Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/crypto/ccp/ccp-crypto-aes-cmac.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * AMD Cryptographic Coprocessor (CCP) AES CMAC crypto API support
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2013,2018 Advanced Micro Devices, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Author: Tom Lendacky <thomas.lendacky@amd.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/delay.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/scatterlist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <crypto/aes.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <crypto/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <crypto/internal/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <crypto/scatterwalk.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #include "ccp-crypto.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) static int ccp_aes_cmac_complete(struct crypto_async_request *async_req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 				 int ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 	struct ahash_request *req = ahash_request_cast(async_req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	unsigned int digest_size = crypto_ahash_digestsize(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 		goto e_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	if (rctx->hash_rem) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 		/* Save remaining data to buffer */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 		unsigned int offset = rctx->nbytes - rctx->hash_rem;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 		scatterwalk_map_and_copy(rctx->buf, rctx->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 					 offset, rctx->hash_rem, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 		rctx->buf_count = rctx->hash_rem;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 		rctx->buf_count = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	/* Update result area if supplied */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	if (req->result && rctx->final)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 		memcpy(req->result, rctx->iv, digest_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) e_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	sg_free_table(&rctx->data_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) static int ccp_do_cmac_update(struct ahash_request *req, unsigned int nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 			      unsigned int final)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	struct ccp_ctx *ctx = crypto_ahash_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	struct scatterlist *sg, *cmac_key_sg = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	unsigned int block_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	unsigned int need_pad, sg_count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	gfp_t gfp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	u64 len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	if (!ctx->u.aes.key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	if (nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 		rctx->null_msg = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	len = (u64)rctx->buf_count + (u64)nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	if (!final && (len <= block_size)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		scatterwalk_map_and_copy(rctx->buf + rctx->buf_count, req->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 					 0, nbytes, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 		rctx->buf_count += nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	rctx->src = req->src;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	rctx->nbytes = nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	rctx->final = final;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	rctx->hash_rem = final ? 0 : len & (block_size - 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	rctx->hash_cnt = len - rctx->hash_rem;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	if (!final && !rctx->hash_rem) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 		/* CCP can't do zero length final, so keep some data around */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		rctx->hash_cnt -= block_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		rctx->hash_rem = block_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	if (final && (rctx->null_msg || (len & (block_size - 1))))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		need_pad = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		need_pad = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 	sg_init_one(&rctx->iv_sg, rctx->iv, sizeof(rctx->iv));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	/* Build the data scatterlist table - allocate enough entries for all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	 * possible data pieces (buffer, input data, padding)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	sg_count = (nbytes) ? sg_nents(req->src) + 2 : 2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 		GFP_KERNEL : GFP_ATOMIC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	ret = sg_alloc_table(&rctx->data_sg, sg_count, gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	sg = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	if (rctx->buf_count) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		sg_init_one(&rctx->buf_sg, rctx->buf, rctx->buf_count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 		sg = ccp_crypto_sg_table_add(&rctx->data_sg, &rctx->buf_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		if (!sg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 			ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 			goto e_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	if (nbytes) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 		sg = ccp_crypto_sg_table_add(&rctx->data_sg, req->src);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 		if (!sg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 			ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 			goto e_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	if (need_pad) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		int pad_length = block_size - (len & (block_size - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		rctx->hash_cnt += pad_length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 		memset(rctx->pad, 0, sizeof(rctx->pad));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 		rctx->pad[0] = 0x80;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		sg_init_one(&rctx->pad_sg, rctx->pad, pad_length);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 		sg = ccp_crypto_sg_table_add(&rctx->data_sg, &rctx->pad_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 		if (!sg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 			ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 			goto e_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	if (sg) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		sg_mark_end(sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		sg = rctx->data_sg.sgl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	/* Initialize the K1/K2 scatterlist */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 	if (final)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		cmac_key_sg = (need_pad) ? &ctx->u.aes.k2_sg
