This source file includes following definitions.
- ccm_aes_nx_set_key
- ccm4309_aes_nx_set_key
- ccm_aes_nx_setauthsize
- ccm4309_aes_nx_setauthsize
- set_msg_len
- crypto_ccm_check_iv
- generate_b0
- generate_pat
- ccm_nx_decrypt
- ccm_nx_encrypt
- ccm4309_aes_nx_encrypt
- ccm_aes_nx_encrypt
- ccm4309_aes_nx_decrypt
- ccm_aes_nx_decrypt
1
2
3
4
5
6
7
8
9
10 #include <crypto/internal/aead.h>
11 #include <crypto/aes.h>
12 #include <crypto/algapi.h>
13 #include <crypto/scatterwalk.h>
14 #include <linux/module.h>
15 #include <linux/types.h>
16 #include <linux/crypto.h>
17 #include <asm/vio.h>
18
19 #include "nx_csbcpb.h"
20 #include "nx.h"
21
22
23 static int ccm_aes_nx_set_key(struct crypto_aead *tfm,
24 const u8 *in_key,
25 unsigned int key_len)
26 {
27 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base);
28 struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
29 struct nx_csbcpb *csbcpb_aead = nx_ctx->csbcpb_aead;
30
31 nx_ctx_init(nx_ctx, HCOP_FC_AES);
32
33 switch (key_len) {
34 case AES_KEYSIZE_128:
35 NX_CPB_SET_KEY_SIZE(csbcpb, NX_KS_AES_128);
36 NX_CPB_SET_KEY_SIZE(csbcpb_aead, NX_KS_AES_128);
37 nx_ctx->ap = &nx_ctx->props[NX_PROPS_AES_128];
38 break;
39 default:
40 return -EINVAL;
41 }
42
43 csbcpb->cpb.hdr.mode = NX_MODE_AES_CCM;
44 memcpy(csbcpb->cpb.aes_ccm.key, in_key, key_len);
45
46 csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_CCA;
47 memcpy(csbcpb_aead->cpb.aes_cca.key, in_key, key_len);
48
49 return 0;
50
51 }
52
53 static int ccm4309_aes_nx_set_key(struct crypto_aead *tfm,
54 const u8 *in_key,
55 unsigned int key_len)
56 {
57 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(&tfm->base);
58
59 if (key_len < 3)
60 return -EINVAL;
61
62 key_len -= 3;
63
64 memcpy(nx_ctx->priv.ccm.nonce, in_key + key_len, 3);
65
66 return ccm_aes_nx_set_key(tfm, in_key, key_len);
67 }
68
69 static int ccm_aes_nx_setauthsize(struct crypto_aead *tfm,
70 unsigned int authsize)
71 {
72 switch (authsize) {
73 case 4:
74 case 6:
75 case 8:
76 case 10:
77 case 12:
78 case 14:
79 case 16:
80 break;
81 default:
82 return -EINVAL;
83 }
84
85 return 0;
86 }
87
88 static int ccm4309_aes_nx_setauthsize(struct crypto_aead *tfm,
89 unsigned int authsize)
90 {
91 switch (authsize) {
92 case 8:
93 case 12:
94 case 16:
95 break;
96 default:
97 return -EINVAL;
98 }
99
100 return 0;
101 }
102
103
104 static int set_msg_len(u8 *block, unsigned int msglen, int csize)
105 {
106 __be32 data;
107
108 memset(block, 0, csize);
109 block += csize;
110
111 if (csize >= 4)
112 csize = 4;
113 else if (msglen > (unsigned int)(1 << (8 * csize)))
114 return -EOVERFLOW;
115
116 data = cpu_to_be32(msglen);
117 memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
118
119 return 0;
120 }
121
122
123 static inline int crypto_ccm_check_iv(const u8 *iv)
124 {
125
126 if (1 > iv[0] || iv[0] > 7)
127 return -EINVAL;
128
129 return 0;
130 }
131
132
133 static int generate_b0(u8 *iv, unsigned int assoclen, unsigned int authsize,
134 unsigned int cryptlen, u8 *b0)
135 {
136 unsigned int l, lp, m = authsize;
137 int rc;
138
139 memcpy(b0, iv, 16);
140
141 lp = b0[0];
142 l = lp + 1;
143
144
145 *b0 |= (8 * ((m - 2) / 2));
146
147
148 if (assoclen)
149 *b0 |= 64;
150
151 rc = set_msg_len(b0 + 16 - l, cryptlen, l);
152
153 return rc;
154 }
155
156 static int generate_pat(u8 *iv,
157 struct aead_request *req,
158 struct nx_crypto_ctx *nx_ctx,
159 unsigned int authsize,
160 unsigned int nbytes,
161 unsigned int assoclen,
162 u8 *out)
163 {
164 struct nx_sg *nx_insg = nx_ctx->in_sg;
165 struct nx_sg *nx_outsg = nx_ctx->out_sg;
