162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * AMD Cryptographic Coprocessor (CCP) AES GCM crypto API support 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2016,2017 Advanced Micro Devices, Inc. 662306a36Sopenharmony_ci * 762306a36Sopenharmony_ci * Author: Gary R Hook <gary.hook@amd.com> 862306a36Sopenharmony_ci */ 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#include <linux/module.h> 1162306a36Sopenharmony_ci#include <linux/sched.h> 1262306a36Sopenharmony_ci#include <linux/delay.h> 1362306a36Sopenharmony_ci#include <linux/scatterlist.h> 1462306a36Sopenharmony_ci#include <linux/crypto.h> 1562306a36Sopenharmony_ci#include <crypto/internal/aead.h> 1662306a36Sopenharmony_ci#include <crypto/algapi.h> 1762306a36Sopenharmony_ci#include <crypto/aes.h> 1862306a36Sopenharmony_ci#include <crypto/ctr.h> 1962306a36Sopenharmony_ci#include <crypto/gcm.h> 2062306a36Sopenharmony_ci#include <crypto/scatterwalk.h> 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#include "ccp-crypto.h" 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_cistatic int ccp_aes_gcm_complete(struct crypto_async_request *async_req, int ret) 2562306a36Sopenharmony_ci{ 2662306a36Sopenharmony_ci return ret; 2762306a36Sopenharmony_ci} 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_cistatic int ccp_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key, 3062306a36Sopenharmony_ci unsigned int key_len) 3162306a36Sopenharmony_ci{ 3262306a36Sopenharmony_ci struct ccp_ctx *ctx = crypto_aead_ctx_dma(tfm); 3362306a36Sopenharmony_ci 3462306a36Sopenharmony_ci switch (key_len) { 3562306a36Sopenharmony_ci case AES_KEYSIZE_128: 3662306a36Sopenharmony_ci ctx->u.aes.type = CCP_AES_TYPE_128; 3762306a36Sopenharmony_ci break; 3862306a36Sopenharmony_ci case AES_KEYSIZE_192: 3962306a36Sopenharmony_ci ctx->u.aes.type = CCP_AES_TYPE_192; 4062306a36Sopenharmony_ci break; 4162306a36Sopenharmony_ci case AES_KEYSIZE_256: 4262306a36Sopenharmony_ci ctx->u.aes.type = CCP_AES_TYPE_256; 4362306a36Sopenharmony_ci break; 4462306a36Sopenharmony_ci default: 4562306a36Sopenharmony_ci return -EINVAL; 4662306a36Sopenharmony_ci } 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ci ctx->u.aes.mode = CCP_AES_MODE_GCM; 4962306a36Sopenharmony_ci ctx->u.aes.key_len = key_len; 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci memcpy(ctx->u.aes.key, key, key_len); 5262306a36Sopenharmony_ci sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len); 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci return 0; 5562306a36Sopenharmony_ci} 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_cistatic int ccp_aes_gcm_setauthsize(struct crypto_aead *tfm, 5862306a36Sopenharmony_ci unsigned int authsize) 5962306a36Sopenharmony_ci{ 6062306a36Sopenharmony_ci switch (authsize) { 6162306a36Sopenharmony_ci case 16: 6262306a36Sopenharmony_ci case 15: 6362306a36Sopenharmony_ci case 14: 6462306a36Sopenharmony_ci case 13: 6562306a36Sopenharmony_ci case 12: 6662306a36Sopenharmony_ci case 8: 6762306a36Sopenharmony_ci case 4: 6862306a36Sopenharmony_ci break; 6962306a36Sopenharmony_ci default: 7062306a36Sopenharmony_ci return -EINVAL; 7162306a36Sopenharmony_ci } 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci return 0; 7462306a36Sopenharmony_ci} 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_cistatic int ccp_aes_gcm_crypt(struct aead_request *req, bool encrypt) 7762306a36Sopenharmony_ci{ 7862306a36Sopenharmony_ci struct crypto_aead *tfm = crypto_aead_reqtfm(req); 7962306a36Sopenharmony_ci struct ccp_ctx *ctx = crypto_aead_ctx_dma(tfm); 8062306a36Sopenharmony_ci struct ccp_aes_req_ctx *rctx = aead_request_ctx_dma(req); 8162306a36Sopenharmony_ci struct scatterlist *iv_sg = NULL; 8262306a36Sopenharmony_ci unsigned int iv_len = 0; 8362306a36Sopenharmony_ci int i; 8462306a36Sopenharmony_ci int ret = 0; 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci if (!ctx->u.aes.key_len) 8762306a36Sopenharmony_ci return -EINVAL; 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci if (ctx->u.aes.mode != CCP_AES_MODE_GCM) 9062306a36Sopenharmony_ci return -EINVAL; 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci if (!req->iv) 9362306a36Sopenharmony_ci return -EINVAL; 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci /* 9662306a36Sopenharmony_ci * 5 parts: 9762306a36Sopenharmony_ci * plaintext/ciphertext input 9862306a36Sopenharmony_ci * AAD 9962306a36Sopenharmony_ci * key 10062306a36Sopenharmony_ci * IV 10162306a36Sopenharmony_ci * Destination+tag buffer 10262306a36Sopenharmony_ci */ 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci /* Prepare the IV: 12 bytes + an integer (counter) */ 10562306a36Sopenharmony_ci memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE); 10662306a36Sopenharmony_ci for (i = 0; i < 3; i++) 10762306a36Sopenharmony_ci rctx->iv[i + GCM_AES_IV_SIZE] = 0; 10862306a36Sopenharmony_ci rctx->iv[AES_BLOCK_SIZE - 1] = 1; 10962306a36Sopenharmony_ci 11062306a36Sopenharmony_ci /* Set up a scatterlist for the IV */ 11162306a36Sopenharmony_ci iv_sg = &rctx->iv_sg; 11262306a36Sopenharmony_ci iv_len = AES_BLOCK_SIZE; 11362306a36Sopenharmony_ci sg_init_one(iv_sg, rctx->iv, iv_len); 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci /* The AAD + plaintext are concatenated in the src buffer */ 11662306a36Sopenharmony_ci memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 11762306a36Sopenharmony_ci INIT_LIST_HEAD(&rctx->cmd.entry); 11862306a36Sopenharmony_ci rctx->cmd.engine = CCP_ENGINE_AES; 11962306a36Sopenharmony_ci rctx->cmd.u.aes.authsize = crypto_aead_authsize(tfm); 12062306a36Sopenharmony_ci rctx->cmd.u.aes.type = ctx->u.aes.type; 12162306a36Sopenharmony_ci rctx->cmd.u.aes.mode = ctx->u.aes.mode; 12262306a36Sopenharmony_ci rctx->cmd.u.aes.action = encrypt; 12362306a36Sopenharmony_ci rctx->cmd.u.aes.key = &ctx->u.aes.key_sg; 12462306a36Sopenharmony_ci rctx->cmd.u.aes.key_len = ctx->u.aes.key_len; 12562306a36Sopenharmony_ci rctx->cmd.u.aes.iv = iv_sg; 12662306a36Sopenharmony_ci rctx->cmd.u.aes.iv_len = iv_len; 12762306a36Sopenharmony_ci rctx->cmd.u.aes.src = req->src; 12862306a36Sopenharmony_ci rctx->cmd.u.aes.src_len = req->cryptlen; 12962306a36Sopenharmony_ci rctx->cmd.u.aes.aad_len = req->assoclen; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci /* The cipher text + the tag are in the dst buffer */ 13262306a36Sopenharmony_ci rctx->cmd.u.aes.dst = req->dst; 13362306a36Sopenharmony_ci 13462306a36Sopenharmony_ci ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd); 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_ci return ret; 13762306a36Sopenharmony_ci} 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_cistatic int ccp_aes_gcm_encrypt(struct aead_request *req) 14062306a36Sopenharmony_ci{ 14162306a36Sopenharmony_ci return ccp_aes_gcm_crypt(req, CCP_AES_ACTION_ENCRYPT); 14262306a36Sopenharmony_ci} 14362306a36Sopenharmony_ci 14462306a36Sopenharmony_cistatic int ccp_aes_gcm_decrypt(struct aead_request *req) 14562306a36Sopenharmony_ci{ 14662306a36Sopenharmony_ci return ccp_aes_gcm_crypt(req, CCP_AES_ACTION_DECRYPT); 14762306a36Sopenharmony_ci} 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_cistatic int ccp_aes_gcm_cra_init(struct crypto_aead *tfm) 15062306a36Sopenharmony_ci{ 15162306a36Sopenharmony_ci struct ccp_ctx *ctx = crypto_aead_ctx_dma(tfm); 15262306a36Sopenharmony_ci 15362306a36Sopenharmony_ci ctx->complete = ccp_aes_gcm_complete; 15462306a36Sopenharmony_ci ctx->u.aes.key_len = 0; 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci crypto_aead_set_reqsize_dma(tfm, sizeof(struct ccp_aes_req_ctx)); 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_ci return 0; 15962306a36Sopenharmony_ci} 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_cistatic void ccp_aes_gcm_cra_exit(struct crypto_tfm *tfm) 16262306a36Sopenharmony_ci{ 16362306a36Sopenharmony_ci} 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_cistatic struct aead_alg ccp_aes_gcm_defaults = { 16662306a36Sopenharmony_ci .setkey = ccp_aes_gcm_setkey, 16762306a36Sopenharmony_ci .setauthsize = ccp_aes_gcm_setauthsize, 16862306a36Sopenharmony_ci .encrypt = ccp_aes_gcm_encrypt, 16962306a36Sopenharmony_ci .decrypt = ccp_aes_gcm_decrypt, 17062306a36Sopenharmony_ci .init = ccp_aes_gcm_cra_init, 17162306a36Sopenharmony_ci .ivsize = GCM_AES_IV_SIZE, 17262306a36Sopenharmony_ci .maxauthsize = AES_BLOCK_SIZE, 17362306a36Sopenharmony_ci .base = { 17462306a36Sopenharmony_ci .cra_flags = CRYPTO_ALG_ASYNC | 17562306a36Sopenharmony_ci CRYPTO_ALG_ALLOCATES_MEMORY | 17662306a36Sopenharmony_ci CRYPTO_ALG_KERN_DRIVER_ONLY | 17762306a36Sopenharmony_ci CRYPTO_ALG_NEED_FALLBACK, 17862306a36Sopenharmony_ci .cra_blocksize = AES_BLOCK_SIZE, 17962306a36Sopenharmony_ci .cra_ctxsize = sizeof(struct ccp_ctx) + CRYPTO_DMA_PADDING, 18062306a36Sopenharmony_ci .cra_priority = CCP_CRA_PRIORITY, 18162306a36Sopenharmony_ci .cra_exit = ccp_aes_gcm_cra_exit, 18262306a36Sopenharmony_ci .cra_module = THIS_MODULE, 18362306a36Sopenharmony_ci }, 18462306a36Sopenharmony_ci}; 18562306a36Sopenharmony_ci 18662306a36Sopenharmony_cistruct ccp_aes_aead_def { 18762306a36Sopenharmony_ci enum ccp_aes_mode mode; 18862306a36Sopenharmony_ci unsigned int version; 18962306a36Sopenharmony_ci const char *name; 19062306a36Sopenharmony_ci const char *driver_name; 19162306a36Sopenharmony_ci unsigned int blocksize; 19262306a36Sopenharmony_ci unsigned int ivsize; 19362306a36Sopenharmony_ci