Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/drivers/crypto/atmel-aes.c

  1 /*
  2  * Cryptographic API.
  3  *
  4  * Support for ATMEL AES HW acceleration.
  5  *
  6  * Copyright (c) 2012 Eukréa Electromatique - ATMEL
  7  * Author: Nicolas Royer <nicolas@eukrea.com>
  8  *
  9  * This program is free software; you can redistribute it and/or modify
 10  * it under the terms of the GNU General Public License version 2 as published
 11  * by the Free Software Foundation.
 12  *
 13  * Some ideas are from omap-aes.c driver.
 14  */
 15 
 16 
 17 #include <linux/kernel.h>
 18 #include <linux/module.h>
 19 #include <linux/slab.h>
 20 #include <linux/err.h>
 21 #include <linux/clk.h>
 22 #include <linux/io.h>
 23 #include <linux/hw_random.h>
 24 #include <linux/platform_device.h>
 25 
 26 #include <linux/device.h>
 27 #include <linux/init.h>
 28 #include <linux/errno.h>
 29 #include <linux/interrupt.h>
 30 #include <linux/irq.h>
 31 #include <linux/scatterlist.h>
 32 #include <linux/dma-mapping.h>
 33 #include <linux/of_device.h>
 34 #include <linux/delay.h>
 35 #include <linux/crypto.h>
 36 #include <crypto/scatterwalk.h>
 37 #include <crypto/algapi.h>
 38 #include <crypto/aes.h>
 39 #include <crypto/xts.h>
 40 #include <crypto/internal/aead.h>
 41 #include <linux/platform_data/crypto-atmel.h>
 42 #include <dt-bindings/dma/at91.h>
 43 #include "atmel-aes-regs.h"
 44 
 45 #define ATMEL_AES_PRIORITY      300
 46 
 47 #define ATMEL_AES_BUFFER_ORDER  2
 48 #define ATMEL_AES_BUFFER_SIZE   (PAGE_SIZE << ATMEL_AES_BUFFER_ORDER)
 49 
 50 #define CFB8_BLOCK_SIZE         1
 51 #define CFB16_BLOCK_SIZE        2
 52 #define CFB32_BLOCK_SIZE        4
 53 #define CFB64_BLOCK_SIZE        8
 54 
 55 #define SIZE_IN_WORDS(x)        ((x) >> 2)
 56 
 57 /* AES flags */
 58 /* Reserve bits [18:16] [14:12] [1:0] for mode (same as for AES_MR) */
 59 #define AES_FLAGS_ENCRYPT       AES_MR_CYPHER_ENC
 60 #define AES_FLAGS_GTAGEN        AES_MR_GTAGEN
 61 #define AES_FLAGS_OPMODE_MASK   (AES_MR_OPMOD_MASK | AES_MR_CFBS_MASK)
 62 #define AES_FLAGS_ECB           AES_MR_OPMOD_ECB
 63 #define AES_FLAGS_CBC           AES_MR_OPMOD_CBC
 64 #define AES_FLAGS_OFB           AES_MR_OPMOD_OFB
 65 #define AES_FLAGS_CFB128        (AES_MR_OPMOD_CFB | AES_MR_CFBS_128b)
 66 #define AES_FLAGS_CFB64         (AES_MR_OPMOD_CFB | AES_MR_CFBS_64b)
 67 #define AES_FLAGS_CFB32         (AES_MR_OPMOD_CFB | AES_MR_CFBS_32b)
 68 #define AES_FLAGS_CFB16         (AES_MR_OPMOD_CFB | AES_MR_CFBS_16b)
 69 #define AES_FLAGS_CFB8          (AES_MR_OPMOD_CFB | AES_MR_CFBS_8b)
 70 #define AES_FLAGS_CTR           AES_MR_OPMOD_CTR
 71 #define AES_FLAGS_GCM           AES_MR_OPMOD_GCM
 72 #define AES_FLAGS_XTS           AES_MR_OPMOD_XTS
 73 
 74 #define AES_FLAGS_MODE_MASK     (AES_FLAGS_OPMODE_MASK |        \
 75                                  AES_FLAGS_ENCRYPT |            \
 76                                  AES_FLAGS_GTAGEN)
 77 
 78 #define AES_FLAGS_INIT          BIT(2)
 79 #define AES_FLAGS_BUSY          BIT(3)
 80 #define AES_FLAGS_DUMP_REG      BIT(4)
 81 
 82 #define AES_FLAGS_PERSISTENT    (AES_FLAGS_INIT | AES_FLAGS_BUSY)
 83 
 84 #define ATMEL_AES_QUEUE_LENGTH  50
 85 
 86 #define ATMEL_AES_DMA_THRESHOLD         256
 87 
 88 
 89 struct atmel_aes_caps {
 90         bool                    has_dualbuff;
 91         bool                    has_cfb64;
 92         bool                    has_ctr32;
 93         bool                    has_gcm;
 94         bool                    has_xts;
 95         u32                     max_burst_size;
 96 };
 97 
 98 struct atmel_aes_dev;
 99 
100 
101 typedef int (*atmel_aes_fn_t)(struct atmel_aes_dev *);
102 
103 
104 struct atmel_aes_base_ctx {
105         struct atmel_aes_dev    *dd;
106         atmel_aes_fn_t          start;
107         int                     keylen;
108         u32                     key[AES_KEYSIZE_256 / sizeof(u32)];
109         u16                     block_size;
110 };
111 
112 struct atmel_aes_ctx {
113         struct atmel_aes_base_ctx       base;
114 };
115 
116 struct atmel_aes_ctr_ctx {
117         struct atmel_aes_base_ctx       base;
118 
119         u32                     iv[AES_BLOCK_SIZE / sizeof(u32)];
120         size_t                  offset;
121         struct scatterlist      src[2];
122         struct scatterlist      dst[2];
123 };
124 
125 struct atmel_aes_gcm_ctx {
126         struct atmel_aes_base_ctx       base;
127 
128         struct scatterlist      src[2];
129         struct scatterlist      dst[2];
130 
131         u32                     j0[AES_BLOCK_SIZE / sizeof(u32)];
132         u32                     tag[AES_BLOCK_SIZE / sizeof(u32)];
133         u32                     ghash[AES_BLOCK_SIZE / sizeof(u32)];
134         size_t                  textlen;
135 
136         const u32               *ghash_in;
137         u32                     *ghash_out;
138         atmel_aes_fn_t          ghash_resume;
139 };
140 
141 struct atmel_aes_xts_ctx {
142         struct atmel_aes_base_ctx       base;
143 
144         u32                     key2[AES_KEYSIZE_256 / sizeof(u32)];
145 };
146 
147 struct atmel_aes_reqctx {
148         unsigned long           mode;
149 };
150 
151 struct atmel_aes_dma {
152         struct dma_chan         *chan;
153         struct scatterlist      *sg;
154         int                     nents;
155         unsigned int            remainder;
156         unsigned int            sg_len;
157 };
158 
159 struct atmel_aes_dev {
160         struct list_head        list;
161         unsigned long           phys_base;
162         void __iomem            *io_base;
163 
164         struct crypto_async_request     *areq;
165         struct atmel_aes_base_ctx       *ctx;
166 
167         bool                    is_async;
168         atmel_aes_fn_t          resume;
169         atmel_aes_fn_t          cpu_transfer_complete;
170 
171         struct device           *dev;
172         struct clk              *iclk;
173         int                     irq;
174 
175         unsigned long           flags;
176 
177         spinlock_t              lock;
178         struct crypto_queue     queue;
179 
180         struct tasklet_struct   done_task;
181         struct tasklet_struct   queue_task;
182 
183         size_t                  total;
184         size_t                  datalen;
185         u32                     *data;
186 
187         struct atmel_aes_dma    src;
188         struct atmel_aes_dma    dst;
189 
190         size_t                  buflen;
191         void                    *buf;
192         struct scatterlist      aligned_sg;
193         struct scatterlist      *real_dst;
194 
195         struct atmel_aes_caps   caps;
196 
197         u32                     hw_version;
198 };
199 
200 struct atmel_aes_drv {
