chaoxing Lin <Chaoxing.Lin@ultra-3eti.com>
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-03-20 22:31:38 +08:00
|
|
|
} else
|
2008-06-23 19:50:15 +08:00
|
|
|
list_add_tail(&t_alg->entry, &priv->alg_list);
|
|
|
|
}
|
|
|
|
}
|
2011-11-21 16:13:26 +08:00
|
|
|
if (!list_empty(&priv->alg_list))
|
|
|
|
dev_info(dev, "%s algorithms registered in /proc/crypto\n",
|
|
|
|
(char *)of_get_property(np, "compatible", NULL));
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
err_out:
|
|
|
|
talitos_remove(ofdev);
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2010-01-17 18:54:01 +08:00
|
|
|
static const struct of_device_id talitos_match[] = {
|
2015-04-17 22:32:20 +08:00
|
|
|
#ifdef CONFIG_CRYPTO_DEV_TALITOS1
|
|
|
|
{
|
|
|
|
.compatible = "fsl,sec1.0",
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_CRYPTO_DEV_TALITOS2
|
2008-06-23 19:50:15 +08:00
|
|
|
{
|
|
|
|
.compatible = "fsl,sec2.0",
|
|
|
|
},
|
2015-04-17 22:32:20 +08:00
|
|
|
#endif
|
2008-06-23 19:50:15 +08:00
|
|
|
{},
|
|
|
|
};
|
|
|
|
MODULE_DEVICE_TABLE(of, talitos_match);
|
|
|
|
|
2011-02-17 17:43:24 +08:00
|
|
|
static struct platform_driver talitos_driver = {
|
2010-04-14 07:13:02 +08:00
|
|
|
.driver = {
|
|
|
|
.name = "talitos",
|
|
|
|
.of_match_table = talitos_match,
|
|
|
|
},
|
2008-06-23 19:50:15 +08:00
|
|
|
.probe = talitos_probe,
|
2008-11-23 01:34:24 +08:00
|
|
|
.remove = talitos_remove,
|
2008-06-23 19:50:15 +08:00
|
|
|
};
|
|
|
|
|
2011-11-26 21:26:19 +08:00
|
|
|
module_platform_driver(talitos_driver);
|
2008-06-23 19:50:15 +08:00
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_AUTHOR("Kim Phillips <kim.phillips@freescale.com>");
|
|
|
|
MODULE_DESCRIPTION("Freescale integrated security engine (SEC) driver");
|