Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/crypto/nx/nx-aes-gcm.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * AES GCM routines supporting the Power 7+ Nest Accelerators driver
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2012 International Business Machines Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Author: Kent Yoder <yoder1@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <crypto/internal/aead.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <crypto/aes.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <crypto/gcm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <crypto/scatterwalk.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <asm/vio.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include "nx_csbcpb.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include "nx.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) static int gcm_aes_nx_set_key(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 			      const u8           *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 			      unsigned int        key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	struct nx_crypto_ctx *nx_ctx = crypto_aead_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	nx_ctx_init(nx_ctx, HCOP_FC_AES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	switch (key_len) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	case AES_KEYSIZE_128:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 		NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 		NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_128);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_128];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	case AES_KEYSIZE_192:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 		NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_192);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 		NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_192);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_192];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	case AES_KEYSIZE_256:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 		NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 		NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 		nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_256];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	memcpy(csbcpb->cpb.aes_gcm.key, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_GCA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	memcpy(csbcpb_aead->cpb.aes_gca.key, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) static int gcm4106_aes_nx_set_key(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 				  const u8           *in_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 				  unsigned int        key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	struct nx_crypto_ctx *nx_ctx = crypto_aead_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	char *nonce = nx_ctx->priv.gcm.nonce;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	if (key_len < 4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	key_len -= 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	rc = gcm_aes_nx_set_key(tfm, in_key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	memcpy(nonce, in_key + key_len, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) static int gcm4106_aes_nx_setauthsize(struct crypto_aead *tfm,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 				      unsigned int authsize)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	switch (authsize) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	case 8:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	case 12:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	case 16:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) static int nx_gca(struct nx_crypto_ctx  *nx_ctx,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		  struct aead_request   *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		  u8                    *out,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 		  unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	struct scatter_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	struct nx_sg *nx_sg = nx_ctx->in_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	unsigned int nbytes = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	unsigned int max_sg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	if (nbytes <= AES_BLOCK_SIZE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		scatterwalk_start(&walk, req->src);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 		scatterwalk_copychunks(out, &walk, nbytes, SCATTERWALK_FROM_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 		scatterwalk_done(&walk, SCATTERWALK_FROM_SG, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	NX_CPB_FDM(csbcpb_aead) &= ~NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	/* page_limit: number of sg entries that fit on one page */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	max_sg_len = min_t(u64, nx_driver.of.max_sg_len/sizeof(struct nx_sg),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 			   nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	max_sg_len = min_t(u64, max_sg_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 			   nx_ctx->ap->databytelen/NX_PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 		/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		 * to_process: the data chunk to process in this update.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		 * This value is bound by sg list limits.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 		to_process = min_t(u64, nbytes - processed,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 				   nx_ctx->ap->databytelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		to_process = min_t(u64, to_process,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 				   NX_PAGE_SIZE * (max_sg_len - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 		nx_sg = nx_walk_and_build(nx_ctx->in_sg, max_sg_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 					  req->src, processed, &to_process);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 		if ((to_process + processed) < nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 			NX_CPB_FDM(csbcpb_aead) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 			NX_CPB_FDM(csbcpb_aead) &= ~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 		nx_ctx->op_aead.inlen = (nx_ctx->in_sg - nx_sg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 					* sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op_aead,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 				req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 			return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		memcpy(csbcpb_aead->cpb.aes_gca.in_pat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 				csbcpb_aead->cpb.aes_gca.out_pat,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 				AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		NX_CPB_FDM(csbcpb_aead) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 		atomic64_add(assoclen, &(nx_ctx->stats->aes_bytes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 		processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	} while (processed < nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	memcpy(out, csbcpb_aead->cpb.aes_gca.out_pat, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) static int gmac(struct aead_request *req, const u8 *iv, unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	struct nx_crypto_ctx *nx_ctx =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 		crypto_aead_ctx(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	struct nx_sg *nx_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 	unsigned int nbytes = assoclen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	unsigned int max_sg_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	/* Set GMAC mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GMAC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	NX_CPB_FDM(csbcpb) &= ~NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	/* page_limit: number of sg entries that fit on one page */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	max_sg_len = min_t(u64, nx_driver.of.max_sg_len/sizeof(struct nx_sg),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 			   nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 	max_sg_len = min_t(u64, max_sg_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 			   nx_ctx->ap->databytelen/NX_PAGE_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	/* Copy IV */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 	memcpy(csbcpb->cpb.aes_gcm.iv_or_cnt, iv, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 		/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 		 * to_process: the data chunk to process in this update.