201         struct list_head        dev_list;
202         spinlock_t              lock;
203 };
204 
205 static struct atmel_aes_drv atmel_aes = {
206         .dev_list = LIST_HEAD_INIT(atmel_aes.dev_list),
207         .lock = __SPIN_LOCK_UNLOCKED(atmel_aes.lock),
208 };
209 
210 #ifdef VERBOSE_DEBUG
211 static const char *atmel_aes_reg_name(u32 offset, char *tmp, size_t sz)
212 {
213         switch (offset) {
214         case AES_CR:
215                 return "CR";
216 
217         case AES_MR:
218                 return "MR";
219 
220         case AES_ISR:
221                 return "ISR";
222 
223         case AES_IMR:
224                 return "IMR";
225 
226         case AES_IER:
227                 return "IER";
228 
229         case AES_IDR:
230                 return "IDR";
231 
232         case AES_KEYWR(0):
233         case AES_KEYWR(1):
234         case AES_KEYWR(2):
235         case AES_KEYWR(3):
236         case AES_KEYWR(4):
237         case AES_KEYWR(5):
238         case AES_KEYWR(6):
239         case AES_KEYWR(7):
240                 snprintf(tmp, sz, "KEYWR[%u]", (offset - AES_KEYWR(0)) >> 2);
241                 break;
242 
243         case AES_IDATAR(0):
244         case AES_IDATAR(1):
245         case AES_IDATAR(2):
246         case AES_IDATAR(3):
247                 snprintf(tmp, sz, "IDATAR[%u]", (offset - AES_IDATAR(0)) >> 2);
248                 break;
249 
250         case AES_ODATAR(0):
251         case AES_ODATAR(1):
252         case AES_ODATAR(2):
253         case AES_ODATAR(3):
254                 snprintf(tmp, sz, "ODATAR[%u]", (offset - AES_ODATAR(0)) >> 2);
255                 break;
256 
257         case AES_IVR(0):
258         case AES_IVR(1):
259         case AES_IVR(2):
260         case AES_IVR(3):
261                 snprintf(tmp, sz, "IVR[%u]", (offset - AES_IVR(0)) >> 2);
262                 break;
263 
264         case AES_AADLENR:
265                 return "AADLENR";
266 
267         case AES_CLENR:
268                 return "CLENR";
269 
270         case AES_GHASHR(0):
271         case AES_GHASHR(1):
272         case AES_GHASHR(2):
273         case AES_GHASHR(3):
274                 snprintf(tmp, sz, "GHASHR[%u]", (offset - AES_GHASHR(0)) >> 2);
275                 break;
276 
277         case AES_TAGR(0):
278         case AES_TAGR(1):
279         case AES_TAGR(2):
280         case AES_TAGR(3):
281                 snprintf(tmp, sz, "TAGR[%u]", (offset - AES_TAGR(0)) >> 2);
282                 break;
283 
284         case AES_CTRR:
285                 return "CTRR";
286 
287         case AES_GCMHR(0):
288         case AES_GCMHR(1):
289         case AES_GCMHR(2):
290         case AES_GCMHR(3):
291                 snprintf(tmp, sz, "GCMHR[%u]", (offset - AES_GCMHR(0)) >> 2);
292                 break;
293 
294         case AES_TWR(0):
295         case AES_TWR(1):
296         case AES_TWR(2):
297         case AES_TWR(3):
298                 snprintf(tmp, sz, "TWR[%u]", (offset - AES_TWR(0)) >> 2);
299                 break;
300 
301         case AES_ALPHAR(0):
302         case AES_ALPHAR(1):
303         case AES_ALPHAR(2):
304         case AES_ALPHAR(3):
305                 snprintf(tmp, sz, "ALPHAR[%u]", (offset - AES_ALPHAR(0)) >> 2);
306                 break;
307 
308         default:
309                 snprintf(tmp, sz, "0x%02x", offset);
310                 break;
311         }
312 
313         return tmp;
314 }
315 #endif /* VERBOSE_DEBUG */
316 
317 /* Shared functions */
318 
319 static inline u32 atmel_aes_read(struct atmel_aes_dev *dd, u32 offset)
320 {
321         u32 value = readl_relaxed(dd->io_base + offset);
322 
323 #ifdef VERBOSE_DEBUG
324         if (dd->flags & AES_FLAGS_DUMP_REG) {
325                 char tmp[16];
326 
327                 dev_vdbg(dd->dev, "read 0x%08x from %s\n", value,
328                          atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
329         }
330 #endif /* VERBOSE_DEBUG */
331 
332         return value;
333 }
334 
335 static inline void atmel_aes_write(struct atmel_aes_dev *dd,
336                                         u32 offset, u32 value)
337 {
338 #ifdef VERBOSE_DEBUG
339         if (dd->flags & AES_FLAGS_DUMP_REG) {
340                 char tmp[16];
341 
342                 dev_vdbg(dd->dev, "write 0x%08x into %s\n", value,
343                          atmel_aes_reg_name(offset, tmp, sizeof(tmp)));
344         }
345 #endif /* VERBOSE_DEBUG */
346 
347         writel_relaxed(value, dd->io_base + offset);
348 }
349 
350 static void atmel_aes_read_n(struct atmel_aes_dev *dd, u32 offset,
351                                         u32 *value, int count)
352 {
353         for (; count--; value++, offset += 4)
354                 *value = atmel_aes_read(dd, offset);
355 }
356 
357 static void atmel_aes_write_n(struct atmel_aes_dev *dd, u32 offset,
358                               const u32 *value, int count)
359 {
360         for (; count--; value++, offset += 4)
361                 atmel_aes_write(dd, offset, *value);
362 }
363 
364 static inline void atmel_aes_read_block(struct atmel_aes_dev *dd, u32 offset,
365                                         u32 *value)
366 {
367         atmel_aes_read_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
368 }
369 
370 static inline void atmel_aes_write_block(struct atmel_aes_dev *dd, u32 offset,
371                                          const u32 *value)
372 {
373         atmel_aes_write_n(dd, offset, value, SIZE_IN_WORDS(AES_BLOCK_SIZE));
374 }
375 
376 static inline int atmel_aes_wait_for_data_ready(struct atmel_aes_dev *dd,
377                                                 atmel_aes_fn_t resume)
378 {
379         u32 isr = atmel_aes_read(dd, AES_ISR);
380 
381         if (unlikely(isr & AES_INT_DATARDY))
382                 return resume(dd);
383 
384         dd->resume = resume;
385         atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
386         return -EINPROGRESS;
387 }
388 
389 static inline size_t atmel_aes_padlen(size_t len, size_t block_size)
390 {
391         len &= block_size - 1;
392         return len ? block_size - len : 0;
393 }
394 
395 static struct atmel_aes_dev *atmel_aes_find_dev(struct atmel_aes_base_ctx *ctx)
396 {
397         struct atmel_aes_dev *aes_dd = NULL;
398         struct atmel_aes_dev *tmp;
399 
400         spin_lock_bh(&atmel_aes.lock);
401         if (!ctx->dd) {
402                 list_for_each_entry(tmp, &atmel_aes.dev_list, list) {
403                         aes_dd = tmp;
404                         break;
405                 }
406                 ctx->dd = aes_dd;
407         } else {
408                 aes_dd = ctx->dd;
409         }
410 
411         spin_unlock_bh(&atmel_aes.lock);
412 
413         return aes_dd;
414 }
415 
