Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/crypto/nx/nx-aes-ccm.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * AES CCM routines supporting the Power 7+ Nest Accelerators driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2012 International Business Machines Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Author: Kent Yoder <yoder1@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <crypto/internal/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <crypto/aes.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <crypto/scatterwalk.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/crypto.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <asm/vio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include "nx_csbcpb.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include "nx.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) static int ccm_aes_nx_set_key(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 			      const u8           *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 			      unsigned int        key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	nx_ctx_init(nx_ctx, HCOP_FC_AES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	switch (key_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	case AES_KEYSIZE_128:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 		NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 		NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_128];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_CCM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	memcpy(csbcpb->cpb.aes_ccm.key, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 	csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_CCA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	memcpy(csbcpb_aead->cpb.aes_cca.key, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) static int ccm4309_aes_nx_set_key(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 				  const u8           *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 				  unsigned int        key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	if (key_len < 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	key_len -= 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	memcpy(nx_ctx->priv.ccm.nonce, in_key + key_len, 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	return ccm_aes_nx_set_key(tfm, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) static int ccm_aes_nx_setauthsize(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 				  unsigned int authsize)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	switch (authsize) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	case 4:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	case 6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	case 8:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	case 10:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	case 12:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	case 14:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	case 16:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) static int ccm4309_aes_nx_setauthsize(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 				      unsigned int authsize)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	switch (authsize) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	case 8:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	case 12:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	case 16:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) /* taken from crypto/ccm.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) static int set_msg_len(u8 *block, unsigned int msglen, int csize)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	__be32 data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	memset(block, 0, csize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	block += csize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	if (csize >= 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 		csize = 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	else if (msglen > (unsigned int)(1 << (8 * csize)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 		return -EOVERFLOW;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	data = cpu_to_be32(msglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) /* taken from crypto/ccm.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) static inline int crypto_ccm_check_iv(const u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	/* 2 <= L <= 8, so 1 <= L' <= 7. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	if (1 > iv[0] || iv[0] > 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) /* based on code from crypto/ccm.c */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) static int generate_b0(u8 *iv, unsigned int assoclen, unsigned int authsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		       unsigned int cryptlen, u8 *b0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	unsigned int l, lp, m = authsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	memcpy(b0, iv, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 	lp = b0[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	l = lp + 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 	/* set m, bits 3-5 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	*b0 |= (8 * ((m - 2) / 2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	/* set adata, bit 6, if associated data is used */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	if (assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 		*b0 |= 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	rc = set_msg_len(b0 + 16 - l, cryptlen, l);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) static int generate_pat(u8                   *iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 			struct aead_request  *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 			struct nx_crypto_ctx *nx_ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 			unsigned int          authsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 			unsigned int          nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 			unsigned int	      assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 			u8                   *out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	struct nx_sg *nx_insg = nx_ctx->in_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	struct nx_sg *nx_outsg = nx_ctx->out_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	unsigned int iauth_len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	u8 tmp[16], *b1 = NULL, *b0 = NULL, *result = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	unsigned int max_sg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	/* zero the ctr value */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	memset(iv + 15 - iv[0], 0, iv[0] + 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	/* page 78 of nx_wb.pdf has,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	 * Note: RFC3610 allows the AAD data to be up to 2^64 -1 bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 	 * in length. If a full message is used, the AES CCA implementation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	 * restricts the maximum AAD length to 2^32 -1 bytes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	 * If partial messages are used, the implementation supports
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	 * 2^64 -1 bytes maximum AAD length.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	 *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	 * However, in the cryptoapi's aead_request structure,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 	 * assoclen is an unsigned int, thus it cannot hold a length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	 * value greater than 2^32 - 1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	 * Thus the AAD is further constrained by this and is never
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	 * greater than 2^32.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 	if (!assoclen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 		b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	} else if (assoclen <= 14) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		/* if associated data is 14 bytes or less, we do 1 GCM
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 		 * operation on 2 AES blocks, B0 (stored in the csbcpb) and B1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 		 * which is fed in through the source buffers here */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 		b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		b1 = nx_ctx->priv.ccm.iauth_tag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 		iauth_len = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	} else if (assoclen <= 65280) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		/* if associated data is less than (2^16 - 2^8), we construct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		 * B1 differently and feed in the associated data to a CCA