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 					 : &ctx->u.aes.k1_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	memset(&rctx->cmd, 0, sizeof(rctx->cmd));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	INIT_LIST_HEAD(&rctx->cmd.entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 	rctx->cmd.engine = CCP_ENGINE_AES;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	rctx->cmd.u.aes.type = ctx->u.aes.type;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 	rctx->cmd.u.aes.mode = ctx->u.aes.mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	rctx->cmd.u.aes.action = CCP_AES_ACTION_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	rctx->cmd.u.aes.key = &ctx->u.aes.key_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	rctx->cmd.u.aes.key_len = ctx->u.aes.key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	rctx->cmd.u.aes.iv = &rctx->iv_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	rctx->cmd.u.aes.iv_len = AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	rctx->cmd.u.aes.src = sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	rctx->cmd.u.aes.src_len = rctx->hash_cnt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	rctx->cmd.u.aes.dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	rctx->cmd.u.aes.cmac_key = cmac_key_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	rctx->cmd.u.aes.cmac_key_len = ctx->u.aes.kn_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	rctx->cmd.u.aes.cmac_final = final;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) e_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	sg_free_table(&rctx->data_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) static int ccp_aes_cmac_init(struct ahash_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 	memset(rctx, 0, sizeof(*rctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	rctx->null_msg = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) static int ccp_aes_cmac_update(struct ahash_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 	return ccp_do_cmac_update(req, req->nbytes, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) static int ccp_aes_cmac_final(struct ahash_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	return ccp_do_cmac_update(req, 0, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) static int ccp_aes_cmac_finup(struct ahash_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	return ccp_do_cmac_update(req, req->nbytes, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) static int ccp_aes_cmac_digest(struct ahash_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	ret = ccp_aes_cmac_init(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	return ccp_aes_cmac_finup(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	struct ccp_aes_cmac_exp_ctx state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	/* Don't let anything leak to 'out' */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	memset(&state, 0, sizeof(state));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	state.null_msg = rctx->null_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 	memcpy(state.iv, rctx->iv, sizeof(state.iv));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	state.buf_count = rctx->buf_count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	memcpy(state.buf, rctx->buf, sizeof(state.buf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	/* 'out' may not be aligned so memcpy from local variable */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	memcpy(out, &state, sizeof(state));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 	struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	struct ccp_aes_cmac_exp_ctx state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	/* 'in' may not be aligned so memcpy to local variable */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	memcpy(&state, in, sizeof(state));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	memset(rctx, 0, sizeof(*rctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	rctx->null_msg = state.null_msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	rctx->buf_count = state.buf_count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 	memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 			       unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 	struct ccp_crypto_ahash_alg *alg =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 		ccp_crypto_ahash_alg(crypto_ahash_tfm(tfm));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 	u64 k0_hi, k0_lo, k1_hi, k1_lo, k2_hi, k2_lo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	u64 rb_hi = 0x00, rb_lo = 0x87;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 	struct crypto_aes_ctx aes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 	__be64 *gk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	switch (key_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	case AES_KEYSIZE_128:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		ctx->u.aes.type = CCP_AES_TYPE_128;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	case AES_KEYSIZE_192:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		ctx->u.aes.type = CCP_AES_TYPE_192;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	case AES_KEYSIZE_256:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 		ctx->u.aes.type = CCP_AES_TYPE_256;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 	ctx->u.aes.mode = alg->mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 	/* Set to zero until complete */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 	ctx->u.aes.key_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 	/* Set the key for the AES cipher used to generate the keys */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	ret = aes_expandkey(&aes, key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 	if (ret)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 	/* Encrypt a block of zeroes - use key area in context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 	memset(ctx->u.aes.key, 0, sizeof(ctx->u.aes.key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 	aes_encrypt(&aes, ctx->u.aes.key, ctx->u.aes.key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 	memzero_explicit(&aes, sizeof(aes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 	/* Generate K1 and K2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 	k0_hi = be64_to_cpu(*((__be64 *)ctx->u.aes.key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 	k0_lo = be64_to_cpu(*((__be64 *)ctx->u.aes.key + 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 	k1_hi = (k0_hi << 1) | (k0_lo >> 63);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 	k1_lo = k0_lo << 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 	if (ctx->u.aes.key[0] & 0x80) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 		k1_hi ^= rb_hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 		k1_lo ^= rb_lo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 	gk = (__be64 *)ctx->u.aes.k1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 	*gk = cpu_to_be64(k1_hi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 	gk++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 	*gk = cpu_to_be64(k1_lo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 	k2_hi = (k1_hi << 1) | (k1_lo >> 63);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 	k2_lo = k1_lo << 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 	if (ctx->u.aes.k1[0] & 0x80) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 		k2_hi ^= rb_hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 		k2_lo ^= rb_lo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 	gk = (__be64 *)ctx->u.aes.k2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 	*gk = cpu_to_be64(k2_hi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) 	gk++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 	*gk = cpu_to_be64(k2_lo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 	ctx->u.aes.kn_len = sizeof(ctx->u.aes.k1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 	sg_init_one(&ctx->u.aes.k1_sg, ctx->u.aes.k1, sizeof(ctx->u.aes.k1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 	sg_init_one(&ctx->u.aes.k2_sg, ctx->u.aes.k2, sizeof(ctx->u.aes.k2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 	/* Save the supplied key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 	memset(ctx->u.aes.key, 0, sizeof(ctx->u.aes.key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 	memcpy(ctx->u.aes.key, key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 	ctx->u.aes.key_len = key_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 	sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) static int ccp_aes_cmac_cra_init(struct crypto_tfm *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 	struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 	struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 	ctx->complete = ccp_aes_cmac_complete;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 	ctx->u.aes.key_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 	crypto_ahash_set_reqsize(ahash, sizeof(struct ccp_aes_cmac_req_ctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) int ccp_register_aes_cmac_algs(struct list_head *head)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 	struct ccp_crypto_ahash_alg *ccp_alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 	struct ahash_alg *alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 	struct hash_alg_common *halg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 	struct crypto_alg *base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 	ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 	if (!ccp_alg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 	INIT_LIST_HEAD(&ccp_alg->entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 	ccp_alg->mode = CCP_AES_MODE_CMAC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 	alg = &ccp_alg->alg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 	alg->init = ccp_aes_cmac_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 	alg->update = ccp_aes_cmac_update;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 	alg->final = ccp_aes_cmac_final;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 	alg->finup = ccp_aes_cmac_finup;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 	alg->digest = ccp_aes_cmac_digest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 	alg->export = ccp_aes_cmac_export;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 	alg->import = ccp_aes_cmac_import;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 	alg->setkey = ccp_aes_cmac_setkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 	halg = &alg->halg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 	halg->digestsize = AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 	halg->statesize = sizeof(struct ccp_aes_cmac_exp_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 	base = &halg->base;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 	snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 	snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "cmac-aes-ccp");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 	base->cra_flags = CRYPTO_ALG_ASYNC |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 			  CRYPTO_ALG_ALLOCATES_MEMORY |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 			  CRYPTO_ALG_KERN_DRIVER_ONLY |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 			  CRYPTO_ALG_NEED_FALLBACK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 	base->cra_blocksize = AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 	base->cra_ctxsize = sizeof(struct ccp_ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 	base->cra_priority = CCP_CRA_PRIORITY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 	base->cra_init = ccp_aes_cmac_cra_init;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 	base->cra_module = THIS_MODULE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 	ret = crypto_register_ahash(alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 	if (ret) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 		pr_err("%s ahash algorithm registration error (%d)\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 		       base->cra_name, ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 		kfree(ccp_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 		return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 	list_add(&ccp_alg->entry, head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.