416 static int atmel_aes_hw_init(struct atmel_aes_dev *dd)
417 {
418         int err;
419 
420         err = clk_enable(dd->iclk);
421         if (err)
422                 return err;
423 
424         if (!(dd->flags & AES_FLAGS_INIT)) {
425                 atmel_aes_write(dd, AES_CR, AES_CR_SWRST);
426                 atmel_aes_write(dd, AES_MR, 0xE << AES_MR_CKEY_OFFSET);
427                 dd->flags |= AES_FLAGS_INIT;
428         }
429 
430         return 0;
431 }
432 
433 static inline unsigned int atmel_aes_get_version(struct atmel_aes_dev *dd)
434 {
435         return atmel_aes_read(dd, AES_HW_VERSION) & 0x00000fff;
436 }
437 
438 static int atmel_aes_hw_version_init(struct atmel_aes_dev *dd)
439 {
440         int err;
441 
442         err = atmel_aes_hw_init(dd);
443         if (err)
444                 return err;
445 
446         dd->hw_version = atmel_aes_get_version(dd);
447 
448         dev_info(dd->dev, "version: 0x%x\n", dd->hw_version);
449 
450         clk_disable(dd->iclk);
451         return 0;
452 }
453 
454 static inline void atmel_aes_set_mode(struct atmel_aes_dev *dd,
455                                       const struct atmel_aes_reqctx *rctx)
456 {
457         /* Clear all but persistent flags and set request flags. */
458         dd->flags = (dd->flags & AES_FLAGS_PERSISTENT) | rctx->mode;
459 }
460 
461 static inline bool atmel_aes_is_encrypt(const struct atmel_aes_dev *dd)
462 {
463         return (dd->flags & AES_FLAGS_ENCRYPT);
464 }
465 
466 static inline int atmel_aes_complete(struct atmel_aes_dev *dd, int err)
467 {
468         clk_disable(dd->iclk);
469         dd->flags &= ~AES_FLAGS_BUSY;
470 
471         if (dd->is_async)
472                 dd->areq->complete(dd->areq, err);
473 
474         tasklet_schedule(&dd->queue_task);
475 
476         return err;
477 }
478 
479 static void atmel_aes_write_ctrl_key(struct atmel_aes_dev *dd, bool use_dma,
480                                      const u32 *iv, const u32 *key, int keylen)
481 {
482         u32 valmr = 0;
483 
484         /* MR register must be set before IV registers */
485         if (keylen == AES_KEYSIZE_128)
486                 valmr |= AES_MR_KEYSIZE_128;
487         else if (keylen == AES_KEYSIZE_192)
488                 valmr |= AES_MR_KEYSIZE_192;
489         else
490                 valmr |= AES_MR_KEYSIZE_256;
491 
492         valmr |= dd->flags & AES_FLAGS_MODE_MASK;
493 
494         if (use_dma) {
495                 valmr |= AES_MR_SMOD_IDATAR0;
496                 if (dd->caps.has_dualbuff)
497                         valmr |= AES_MR_DUALBUFF;
498         } else {
499                 valmr |= AES_MR_SMOD_AUTO;
500         }
501 
502         atmel_aes_write(dd, AES_MR, valmr);
503 
504         atmel_aes_write_n(dd, AES_KEYWR(0), key, SIZE_IN_WORDS(keylen));
505 
506         if (iv && (valmr & AES_MR_OPMOD_MASK) != AES_MR_OPMOD_ECB)
507                 atmel_aes_write_block(dd, AES_IVR(0), iv);
508 }
509 
510 static inline void atmel_aes_write_ctrl(struct atmel_aes_dev *dd, bool use_dma,
511                                         const u32 *iv)
512 
513 {
514         atmel_aes_write_ctrl_key(dd, use_dma, iv,
515                                  dd->ctx->key, dd->ctx->keylen);
516 }
517 
518 /* CPU transfer */
519 
520 static int atmel_aes_cpu_transfer(struct atmel_aes_dev *dd)
521 {
522         int err = 0;
523         u32 isr;
524 
525         for (;;) {
526                 atmel_aes_read_block(dd, AES_ODATAR(0), dd->data);
527                 dd->data += 4;
528                 dd->datalen -= AES_BLOCK_SIZE;
529 
530                 if (dd->datalen < AES_BLOCK_SIZE)
531                         break;
532 
533                 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
534 
535                 isr = atmel_aes_read(dd, AES_ISR);
536                 if (!(isr & AES_INT_DATARDY)) {
537                         dd->resume = atmel_aes_cpu_transfer;
538                         atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
539                         return -EINPROGRESS;
540                 }
541         }
542 
543         if (!sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst),
544                                  dd->buf, dd->total))
545                 err = -EINVAL;
546 
547         if (err)
548                 return atmel_aes_complete(dd, err);
549 
550         return dd->cpu_transfer_complete(dd);
551 }
552 
553 static int atmel_aes_cpu_start(struct atmel_aes_dev *dd,
554                                struct scatterlist *src,
555                                struct scatterlist *dst,
556                                size_t len,
557                                atmel_aes_fn_t resume)
558 {
559         size_t padlen = atmel_aes_padlen(len, AES_BLOCK_SIZE);
560 
561         if (unlikely(len == 0))
562                 return -EINVAL;
563 
564         sg_copy_to_buffer(src, sg_nents(src), dd->buf, len);
565 
566         dd->total = len;
567         dd->real_dst = dst;
568         dd->cpu_transfer_complete = resume;
569         dd->datalen = len + padlen;
570         dd->data = (u32 *)dd->buf;
571         atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
572         return atmel_aes_wait_for_data_ready(dd, atmel_aes_cpu_transfer);
573 }
574 
575 
576 /* DMA transfer */
577 
578 static void atmel_aes_dma_callback(void *data);
579 
580 static bool atmel_aes_check_aligned(struct atmel_aes_dev *dd,
581                                     struct scatterlist *sg,
582                                     size_t len,
583                                     struct atmel_aes_dma *dma)
584 {
585         int nents;
586 
587         if (!IS_ALIGNED(len, dd->ctx->block_size))
588                 return false;
589 
590         for (nents = 0; sg; sg = sg_next(sg), ++nents) {
591                 if (!IS_ALIGNED(sg->offset, sizeof(u32)))
592                         return false;
593 
594                 if (len <= sg->length) {
595                         if (!IS_ALIGNED(len, dd->ctx->block_size))
596                                 return false;
597 
598                         dma->nents = nents+1;
599                         dma->remainder = sg->length - len;
600                         sg->length = len;
601                         return true;
602                 }
603 
604                 if (!IS_ALIGNED(sg->length, dd->ctx->block_size))
605                         return false;
606 
607                 len -= sg->length;
608         }
609 
610         return false;
611 }
612 
613 static inline void atmel_aes_restore_sg(const struct atmel_aes_dma *dma)
614 {
615         struct scatterlist *sg = dma->sg;
616         int nents = dma->nents;
617 
618         if (!dma->remainder)
619                 return;
620 
621         while (--nents > 0 && sg)