166 unsigned int iauth_len = 0;
167 u8 tmp[16], *b1 = NULL, *b0 = NULL, *result = NULL;
168 int rc;
169 unsigned int max_sg_len;
170
171
172 memset(iv + 15 - iv[0], 0, iv[0] + 1);
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188 if (!assoclen) {
189 b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0;
190 } else if (assoclen <= 14) {
191
192
193
194 b0 = nx_ctx->csbcpb->cpb.aes_ccm.in_pat_or_b0;
195 b1 = nx_ctx->priv.ccm.iauth_tag;
196 iauth_len = assoclen;
197 } else if (assoclen <= 65280) {
198
199
200
201 b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0;
202 b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1;
203 iauth_len = 14;
204 } else {
205 b0 = nx_ctx->csbcpb_aead->cpb.aes_cca.b0;
206 b1 = nx_ctx->csbcpb_aead->cpb.aes_cca.b1;
207 iauth_len = 10;
208 }
209
210
211 rc = generate_b0(iv, assoclen, authsize, nbytes, b0);
212 if (rc)
213 return rc;
214
215
216
217
218
219 if (b1) {
220 memset(b1, 0, 16);
221 if (assoclen <= 65280) {
222 *(u16 *)b1 = assoclen;
223 scatterwalk_map_and_copy(b1 + 2, req->src, 0,
224 iauth_len, SCATTERWALK_FROM_SG);
225 } else {
226 *(u16 *)b1 = (u16)(0xfffe);
227 *(u32 *)&b1[2] = assoclen;
228 scatterwalk_map_and_copy(b1 + 6, req->src, 0,
229 iauth_len, SCATTERWALK_FROM_SG);
230 }
231 }
232
233
234 if (!assoclen) {
235 return rc;
236 } else if (assoclen <= 14) {
237 unsigned int len = 16;
238
239 nx_insg = nx_build_sg_list(nx_insg, b1, &len, nx_ctx->ap->sglen);
240
241 if (len != 16)
242 return -EINVAL;
243
244 nx_outsg = nx_build_sg_list(nx_outsg, tmp, &len,
245 nx_ctx->ap->sglen);
246
247 if (len != 16)
248 return -EINVAL;
249
250
251
252 nx_ctx->op.inlen = (nx_ctx->in_sg - nx_insg) *
253 sizeof(struct nx_sg);
254 nx_ctx->op.outlen = (nx_ctx->out_sg - nx_outsg) *
255 sizeof(struct nx_sg);
256
257 NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_ENDE_ENCRYPT;
258 NX_CPB_FDM(nx_ctx->csbcpb) |= NX_FDM_INTERMEDIATE;
259
260 result = nx_ctx->csbcpb->cpb.aes_ccm.out_pat_or_mac;
261
262 rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
263 req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
264 if (rc)
265 return rc;
266
267 atomic_inc(&(nx_ctx->stats->aes_ops));
268 atomic64_add(assoclen, &nx_ctx->stats->aes_bytes);
269
270 } else {
271 unsigned int processed = 0, to_process;
272
273 processed += iauth_len;
274
275
276 max_sg_len = min_t(u64, nx_ctx->ap->sglen,
277 nx_driver.of.max_sg_len/sizeof(struct nx_sg));
278 max_sg_len = min_t(u64, max_sg_len,
279 nx_ctx->ap->databytelen/NX_PAGE_SIZE);
280
281 do {
282 to_process = min_t(u32, assoclen - processed,
283 nx_ctx->ap->databytelen);
284
285 nx_insg = nx_walk_and_build(nx_ctx->in_sg,
286 nx_ctx->ap->sglen,
287 req->src, processed,
288 &to_process);
289
290 if ((to_process + processed) < assoclen) {
291 NX_CPB_FDM(nx_ctx->csbcpb_aead) |=
292 NX_FDM_INTERMEDIATE;
293 } else {
294 NX_CPB_FDM(nx_ctx->csbcpb_aead) &=
295 ~NX_FDM_INTERMEDIATE;
296 }
297
298
299 nx_ctx->op_aead.inlen = (nx_ctx->in_sg - nx_insg) *
300 sizeof(struct nx_sg);
301
302 result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0;
303
304 rc = nx_hcall_sync(nx_ctx, &nx_ctx->op_aead,
305 req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
306 if (rc)
307 return rc;
308
309 memcpy(nx_ctx->csbcpb_aead->cpb.aes_cca.b0,
310 nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0,
311 AES_BLOCK_SIZE);
312
313 NX_CPB_FDM(nx_ctx->csbcpb_aead) |= NX_FDM_CONTINUATION;
314
315 atomic_inc(&(nx_ctx->stats->aes_ops));
316 atomic64_add(assoclen, &nx_ctx->stats->aes_bytes);
317
318 processed += to_process;