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		 * operation */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 		iauth_len = 14;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 		b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 		b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		iauth_len = 10;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	/* generate B0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	rc = generate_b0(iv, assoclen, authsize, nbytes, b0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	/* generate B1:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	 * add control info for associated data
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	 * RFC 3610 and NIST Special Publication 800-38C
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	if (b1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		memset(b1, 0, 16);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		if (assoclen <= 65280) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 			*(u16 *)b1 = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 			scatterwalk_map_and_copy(b1 + 2, req->src, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 					 iauth_len, SCATTERWALK_FROM_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 			*(u16 *)b1 = (u16)(0xfffe);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 			*(u32 *)&b1[2] = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 			scatterwalk_map_and_copy(b1 + 6, req->src, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 					 iauth_len, SCATTERWALK_FROM_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	/* now copy any remaining AAD to scatterlist and call nx... */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	if (!assoclen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	} else if (assoclen <= 14) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 		unsigned int len = 16;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 		nx_insg = nx_build_sg_list(nx_insg, b1, &len, nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 		if (len != 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 		nx_outsg = nx_build_sg_list(nx_outsg, tmp, &len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 					    nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 		if (len != 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 			return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 		/* inlen should be negative, indicating to phyp that its a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 		 * pointer to an sg list */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 		nx_ctx->op.inlen = (nx_ctx->in_sg - nx_insg) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 					sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		nx_ctx->op.outlen = (nx_ctx->out_sg - nx_outsg) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 					sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 		NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 		result = nx_ctx->csbcpb->cpb.aes_ccm.out_pat_or_mac;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 		atomic64_add(assoclen, &nx_ctx->stats->aes_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		processed += iauth_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 		/* page_limit: number of sg entries that fit on one page */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 		max_sg_len = min_t(u64, nx_ctx->ap->sglen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 				nx_driver.of.max_sg_len/sizeof(struct nx_sg));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 		max_sg_len = min_t(u64, max_sg_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 				nx_ctx->ap->databytelen/NX_PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 		do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 			to_process = min_t(u32, assoclen - processed,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 					   nx_ctx->ap->databytelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 			nx_insg = nx_walk_and_build(nx_ctx->in_sg,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 						    nx_ctx->ap->sglen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 						    req->src, processed,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 						    &to_process);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 			if ((to_process + processed) < assoclen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 				NX_CPB_FDM(nx_ctx->csbcpb_aead) |=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 					NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 			} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 				NX_CPB_FDM(nx_ctx->csbcpb_aead) &=
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 					~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 			nx_ctx->op_aead.inlen = (nx_ctx->in_sg - nx_insg) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 						sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 			result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 			rc = nx_hcall_sync(nx_ctx, &nx_ctx->op_aead,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 			if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 				return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 			memcpy(nx_ctx->csbcpb_aead->cpb.aes_cca.b0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 				nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 				AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 			NX_CPB_FDM(nx_ctx->csbcpb_aead) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 			atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 			atomic64_add(assoclen, &nx_ctx->stats->aes_bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 			processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) 		} while (processed < assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 		result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 	memcpy(out, result, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) static int ccm_nx_decrypt(struct aead_request   *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 			  u8                    *iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 			  unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 	unsigned int nbytes = req->cryptlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 	unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 	struct nx_ccm_priv *priv = &nx_ctx->priv.ccm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 	unsigned long irq_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 	unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 	int rc = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 	spin_lock_irqsave(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 	nbytes -= authsize;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 	/* copy out the auth tag to compare with later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 	scatterwalk_map_and_copy(priv->oauth_tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 				 req->src, nbytes + req->assoclen, authsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 				 SCATTERWALK_FROM_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 	rc = generate_pat(iv, req, nx_ctx, authsize, nbytes, assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 			  csbcpb->cpb.aes_ccm.in_pat_or_b0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 		/* to_process: the AES_BLOCK_SIZE data chunk to process in this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 		 * update. This value is bound by sg list limits.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 		to_process = nbytes - processed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 		if ((to_process + processed) < nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 			NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 			NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 		NX_CPB_FDM(nx_ctx->csbcpb) &= ~NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 		rc = nx_build_sg_lists(nx_ctx, iv, req->dst, req->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 				       &to_process, processed + req->assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 				       csbcpb->cpb.aes_ccm.iv_or_ctr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 			   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 		/* for partial completion, copy following for next