622                 sg = sg_next(sg);
623 
624         if (!sg)
625                 return;
626 
627         sg->length += dma->remainder;
628 }
629 
630 static int atmel_aes_map(struct atmel_aes_dev *dd,
631                          struct scatterlist *src,
632                          struct scatterlist *dst,
633                          size_t len)
634 {
635         bool src_aligned, dst_aligned;
636         size_t padlen;
637 
638         dd->total = len;
639         dd->src.sg = src;
640         dd->dst.sg = dst;
641         dd->real_dst = dst;
642 
643         src_aligned = atmel_aes_check_aligned(dd, src, len, &dd->src);
644         if (src == dst)
645                 dst_aligned = src_aligned;
646         else
647                 dst_aligned = atmel_aes_check_aligned(dd, dst, len, &dd->dst);
648         if (!src_aligned || !dst_aligned) {
649                 padlen = atmel_aes_padlen(len, dd->ctx->block_size);
650 
651                 if (dd->buflen < len + padlen)
652                         return -ENOMEM;
653 
654                 if (!src_aligned) {
655                         sg_copy_to_buffer(src, sg_nents(src), dd->buf, len);
656                         dd->src.sg = &dd->aligned_sg;
657                         dd->src.nents = 1;
658                         dd->src.remainder = 0;
659                 }
660 
661                 if (!dst_aligned) {
662                         dd->dst.sg = &dd->aligned_sg;
663                         dd->dst.nents = 1;
664                         dd->dst.remainder = 0;
665                 }
666 
667                 sg_init_table(&dd->aligned_sg, 1);
668                 sg_set_buf(&dd->aligned_sg, dd->buf, len + padlen);
669         }
670 
671         if (dd->src.sg == dd->dst.sg) {
672                 dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
673                                             DMA_BIDIRECTIONAL);
674                 dd->dst.sg_len = dd->src.sg_len;
675                 if (!dd->src.sg_len)
676                         return -EFAULT;
677         } else {
678                 dd->src.sg_len = dma_map_sg(dd->dev, dd->src.sg, dd->src.nents,
679                                             DMA_TO_DEVICE);
680                 if (!dd->src.sg_len)
681                         return -EFAULT;
682 
683                 dd->dst.sg_len = dma_map_sg(dd->dev, dd->dst.sg, dd->dst.nents,
684                                             DMA_FROM_DEVICE);
685                 if (!dd->dst.sg_len) {
686                         dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
687                                      DMA_TO_DEVICE);
688                         return -EFAULT;
689                 }
690         }
691 
692         return 0;
693 }
694 
695 static void atmel_aes_unmap(struct atmel_aes_dev *dd)
696 {
697         if (dd->src.sg == dd->dst.sg) {
698                 dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
699                              DMA_BIDIRECTIONAL);
700 
701                 if (dd->src.sg != &dd->aligned_sg)
702                         atmel_aes_restore_sg(&dd->src);
703         } else {
704                 dma_unmap_sg(dd->dev, dd->dst.sg, dd->dst.nents,
705                              DMA_FROM_DEVICE);
706 
707                 if (dd->dst.sg != &dd->aligned_sg)
708                         atmel_aes_restore_sg(&dd->dst);
709 
710                 dma_unmap_sg(dd->dev, dd->src.sg, dd->src.nents,
711                              DMA_TO_DEVICE);
712 
713                 if (dd->src.sg != &dd->aligned_sg)
714                         atmel_aes_restore_sg(&dd->src);
715         }
716 
717         if (dd->dst.sg == &dd->aligned_sg)
718                 sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst),
719                                     dd->buf, dd->total);
720 }
721 
722 static int atmel_aes_dma_transfer_start(struct atmel_aes_dev *dd,
723                                         enum dma_slave_buswidth addr_width,
724                                         enum dma_transfer_direction dir,
725                                         u32 maxburst)
726 {
727         struct dma_async_tx_descriptor *desc;
728         struct dma_slave_config config;
729         dma_async_tx_callback callback;
730         struct atmel_aes_dma *dma;
731         int err;
732 
733         memset(&config, 0, sizeof(config));
734         config.direction = dir;
735         config.src_addr_width = addr_width;
736         config.dst_addr_width = addr_width;
737         config.src_maxburst = maxburst;
738         config.dst_maxburst = maxburst;
739 
740         switch (dir) {
741         case DMA_MEM_TO_DEV:
742                 dma = &dd->src;
743                 callback = NULL;
744                 config.dst_addr = dd->phys_base + AES_IDATAR(0);
745                 break;
746 
747         case DMA_DEV_TO_MEM:
748                 dma = &dd->dst;
749                 callback = atmel_aes_dma_callback;
750                 config.src_addr = dd->phys_base + AES_ODATAR(0);
751                 break;
752 
753         default:
754                 return -EINVAL;
755         }
756 
757         err = dmaengine_slave_config(dma->chan, &config);
758         if (err)
759                 return err;
760 
761         desc = dmaengine_prep_slave_sg(dma->chan, dma->sg, dma->sg_len, dir,
762                                        DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
763         if (!desc)
764                 return -ENOMEM;
765 
766         desc->callback = callback;
767         desc->callback_param = dd;
768         dmaengine_submit(desc);
769         dma_async_issue_pending(dma->chan);
770 
771         return 0;
772 }
773 
774 static void atmel_aes_dma_transfer_stop(struct atmel_aes_dev *dd,
775                                         enum dma_transfer_direction dir)
776 {
777         struct atmel_aes_dma *dma;
778 
779         switch (dir) {
780         case DMA_MEM_TO_DEV:
781                 dma = &dd->src;
782                 break;
783 
784         case DMA_DEV_TO_MEM:
785                 dma = &dd->dst;
786                 break;
787 
788         default:
789                 return;
790         }
791 
792         dmaengine_terminate_all(dma->chan);
793 }
794 
795 static int atmel_aes_dma_start(struct atmel_aes_dev *dd,
796                                struct scatterlist *src,
797                                struct scatterlist *dst,
798                                size_t len,
799                                atmel_aes_fn_t resume)
800 {
801         enum dma_slave_buswidth addr_width;
802         u32 maxburst;
803         int err;
804 
805         switch (dd->ctx->block_size) {
806         case CFB8_BLOCK_SIZE:
807                 addr_width = DMA_SLAVE_BUSWIDTH_1_BYTE;
808                 maxburst = 1;