319 } while (processed < assoclen);
320
321 result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0;
322 }
323
324 memcpy(out, result, AES_BLOCK_SIZE);
325
326 return rc;
327 }
328
329 static int ccm_nx_decrypt(struct aead_request *req,
330 struct blkcipher_desc *desc,
331 unsigned int assoclen)
332 {
333 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
334 struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
335 unsigned int nbytes = req->cryptlen;
336 unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
337 struct nx_ccm_priv *priv = &nx_ctx->priv.ccm;
338 unsigned long irq_flags;
339 unsigned int processed = 0, to_process;
340 int rc = -1;
341
342 spin_lock_irqsave(&nx_ctx->lock, irq_flags);
343
344 nbytes -= authsize;
345
346
347 scatterwalk_map_and_copy(priv->oauth_tag,
348 req->src, nbytes + req->assoclen, authsize,
349 SCATTERWALK_FROM_SG);
350
351 rc = generate_pat(desc->info, req, nx_ctx, authsize, nbytes, assoclen,
352 csbcpb->cpb.aes_ccm.in_pat_or_b0);
353 if (rc)
354 goto out;
355
356 do {
357
358
359
360
361 to_process = nbytes - processed;
362
363 if ((to_process + processed) < nbytes)
364 NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
365 else
366 NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
367
368 NX_CPB_FDM(nx_ctx->csbcpb) &= ~NX_FDM_ENDE_ENCRYPT;
369
370 rc = nx_build_sg_lists(nx_ctx, desc, req->dst, req->src,
371 &to_process, processed + req->assoclen,
372 csbcpb->cpb.aes_ccm.iv_or_ctr);
373 if (rc)
374 goto out;
375
376 rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
377 req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
378 if (rc)
379 goto out;
380
381
382
383
384 memcpy(desc->info, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
385 memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
386 csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
387 memcpy(csbcpb->cpb.aes_ccm.in_s0,
388 csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
389
390 NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
391
392
393 atomic_inc(&(nx_ctx->stats->aes_ops));
394 atomic64_add(csbcpb->csb.processed_byte_count,
395 &(nx_ctx->stats->aes_bytes));
396
397 processed += to_process;
398 } while (processed < nbytes);
399
400 rc = crypto_memneq(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
401 authsize) ? -EBADMSG : 0;
402 out:
403 spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
404 return rc;
405 }
406
407 static int ccm_nx_encrypt(struct aead_request *req,
408 struct blkcipher_desc *desc,
409 unsigned int assoclen)
410 {
411 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
412 struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
413 unsigned int nbytes = req->cryptlen;
414 unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
415 unsigned long irq_flags;
416 unsigned int processed = 0, to_process;
417 int rc = -1;
418
419 spin_lock_irqsave(&nx_ctx->lock, irq_flags);
420
421 rc = generate_pat(desc->info, req, nx_ctx, authsize, nbytes, assoclen,
422 csbcpb->cpb.aes_ccm.in_pat_or_b0);
423 if (rc)
424 goto out;
425
426 do {
427
428
429
430 to_process = nbytes - processed;
431
432 if ((to_process + processed) < nbytes)
433 NX_CPB_FDM(csbcpb) |= NX_FDM_INTERMEDIATE;
434 else
435 NX_CPB_FDM(csbcpb) &= ~NX_FDM_INTERMEDIATE;
436
437 NX_CPB_FDM(csbcpb) |= NX_FDM_ENDE_ENCRYPT;
438
439 rc = nx_build_sg_lists(nx_ctx, desc, req->dst, req->src,
440 &to_process, processed + req->assoclen,
441 csbcpb->cpb.aes_ccm.iv_or_ctr);
442 if (rc)
443 goto out;
444
445 rc = nx_hcall_sync(nx_ctx, &nx_ctx->op,