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 		 * entry into loop...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 		memcpy(iv, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 		memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 			csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 		memcpy(csbcpb->cpb.aes_ccm.in_s0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 			csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 		NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 		/* update stats */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 		atomic64_add(csbcpb->csb.processed_byte_count,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 			     &(nx_ctx->stats->aes_bytes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 		processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 	} while (processed < nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 	rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 		    authsize) ? -EBADMSG : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 	spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) static int ccm_nx_encrypt(struct aead_request   *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) 			  u8                    *iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 			  unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 	unsigned int nbytes = req->cryptlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) 	unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 	unsigned long irq_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 	unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 	int rc = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 	spin_lock_irqsave(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 	rc = generate_pat(iv, req, nx_ctx, authsize, nbytes, assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 			  csbcpb->cpb.aes_ccm.in_pat_or_b0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) 		/* to process: the AES_BLOCK_SIZE data chunk to process in this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 		 * update. This value is bound by sg list limits.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) 		to_process = nbytes - processed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) 		if ((to_process + processed) < nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 			NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 			NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) 		NX_CPB_FDM(csbcpb) |= NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 		rc = nx_build_sg_lists(nx_ctx, iv, req->dst, req->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 				       &to_process, processed + req->assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 				       csbcpb->cpb.aes_ccm.iv_or_ctr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) 		/* for partial completion, copy following for next
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) 		 * entry into loop...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 		memcpy(iv, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) 		memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) 			csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) 		memcpy(csbcpb->cpb.aes_ccm.in_s0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) 			csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) 		NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) 		/* update stats */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) 		atomic64_add(csbcpb->csb.processed_byte_count,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 			     &(nx_ctx->stats->aes_bytes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 		processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) 	} while (processed < nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) 	/* copy out the auth tag */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 	scatterwalk_map_and_copy(csbcpb->cpb.aes_ccm.out_pat_or_mac,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 				 req->dst, nbytes + req->assoclen, authsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 				 SCATTERWALK_TO_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 	spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) static int ccm4309_aes_nx_encrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 	u8 *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) 	iv[0] = 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) 	memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) 	memcpy(iv + 4, req->iv, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 	return ccm_nx_encrypt(req, iv, req->assoclen - 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) static int ccm_aes_nx_encrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 	rc = crypto_ccm_check_iv(req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	return ccm_nx_encrypt(req, req->iv, req->assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) static int ccm4309_aes_nx_decrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) 	struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) 	u8 *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) 	iv[0] = 3;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) 	memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) 	memcpy(iv + 4, req->iv, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) 	return ccm_nx_decrypt(req, iv, req->assoclen - 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) static int ccm_aes_nx_decrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) 	rc = crypto_ccm_check_iv(req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) 		return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) 	return ccm_nx_decrypt(req, req->iv, req->assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528) struct aead_alg nx_ccm_aes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) 	.base = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) 		.cra_name        = "ccm(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) 		.cra_driver_name = "ccm-aes-nx",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) 		.cra_priority    = 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) 		.cra_flags       = CRYPTO_ALG_NEED_FALLBACK,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) 		.cra_blocksize   = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) 		.cra_ctxsize     = sizeof(struct nx_crypto_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) 		.cra_module      = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) 	.init        = nx_crypto_ctx_aes_ccm_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) 	.exit        = nx_crypto_ctx_aead_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) 	.ivsize      = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) 	.maxauthsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) 	.setkey      = ccm_aes_nx_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) 	.setauthsize = ccm_aes_nx_setauthsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) 	.encrypt     = ccm_aes_nx_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) 	.decrypt     = ccm_aes_nx_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) struct aead_alg nx_ccm4309_aes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) 	.base = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) 		.cra_name        = "rfc4309(ccm(aes))",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) 		.cra_driver_name = "rfc4309-ccm-aes-nx",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) 		.cra_priority    = 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) 		.cra_flags       = CRYPTO_ALG_NEED_FALLBACK,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) 		.cra_blocksize   = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) 		.cra_ctxsize     = sizeof(struct nx_crypto_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) 		.cra_module      = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) 	.init        = nx_crypto_ctx_aes_ccm_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) 	.exit        = nx_crypto_ctx_aead_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) 	.ivsize      = 8,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) 	.maxauthsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) 	.setkey      = ccm4309_aes_nx_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) 	.setauthsize = ccm4309_aes_nx_setauthsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) 	.encrypt     = ccm4309_aes_nx_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) 	.decrypt     = ccm4309_aes_nx_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) };
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.