809                 break;
810 
811         case CFB16_BLOCK_SIZE:
812                 addr_width = DMA_SLAVE_BUSWIDTH_2_BYTES;
813                 maxburst = 1;
814                 break;
815 
816         case CFB32_BLOCK_SIZE:
817         case CFB64_BLOCK_SIZE:
818                 addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
819                 maxburst = 1;
820                 break;
821 
822         case AES_BLOCK_SIZE:
823                 addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES;
824                 maxburst = dd->caps.max_burst_size;
825                 break;
826 
827         default:
828                 err = -EINVAL;
829                 goto exit;
830         }
831 
832         err = atmel_aes_map(dd, src, dst, len);
833         if (err)
834                 goto exit;
835 
836         dd->resume = resume;
837 
838         /* Set output DMA transfer first */
839         err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_DEV_TO_MEM,
840                                            maxburst);
841         if (err)
842                 goto unmap;
843 
844         /* Then set input DMA transfer */
845         err = atmel_aes_dma_transfer_start(dd, addr_width, DMA_MEM_TO_DEV,
846                                            maxburst);
847         if (err)
848                 goto output_transfer_stop;
849 
850         return -EINPROGRESS;
851 
852 output_transfer_stop:
853         atmel_aes_dma_transfer_stop(dd, DMA_DEV_TO_MEM);
854 unmap:
855         atmel_aes_unmap(dd);
856 exit:
857         return atmel_aes_complete(dd, err);
858 }
859 
860 static void atmel_aes_dma_stop(struct atmel_aes_dev *dd)
861 {
862         atmel_aes_dma_transfer_stop(dd, DMA_MEM_TO_DEV);
863         atmel_aes_dma_transfer_stop(dd, DMA_DEV_TO_MEM);
864         atmel_aes_unmap(dd);
865 }
866 
867 static void atmel_aes_dma_callback(void *data)
868 {
869         struct atmel_aes_dev *dd = data;
870 
871         atmel_aes_dma_stop(dd);
872         dd->is_async = true;
873         (void)dd->resume(dd);
874 }
875 
876 static int atmel_aes_handle_queue(struct atmel_aes_dev *dd,
877                                   struct crypto_async_request *new_areq)
878 {
879         struct crypto_async_request *areq, *backlog;
880         struct atmel_aes_base_ctx *ctx;
881         unsigned long flags;
882         int err, ret = 0;
883 
884         spin_lock_irqsave(&dd->lock, flags);
885         if (new_areq)
886                 ret = crypto_enqueue_request(&dd->queue, new_areq);
887         if (dd->flags & AES_FLAGS_BUSY) {
888                 spin_unlock_irqrestore(&dd->lock, flags);
889                 return ret;
890         }
891         backlog = crypto_get_backlog(&dd->queue);
892         areq = crypto_dequeue_request(&dd->queue);
893         if (areq)
894                 dd->flags |= AES_FLAGS_BUSY;
895         spin_unlock_irqrestore(&dd->lock, flags);
896 
897         if (!areq)
898                 return ret;
899 
900         if (backlog)
901                 backlog->complete(backlog, -EINPROGRESS);
902 
903         ctx = crypto_tfm_ctx(areq->tfm);
904 
905         dd->areq = areq;
906         dd->ctx = ctx;
907         dd->is_async = (areq != new_areq);
908 
909         err = ctx->start(dd);
910         return (dd->is_async) ? ret : err;
911 }
912 
913 
914 /* AES async block ciphers */
915 
916 static int atmel_aes_transfer_complete(struct atmel_aes_dev *dd)
917 {
918         return atmel_aes_complete(dd, 0);
919 }
920 
921 static int atmel_aes_start(struct atmel_aes_dev *dd)
922 {
923         struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
924         struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
925         bool use_dma = (req->nbytes >= ATMEL_AES_DMA_THRESHOLD ||
926                         dd->ctx->block_size != AES_BLOCK_SIZE);
927         int err;
928 
929         atmel_aes_set_mode(dd, rctx);
930 
931         err = atmel_aes_hw_init(dd);
932         if (err)
933                 return atmel_aes_complete(dd, err);
934 
935         atmel_aes_write_ctrl(dd, use_dma, req->info);
936         if (use_dma)
937                 return atmel_aes_dma_start(dd, req->src, req->dst, req->nbytes,
938                                            atmel_aes_transfer_complete);
939 
940         return atmel_aes_cpu_start(dd, req->src, req->dst, req->nbytes,
941                                    atmel_aes_transfer_complete);
942 }
943 
944 static inline struct atmel_aes_ctr_ctx *
945 atmel_aes_ctr_ctx_cast(struct atmel_aes_base_ctx *ctx)
946 {
947         return container_of(ctx, struct atmel_aes_ctr_ctx, base);
948 }
949 
950 static int atmel_aes_ctr_transfer(struct atmel_aes_dev *dd)
951 {
952         struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
953         struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
954         struct scatterlist *src, *dst;
955         u32 ctr, blocks;
956         size_t datalen;
957         bool use_dma, fragmented = false;
958 
959         /* Check for transfer completion. */
960         ctx->offset += dd->total;
961         if (ctx->offset >= req->nbytes)
962                 return atmel_aes_transfer_complete(dd);
963 
964         /* Compute data length. */
965         datalen = req->nbytes - ctx->offset;
966         blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
967         ctr = be32_to_cpu(ctx->iv[3]);
968         if (dd->caps.has_ctr32) {
969                 /* Check 32bit counter overflow. */
970                 u32 start = ctr;
971                 u32 end = start + blocks - 1;
972 
973                 if (end < start) {
974                         ctr |= 0xffffffff;
975                         datalen = AES_BLOCK_SIZE * -start;
976                         fragmented = true;
977                 }
978         } else {
979                 /* Check 16bit counter overflow. */
980                 u16 start = ctr & 0xffff;
981                 u16 end = start + (u16)blocks - 1;
982 
983                 if (blocks >> 16 || end < start) {
984                         ctr |= 0xffff;
985                         datalen = AES_BLOCK_SIZE * (0x10000-start);
986                         fragmented = true;
987                 }
988         }
989         use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
990 
991         /* Jump to offset. */
992         src = scatterwalk_ffwd(ctx->src, req->src, ctx->offset);
993         dst = ((req->src == req->dst) ? src :
994                scatterwalk_ffwd(ctx->dst, req->dst, ctx->offset));
995 
996         /* Configure hardware. */
997         atmel_aes_write_ctrl(dd, use_dma, ctx->iv);
998         if (unlikely(fragmented)) {
999                 /*
1000                  * Increment the counter manually to cope with the hardware
1001                  * counter overflow.