struct aead_alg *alg_defaults; 19462306a36Sopenharmony_ci}; 19562306a36Sopenharmony_ci 19662306a36Sopenharmony_cistatic struct ccp_aes_aead_def aes_aead_algs[] = { 19762306a36Sopenharmony_ci { 19862306a36Sopenharmony_ci .mode = CCP_AES_MODE_GHASH, 19962306a36Sopenharmony_ci .version = CCP_VERSION(5, 0), 20062306a36Sopenharmony_ci .name = "gcm(aes)", 20162306a36Sopenharmony_ci .driver_name = "gcm-aes-ccp", 20262306a36Sopenharmony_ci .blocksize = 1, 20362306a36Sopenharmony_ci .ivsize = AES_BLOCK_SIZE, 20462306a36Sopenharmony_ci .alg_defaults = &ccp_aes_gcm_defaults, 20562306a36Sopenharmony_ci }, 20662306a36Sopenharmony_ci}; 20762306a36Sopenharmony_ci 20862306a36Sopenharmony_cistatic int ccp_register_aes_aead(struct list_head *head, 20962306a36Sopenharmony_ci const struct ccp_aes_aead_def *def) 21062306a36Sopenharmony_ci{ 21162306a36Sopenharmony_ci struct ccp_crypto_aead *ccp_aead; 21262306a36Sopenharmony_ci struct aead_alg *alg; 21362306a36Sopenharmony_ci int ret; 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci ccp_aead = kzalloc(sizeof(*ccp_aead), GFP_KERNEL); 21662306a36Sopenharmony_ci if (!ccp_aead) 21762306a36Sopenharmony_ci return -ENOMEM; 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_ci INIT_LIST_HEAD(&ccp_aead->entry); 22062306a36Sopenharmony_ci 22162306a36Sopenharmony_ci ccp_aead->mode = def->mode; 22262306a36Sopenharmony_ci 22362306a36Sopenharmony_ci /* Copy the defaults and override as necessary */ 22462306a36Sopenharmony_ci alg = &ccp_aead->alg; 22562306a36Sopenharmony_ci *alg = *def->alg_defaults; 22662306a36Sopenharmony_ci snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name); 22762306a36Sopenharmony_ci snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s", 22862306a36Sopenharmony_ci def->driver_name); 22962306a36Sopenharmony_ci alg->base.cra_blocksize = def->blocksize; 23062306a36Sopenharmony_ci 23162306a36Sopenharmony_ci ret = crypto_register_aead(alg); 23262306a36Sopenharmony_ci if (ret) { 23362306a36Sopenharmony_ci pr_err("%s aead algorithm registration error (%d)\n", 23462306a36Sopenharmony_ci alg->base.cra_name, ret); 23562306a36Sopenharmony_ci kfree(ccp_aead); 23662306a36Sopenharmony_ci return ret; 23762306a36Sopenharmony_ci } 23862306a36Sopenharmony_ci 23962306a36Sopenharmony_ci list_add(&ccp_aead->entry, head); 24062306a36Sopenharmony_ci 24162306a36Sopenharmony_ci return 0; 24262306a36Sopenharmony_ci} 24362306a36Sopenharmony_ci 24462306a36Sopenharmony_ciint ccp_register_aes_aeads(struct list_head *head) 24562306a36Sopenharmony_ci{ 24662306a36Sopenharmony_ci int i, ret; 24762306a36Sopenharmony_ci unsigned int ccpversion = ccp_version(); 24862306a36Sopenharmony_ci 24962306a36Sopenharmony_ci for (i = 0; i < ARRAY_SIZE(aes_aead_algs); i++) { 25062306a36Sopenharmony_ci if (aes_aead_algs[i].version > ccpversion) 25162306a36Sopenharmony_ci continue; 25262306a36Sopenharmony_ci ret = ccp_register_aes_aead(head, &aes_aead_algs[i]); 25362306a36Sopenharmony_ci if (ret) 25462306a36Sopenharmony_ci return ret; 25562306a36Sopenharmony_ci } 25662306a36Sopenharmony_ci 25762306a36Sopenharmony_ci return 0; 25862306a36Sopenharmony_ci} 259