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 		 * This value is bound by sg list limits.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		to_process = min_t(u64, nbytes - processed,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 				   nx_ctx->ap->databytelen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 		to_process = min_t(u64, to_process,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 				   NX_PAGE_SIZE * (max_sg_len - 1));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 		nx_sg = nx_walk_and_build(nx_ctx->in_sg, max_sg_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 					  req->src, processed, &to_process);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		if ((to_process + processed) < nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 			NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 			NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 		nx_ctx->op.inlen = (nx_ctx->in_sg - nx_sg)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 					* sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 		csbcpb->cpb.aes_gcm.bit_length_data = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 		csbcpb->cpb.aes_gcm.bit_length_aad = 8 * nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 				req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 		memcpy(csbcpb->cpb.aes_gcm.in_pat_or_aad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 			csbcpb->cpb.aes_gcm.out_pat_or_mac, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		memcpy(csbcpb->cpb.aes_gcm.in_s0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 			csbcpb->cpb.aes_gcm.out_s0, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 		atomic64_add(assoclen, &(nx_ctx->stats->aes_bytes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 		processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	} while (processed < nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	/* Restore GCM mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) static int gcm_empty(struct aead_request *req, const u8 *iv, int enc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 	struct nx_crypto_ctx *nx_ctx =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 		crypto_aead_ctx(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	char out[AES_BLOCK_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	struct nx_sg *in_sg, *out_sg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	int len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 	/* For scenarios where the input message is zero length, AES CTR mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 	 * may be used. Set the source data to be a single block (16B) of all
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 	 * zeros, and set the input IV value to be the same as the GMAC IV
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 	 * value. - nx_wb 4.8.1.3 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 	/* Change to ECB mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_ECB;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	memcpy(csbcpb->cpb.aes_ecb.key, csbcpb->cpb.aes_gcm.key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 			sizeof(csbcpb->cpb.aes_ecb.key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 	if (enc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 		NX_CPB_FDM(csbcpb) |= NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 		NX_CPB_FDM(csbcpb) &= ~NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	len = AES_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	/* Encrypt the counter/IV */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	in_sg = nx_build_sg_list(nx_ctx->in_sg, (u8 *) iv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 				 &len, nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	if (len != AES_BLOCK_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	len = sizeof(out);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 	out_sg = nx_build_sg_list(nx_ctx->out_sg, (u8 *) out, &len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 				  nx_ctx->ap->sglen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 	if (len != sizeof(out))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	nx_ctx->op.inlen = (nx_ctx->in_sg - in_sg) * sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 	nx_ctx->op.outlen = (nx_ctx->out_sg - out_sg) * sizeof(struct nx_sg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 	rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 			   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 	atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 	/* Copy out the auth tag */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 	memcpy(csbcpb->cpb.aes_gcm.out_pat_or_mac, out,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 			crypto_aead_authsize(crypto_aead_reqtfm(req)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 	/* Restore XCBC mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 	csbcpb->cpb.hdr.mode = NX_MODE_AES_GCM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 	 * ECB key uses the same region that GCM AAD and counter, so it's safe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 	 * to just fill it with zeroes.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 	memset(csbcpb->cpb.aes_ecb.key, 0, sizeof(csbcpb->cpb.aes_ecb.key));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) static int gcm_aes_nx_crypt(struct aead_request *req, int enc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 			    unsigned int assoclen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 	struct nx_crypto_ctx *nx_ctx =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) 		crypto_aead_ctx(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 	struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 	unsigned int nbytes = req->cryptlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) 	unsigned int processed = 0, to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 	unsigned long irq_flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 	int rc = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) 	spin_lock_irqsave(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 	/* initialize the counter */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 	*(u32 *)&rctx->iv[NX_GCM_CTR_OFFSET] = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 	if (nbytes == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 		if (assoclen == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) 			rc = gcm_empty(req, rctx->iv, enc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 			rc = gmac(req, rctx->iv, assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) 			goto mac;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) 	/* Process associated data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 	csbcpb->cpb.aes_gcm.bit_length_aad = assoclen * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 	if (assoclen) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) 		rc = nx_gca(nx_ctx, req, csbcpb->cpb.aes_gcm.in_pat_or_aad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 			    assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 	/* Set flags for encryption */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) 	NX_CPB_FDM(csbcpb) &= ~NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 	if (enc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 		NX_CPB_FDM(csbcpb) |= NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) 		NX_CPB_FDM(csbcpb) &= ~NX_FDM_ENDE_ENCRYPT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 		nbytes -= crypto_aead_authsize(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 		to_process = nbytes - processed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 		csbcpb->cpb.aes_gcm.bit_length_data = nbytes * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) 		rc = nx_build_sg_lists(nx_ctx, rctx->iv, req->dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 				       req->src, &to_process,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 				       processed + req->assoclen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) 				       csbcpb->cpb.aes_gcm.iv_or_cnt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 		if ((to_process + processed) < nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) 			NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 		else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 			NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 		rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) 		if (rc)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 		memcpy(rctx->iv, csbcpb->cpb.aes_gcm.out_cnt, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) 		memcpy(csbcpb->cpb.aes_gcm.in_pat_or_aad,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 			csbcpb->cpb.aes_gcm.out_pat_or_mac, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 		memcpy(csbcpb->cpb.aes_gcm.in_s0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 			csbcpb->cpb.aes_gcm.out_s0, AES_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 		NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) 		atomic_inc(&(nx_ctx->stats->aes_ops));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 		atomic64_add(csbcpb->csb.processed_byte_count,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 			     &(nx_ctx->stats->aes_bytes));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 		processed += to_process;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 	} while (processed < nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) mac:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) 	if (enc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 		/* copy out the auth tag */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) 		scatterwalk_map_and_copy(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 			csbcpb->cpb.aes_gcm.out_pat_or_mac,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) 			req->dst, req->assoclen + nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) 			crypto_aead_authsize(crypto_aead_reqtfm(req)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 			SCATTERWALK_TO_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) 		u8 *itag = nx_ctx->priv.gcm.iauth_tag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) 		u8 *otag = csbcpb->cpb.aes_gcm.out_pat_or_mac;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) 		scatterwalk_map_and_copy(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) 			itag, req->src, req->assoclen + nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) 			crypto_aead_authsize(crypto_aead_reqtfm(req)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) 			SCATTERWALK_FROM_SG);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 		rc = crypto_memneq(itag, otag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) 			    crypto_aead_authsize(crypto_aead_reqtfm(req))) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 		     -EBADMSG : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 	spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 	return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) static int gcm_aes_nx_encrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) 	char *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 	memcpy(iv, req->iv, GCM_AES_IV_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) 	return gcm_aes_nx_crypt(req, 1, req->assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) static int gcm_aes_nx_decrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 	char *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 	memcpy(iv, req->iv, GCM_AES_IV_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 	return gcm_aes_nx_crypt(req, 0, req->assoclen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) static int gcm4106_aes_nx_encrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 	struct nx_crypto_ctx *nx_ctx =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) 		crypto_aead_ctx(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 	char *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) 	char *nonce = nx_ctx->priv.gcm.nonce;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) 	memcpy(iv, nonce, NX_GCM4106_NONCE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) 	memcpy(iv + NX_GCM4106_NONCE_LEN, req->iv, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) 	if (req->assoclen < 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) 	return gcm_aes_nx_crypt(req, 1, req->assoclen - 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) static int gcm4106_aes_nx_decrypt(struct aead_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) 	struct nx_crypto_ctx *nx_ctx =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) 		crypto_aead_ctx(crypto_aead_reqtfm(req));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) 	struct nx_gcm_rctx *rctx = aead_request_ctx(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) 	char *iv = rctx->iv;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) 	char *nonce = nx_ctx->priv.gcm.nonce;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) 	memcpy(iv, nonce, NX_GCM4106_NONCE_LEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 	memcpy(iv + NX_GCM4106_NONCE_LEN, req->iv, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 	if (req->assoclen < 8)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) 	return gcm_aes_nx_crypt(req, 0, req->assoclen - 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) struct aead_alg nx_gcm_aes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) 	.base = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) 		.cra_name        = "gcm(aes)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 		.cra_driver_name = "gcm-aes-nx",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) 		.cra_priority    = 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) 		.cra_blocksize   = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) 		.cra_ctxsize     = sizeof(struct nx_crypto_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) 		.cra_module      = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 	.init        = nx_crypto_ctx_aes_gcm_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) 	.exit        = nx_crypto_ctx_aead_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) 	.ivsize      = GCM_AES_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) 	.maxauthsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) 	.setkey      = gcm_aes_nx_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) 	.encrypt     = gcm_aes_nx_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) 	.decrypt     = gcm_aes_nx_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) struct aead_alg nx_gcm4106_aes_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) 	.base = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) 		.cra_name        = "rfc4106(gcm(aes))",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) 		.cra_driver_name = "rfc4106-gcm-aes-nx",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) 		.cra_priority    = 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) 		.cra_blocksize   = 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494) 		.cra_ctxsize     = sizeof(struct nx_crypto_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) 		.cra_module      = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) 	.init        = nx_crypto_ctx_aes_gcm_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) 	.exit        = nx_crypto_ctx_aead_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) 	.ivsize      = GCM_RFC4106_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) 	.maxauthsize = AES_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) 	.setkey      = gcm4106_aes_nx_set_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) 	.setauthsize = gcm4106_aes_nx_setauthsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) 	.encrypt     = gcm4106_aes_nx_encrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) 	.decrypt     = gcm4106_aes_nx_decrypt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) };
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.