1002                  */
1003                 ctx->iv[3] = cpu_to_be32(ctr);
1004                 crypto_inc((u8 *)ctx->iv, AES_BLOCK_SIZE);
1005         }
1006 
1007         if (use_dma)
1008                 return atmel_aes_dma_start(dd, src, dst, datalen,
1009                                            atmel_aes_ctr_transfer);
1010 
1011         return atmel_aes_cpu_start(dd, src, dst, datalen,
1012                                    atmel_aes_ctr_transfer);
1013 }
1014 
1015 static int atmel_aes_ctr_start(struct atmel_aes_dev *dd)
1016 {
1017         struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
1018         struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
1019         struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
1020         int err;
1021 
1022         atmel_aes_set_mode(dd, rctx);
1023 
1024         err = atmel_aes_hw_init(dd);
1025         if (err)
1026                 return atmel_aes_complete(dd, err);
1027 
1028         memcpy(ctx->iv, req->info, AES_BLOCK_SIZE);
1029         ctx->offset = 0;
1030         dd->total = 0;
1031         return atmel_aes_ctr_transfer(dd);
1032 }
1033 
1034 static int atmel_aes_crypt(struct ablkcipher_request *req, unsigned long mode)
1035 {
1036         struct atmel_aes_base_ctx *ctx;
1037         struct atmel_aes_reqctx *rctx;
1038         struct atmel_aes_dev *dd;
1039 
1040         ctx = crypto_ablkcipher_ctx(crypto_ablkcipher_reqtfm(req));
1041         switch (mode & AES_FLAGS_OPMODE_MASK) {
1042         case AES_FLAGS_CFB8:
1043                 ctx->block_size = CFB8_BLOCK_SIZE;
1044                 break;
1045 
1046         case AES_FLAGS_CFB16:
1047                 ctx->block_size = CFB16_BLOCK_SIZE;
1048                 break;
1049 
1050         case AES_FLAGS_CFB32:
1051                 ctx->block_size = CFB32_BLOCK_SIZE;
1052                 break;
1053 
1054         case AES_FLAGS_CFB64:
1055                 ctx->block_size = CFB64_BLOCK_SIZE;
1056                 break;
1057 
1058         default:
1059                 ctx->block_size = AES_BLOCK_SIZE;
1060                 break;
1061         }
1062 
1063         dd = atmel_aes_find_dev(ctx);
1064         if (!dd)
1065                 return -ENODEV;
1066 
1067         rctx = ablkcipher_request_ctx(req);
1068         rctx->mode = mode;
1069 
1070         return atmel_aes_handle_queue(dd, &req->base);
1071 }
1072 
1073 static int atmel_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1074                            unsigned int keylen)
1075 {
1076         struct atmel_aes_base_ctx *ctx = crypto_ablkcipher_ctx(tfm);
1077 
1078         if (keylen != AES_KEYSIZE_128 &&
1079             keylen != AES_KEYSIZE_192 &&
1080             keylen != AES_KEYSIZE_256) {
1081                 crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1082                 return -EINVAL;
1083         }
1084 
1085         memcpy(ctx->key, key, keylen);
1086         ctx->keylen = keylen;
1087 
1088         return 0;
1089 }
1090 
1091 static int atmel_aes_ecb_encrypt(struct ablkcipher_request *req)
1092 {
1093         return atmel_aes_crypt(req, AES_FLAGS_ECB | AES_FLAGS_ENCRYPT);
1094 }
1095 
1096 static int atmel_aes_ecb_decrypt(struct ablkcipher_request *req)
1097 {
1098         return atmel_aes_crypt(req, AES_FLAGS_ECB);
1099 }
1100 
1101 static int atmel_aes_cbc_encrypt(struct ablkcipher_request *req)
1102 {
1103         return atmel_aes_crypt(req, AES_FLAGS_CBC | AES_FLAGS_ENCRYPT);
1104 }
1105 
1106 static int atmel_aes_cbc_decrypt(struct ablkcipher_request *req)
1107 {
1108         return atmel_aes_crypt(req, AES_FLAGS_CBC);
1109 }
1110 
1111 static int atmel_aes_ofb_encrypt(struct ablkcipher_request *req)
1112 {
1113         return atmel_aes_crypt(req, AES_FLAGS_OFB | AES_FLAGS_ENCRYPT);
1114 }
1115 
1116 static int atmel_aes_ofb_decrypt(struct ablkcipher_request *req)
1117 {
1118         return atmel_aes_crypt(req, AES_FLAGS_OFB);
1119 }
1120 
1121 static int atmel_aes_cfb_encrypt(struct ablkcipher_request *req)
1122 {
1123         return atmel_aes_crypt(req, AES_FLAGS_CFB128 | AES_FLAGS_ENCRYPT);
1124 }
1125 
1126 static int atmel_aes_cfb_decrypt(struct ablkcipher_request *req)
1127 {
1128         return atmel_aes_crypt(req, AES_FLAGS_CFB128);
1129 }
1130 
1131 static int atmel_aes_cfb64_encrypt(struct ablkcipher_request *req)
1132 {
1133         return atmel_aes_crypt(req, AES_FLAGS_CFB64 | AES_FLAGS_ENCRYPT);
1134 }
1135 
1136 static int atmel_aes_cfb64_decrypt(struct ablkcipher_request *req)
1137 {
1138         return atmel_aes_crypt(req, AES_FLAGS_CFB64);
1139 }
1140 
1141 static int atmel_aes_cfb32_encrypt(struct ablkcipher_request *req)
1142 {
1143         return atmel_aes_crypt(req, AES_FLAGS_CFB32 | AES_FLAGS_ENCRYPT);
1144 }
1145 
1146 static int atmel_aes_cfb32_decrypt(struct ablkcipher_request *req)
1147 {
1148         return atmel_aes_crypt(req, AES_FLAGS_CFB32);
1149 }
1150 
1151 static int atmel_aes_cfb16_encrypt(struct ablkcipher_request *req)
1152 {
1153         return atmel_aes_crypt(req, AES_FLAGS_CFB16 | AES_FLAGS_ENCRYPT);
1154 }
1155 
1156 static int atmel_aes_cfb16_decrypt(struct ablkcipher_request *req)
1157 {
1158         return atmel_aes_crypt(req, AES_FLAGS_CFB16);
1159 }
1160 
1161 static int atmel_aes_cfb8_encrypt(struct ablkcipher_request *req)
1162 {
1163         return atmel_aes_crypt(req, AES_FLAGS_CFB8 | AES_FLAGS_ENCRYPT);
1164 }
1165 
1166 static int atmel_aes_cfb8_decrypt(struct ablkcipher_request *req)
1167 {
1168         return atmel_aes_crypt(req, AES_FLAGS_CFB8);
1169 }
1170 
1171 static int atmel_aes_ctr_encrypt(struct ablkcipher_request *req)
1172 {
1173         return atmel_aes_crypt(req, AES_FLAGS_CTR | AES_FLAGS_ENCRYPT);
1174 }
1175 
1176 static int atmel_aes_ctr_decrypt(struct ablkcipher_request *req)
1177 {
1178         return atmel_aes_crypt(req, AES_FLAGS_CTR);
1179 }
1180 
1181 static int atmel_aes_cra_init(struct crypto_tfm *tfm)
1182 {
1183         struct atmel_aes_ctx *ctx = crypto_tfm_ctx(tfm);
1184 