446 req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
447 if (rc)
448 goto out;
449
450
451
452
453 memcpy(desc->info, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
454 memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
455 csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
456 memcpy(csbcpb->cpb.aes_ccm.in_s0,
457 csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
458
459 NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
460
461
462 atomic_inc(&(nx_ctx->stats->aes_ops));
463 atomic64_add(csbcpb->csb.processed_byte_count,
464 &(nx_ctx->stats->aes_bytes));
465
466 processed += to_process;
467
468 } while (processed < nbytes);
469
470
471 scatterwalk_map_and_copy(csbcpb->cpb.aes_ccm.out_pat_or_mac,
472 req->dst, nbytes + req->assoclen, authsize,
473 SCATTERWALK_TO_SG);
474
475 out:
476 spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
477 return rc;
478 }
479
480 static int ccm4309_aes_nx_encrypt(struct aead_request *req)
481 {
482 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
483 struct nx_gcm_rctx *rctx = aead_request_ctx(req);
484 struct blkcipher_desc desc;
485 u8 *iv = rctx->iv;
486
487 iv[0] = 3;
488 memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3);
489 memcpy(iv + 4, req->iv, 8);
490
491 desc.info = iv;
492
493 return ccm_nx_encrypt(req, &desc, req->assoclen - 8);
494 }
495
496 static int ccm_aes_nx_encrypt(struct aead_request *req)
497 {
498 struct blkcipher_desc desc;
499 int rc;
500
501 desc.info = req->iv;
502
503 rc = crypto_ccm_check_iv(desc.info);
504 if (rc)
505 return rc;
506
507 return ccm_nx_encrypt(req, &desc, req->assoclen);
508 }
509
510 static int ccm4309_aes_nx_decrypt(struct aead_request *req)
511 {
512 struct nx_crypto_ctx *nx_ctx = crypto_tfm_ctx(req->base.tfm);
513 struct nx_gcm_rctx *rctx = aead_request_ctx(req);
514 struct blkcipher_desc desc;
515 u8 *iv = rctx->iv;
516
517 iv[0] = 3;
518 memcpy(iv + 1, nx_ctx->priv.ccm.nonce, 3);
519 memcpy(iv + 4, req->iv, 8);
520
521 desc.info = iv;
522
523 return ccm_nx_decrypt(req, &desc, req->assoclen - 8);
524 }
525
526 static int ccm_aes_nx_decrypt(struct aead_request *req)
527 {
528 struct blkcipher_desc desc;
529 int rc;
530
531 desc.info = req->iv;
532
533 rc = crypto_ccm_check_iv(desc.info);
534 if (rc)
535 return rc;
536
537 return ccm_nx_decrypt(req, &desc, req->assoclen);
538 }
539
540
541
542
543
544
545 struct aead_alg nx_ccm_aes_alg = {
546 .base = {
547 .cra_name = "ccm(aes)",
548 .cra_driver_name = "ccm-aes-nx",
549 .cra_priority = 300,
550 .cra_flags = CRYPTO_ALG_NEED_FALLBACK,
551 .cra_blocksize = 1,
552 .cra_ctxsize = sizeof(struct nx_crypto_ctx),
553 .cra_module = THIS_MODULE,
554 },
555 .init = nx_crypto_ctx_aes_ccm_init,
556 .exit = nx_crypto_ctx_aead_exit,
557 .ivsize = AES_BLOCK_SIZE,
558 .maxauthsize = AES_BLOCK_SIZE,
559 .setkey = ccm_aes_nx_set_key,
560 .setauthsize = ccm_aes_nx_setauthsize,
561 .encrypt = ccm_aes_nx_encrypt,
562 .decrypt = ccm_aes_nx_decrypt,
563 };
564
565 struct aead_alg nx_ccm4309_aes_alg = {
566 .base = {
567 .cra_name = "rfc4309(ccm(aes))",
568 .cra_driver_name = "rfc4309-ccm-aes-nx",
569 .cra_priority = 300,
570 .cra_flags = CRYPTO_ALG_NEED_FALLBACK,
571 .cra_blocksize = 1,
572 .cra_ctxsize = sizeof(struct nx_crypto_ctx),
573 .cra_module = THIS_MODULE,
574 },
575 .init = nx_crypto_ctx_aes_ccm_init,
576 .exit = nx_crypto_ctx_aead_exit,
577 .ivsize = 8,
578 .maxauthsize = AES_BLOCK_SIZE,
579 .setkey = ccm4309_aes_nx_set_key,
580 .setauthsize = ccm4309_aes_nx_setauthsize,
581 .encrypt = ccm4309_aes_nx_encrypt,
582 .decrypt = ccm4309_aes_nx_decrypt,
583 };