1185         tfm->crt_ablkcipher.reqsize = sizeof(struct atmel_aes_reqctx);
1186         ctx->base.start = atmel_aes_start;
1187 
1188         return 0;
1189 }
1190 
1191 static int atmel_aes_ctr_cra_init(struct crypto_tfm *tfm)
1192 {
1193         struct atmel_aes_ctx *ctx = crypto_tfm_ctx(tfm);
1194 
1195         tfm->crt_ablkcipher.reqsize = sizeof(struct atmel_aes_reqctx);
1196         ctx->base.start = atmel_aes_ctr_start;
1197 
1198         return 0;
1199 }
1200 
1201 static void atmel_aes_cra_exit(struct crypto_tfm *tfm)
1202 {
1203 }
1204 
1205 static struct crypto_alg aes_algs[] = {
1206 {
1207         .cra_name               = "ecb(aes)",
1208         .cra_driver_name        = "atmel-ecb-aes",
1209         .cra_priority           = ATMEL_AES_PRIORITY,
1210         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1211         .cra_blocksize          = AES_BLOCK_SIZE,
1212         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1213         .cra_alignmask          = 0xf,
1214         .cra_type               = &crypto_ablkcipher_type,
1215         .cra_module             = THIS_MODULE,
1216         .cra_init               = atmel_aes_cra_init,
1217         .cra_exit               = atmel_aes_cra_exit,
1218         .cra_u.ablkcipher = {
1219                 .min_keysize    = AES_MIN_KEY_SIZE,
1220                 .max_keysize    = AES_MAX_KEY_SIZE,
1221                 .setkey         = atmel_aes_setkey,
1222                 .encrypt        = atmel_aes_ecb_encrypt,
1223                 .decrypt        = atmel_aes_ecb_decrypt,
1224         }
1225 },
1226 {
1227         .cra_name               = "cbc(aes)",
1228         .cra_driver_name        = "atmel-cbc-aes",
1229         .cra_priority           = ATMEL_AES_PRIORITY,
1230         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1231         .cra_blocksize          = AES_BLOCK_SIZE,
1232         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1233         .cra_alignmask          = 0xf,
1234         .cra_type               = &crypto_ablkcipher_type,
1235         .cra_module             = THIS_MODULE,
1236         .cra_init               = atmel_aes_cra_init,
1237         .cra_exit               = atmel_aes_cra_exit,
1238         .cra_u.ablkcipher = {
1239                 .min_keysize    = AES_MIN_KEY_SIZE,
1240                 .max_keysize    = AES_MAX_KEY_SIZE,
1241                 .ivsize         = AES_BLOCK_SIZE,
1242                 .setkey         = atmel_aes_setkey,
1243                 .encrypt        = atmel_aes_cbc_encrypt,
1244                 .decrypt        = atmel_aes_cbc_decrypt,
1245         }
1246 },
1247 {
1248         .cra_name               = "ofb(aes)",
1249         .cra_driver_name        = "atmel-ofb-aes",
1250         .cra_priority           = ATMEL_AES_PRIORITY,
1251         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1252         .cra_blocksize          = AES_BLOCK_SIZE,
1253         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1254         .cra_alignmask          = 0xf,
1255         .cra_type               = &crypto_ablkcipher_type,
1256         .cra_module             = THIS_MODULE,
1257         .cra_init               = atmel_aes_cra_init,
1258         .cra_exit               = atmel_aes_cra_exit,
1259         .cra_u.ablkcipher = {
1260                 .min_keysize    = AES_MIN_KEY_SIZE,
1261                 .max_keysize    = AES_MAX_KEY_SIZE,
1262                 .ivsize         = AES_BLOCK_SIZE,
1263                 .setkey         = atmel_aes_setkey,
1264                 .encrypt        = atmel_aes_ofb_encrypt,
1265                 .decrypt        = atmel_aes_ofb_decrypt,
1266         }
1267 },
1268 {
1269         .cra_name               = "cfb(aes)",
1270         .cra_driver_name        = "atmel-cfb-aes",
1271         .cra_priority           = ATMEL_AES_PRIORITY,
1272         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1273         .cra_blocksize          = AES_BLOCK_SIZE,
1274         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1275         .cra_alignmask          = 0xf,
1276         .cra_type               = &crypto_ablkcipher_type,
1277         .cra_module             = THIS_MODULE,
1278         .cra_init               = atmel_aes_cra_init,
1279         .cra_exit               = atmel_aes_cra_exit,
1280         .cra_u.ablkcipher = {
1281                 .min_keysize    = AES_MIN_KEY_SIZE,
1282                 .max_keysize    = AES_MAX_KEY_SIZE,
1283                 .ivsize         = AES_BLOCK_SIZE,
1284                 .setkey         = atmel_aes_setkey,
1285                 .encrypt        = atmel_aes_cfb_encrypt,
1286                 .decrypt        = atmel_aes_cfb_decrypt,
1287         }
1288 },
1289 {
1290         .cra_name               = "cfb32(aes)",
1291         .cra_driver_name        = "atmel-cfb32-aes",
1292         .cra_priority           = ATMEL_AES_PRIORITY,
1293         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1294         .cra_blocksize          = CFB32_BLOCK_SIZE,
1295         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1296         .cra_alignmask          = 0x3,
1297         .cra_type               = &crypto_ablkcipher_type,
1298         .cra_module             = THIS_MODULE,
1299         .cra_init               = atmel_aes_cra_init,
1300         .cra_exit               = atmel_aes_cra_exit,
1301         .cra_u.ablkcipher = {
1302                 .min_keysize    = AES_MIN_KEY_SIZE,
1303                 .max_keysize    = AES_MAX_KEY_SIZE,
1304                 .ivsize         = AES_BLOCK_SIZE,
1305                 .setkey         = atmel_aes_setkey,
1306                 .encrypt        = atmel_aes_cfb32_encrypt,
1307                 .decrypt        = atmel_aes_cfb32_decrypt,
1308         }
1309 },
1310 {
1311         .cra_name               = "cfb16(aes)",
1312         .cra_driver_name        = "atmel-cfb16-aes",
1313         .cra_priority           = ATMEL_AES_PRIORITY,
1314         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1315         .cra_blocksize          = CFB16_BLOCK_SIZE,
1316         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1317         .cra_alignmask          = 0x1,
1318         .cra_type               = &crypto_ablkcipher_type,
1319         .cra_module             = THIS_MODULE,
1320         .cra_init               = atmel_aes_cra_init,
1321         .cra_exit               = atmel_aes_cra_exit,
1322         .cra_u.ablkcipher = {
1323                 .min_keysize    = AES_MIN_KEY_SIZE,
1324                 .max_keysize    = AES_MAX_KEY_SIZE,
1325                 .ivsize         = AES_BLOCK_SIZE,
1326                 .setkey         = atmel_aes_setkey,
1327                 .encrypt        = atmel_aes_cfb16_encrypt,
1328                 .decrypt        = atmel_aes_cfb16_decrypt,
1329         }
1330 },
1331 {
1332         .cra_name               = "cfb8(aes)",
1333         .cra_driver_name        = "atmel-cfb8-aes",
1334         .cra_priority           = ATMEL_AES_PRIORITY,
1335         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1336         .cra_blocksize          = CFB8_BLOCK_SIZE,
1337         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1338         .cra_alignmask          = 0x0,
1339         .cra_type               = &crypto_ablkcipher_type,
1340         .cra_module             = THIS_MODULE,
1341         .cra_init               = atmel_aes_cra_init,
1342         .cra_exit               = atmel_aes_cra_exit,
1343         .cra_u.ablkcipher = {
1344                 .min_keysize    = AES_MIN_KEY_SIZE,
1345                 .max_keysize    = AES_MAX_KEY_SIZE,
1346                 .ivsize         = AES_BLOCK_SIZE,
1347                 .setkey         = atmel_aes_setkey,
1348                 .encrypt        = atmel_aes_cfb8_encrypt,
1349                 .decrypt        = atmel_aes_cfb8_decrypt,
1350         }
1351 },
1352 {
1353         .cra_name               = "ctr(aes)",
1354         .cra_driver_name        = "atmel-ctr-aes",
1355         .cra_priority           = ATMEL_AES_PRIORITY,
1356         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1357         .cra_blocksize          = 1,
1358         .cra_ctxsize            = sizeof(struct atmel_aes_ctr_ctx),
1359         .cra_alignmask          = 0xf,
1360         .cra_type               = &crypto_ablkcipher_type,
1361         .cra_module             = THIS_MODULE,
1362         .cra_init               = atmel_aes_ctr_cra_init,
1363         .cra_exit               = atmel_aes_cra_exit,
1364         .cra_u.ablkcipher = {
1365                 .min_keysize    = AES_MIN_KEY_SIZE,
1366                 .max_keysize    = AES_MAX_KEY_SIZE,
1367                 .ivsize         = AES_BLOCK_SIZE,
1368                 .setkey         = atmel_aes_setkey,
1369                 .encrypt        = atmel_aes_ctr_encrypt,
1370                 .decrypt        = atmel_aes_ctr_decrypt,
1371         }
1372 },
1373 };
1374 
1375 static struct crypto_alg aes_cfb64_alg = {
1376         .cra_name               = "cfb64(aes)",
1377         .cra_driver_name        = "atmel-cfb64-aes",
1378         .cra_priority           = ATMEL_AES_PRIORITY,
1379         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1380         .cra_blocksize          = CFB64_BLOCK_SIZE,
1381         .cra_ctxsize            = sizeof(struct atmel_aes_ctx),
1382         .cra_alignmask          = 0x7,
1383         .cra_type               = &crypto_ablkcipher_type,
1384         .cra_module             = THIS_MODULE,
1385         .cra_init               = atmel_aes_cra_init,
1386         .cra_exit               = atmel_aes_cra_exit,
1387         .cra_u.ablkcipher = {
1388                 .min_keysize    = AES_MIN_KEY_SIZE,
1389                 .max_keysize    = AES_MAX_KEY_SIZE,
1390                 .ivsize         = AES_BLOCK_SIZE,
1391                 .setkey         = atmel_aes_setkey,
1392                 .encrypt        = atmel_aes_cfb64_encrypt,
1393                 .decrypt        = atmel_aes_cfb64_decrypt,
1394         }
1395 };
1396 
1397 
1398 /* gcm aead functions */
1399 
1400 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1401                                const u32 *data, size_t datalen,
1402                                const u32 *ghash_in, u32 *ghash_out,
1403                                atmel_aes_fn_t resume);
1404 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd);
1405 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd);
1406 
1407 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd);
1408 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd);
1409 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd);
1410 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd);
1411 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd);
1412 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd);
1413 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd);
1414 
1415 static inline struct atmel_aes_gcm_ctx *
1416 atmel_aes_gcm_ctx_cast(struct atmel_aes_base_ctx *ctx)
1417 {
1418         return container_of(ctx, struct atmel_aes_gcm_ctx, base);
1419 }
1420 
1421 static int atmel_aes_gcm_ghash(struct atmel_aes_dev *dd,
1422                                const u32 *data, size_t datalen,
1423                                const u32 *ghash_in, u32 *ghash_out,
1424                                atmel_aes_fn_t resume)
1425 {
1426         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1427 
1428         dd->data = (u32 *)data;
1429         dd->datalen = datalen;
1430         ctx->ghash_in = ghash_in;
1431         ctx->ghash_out = ghash_out;
1432         ctx->ghash_resume = resume;
1433 
1434         atmel_aes_write_ctrl(dd, false, NULL);
1435         return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_ghash_init);
1436 }
1437 
1438 static int atmel_aes_gcm_ghash_init(struct atmel_aes_dev *dd)
1439 {
1440         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1441 
1442         /* Set the data length. */
1443         atmel_aes_write(dd, AES_AADLENR, dd->total);
1444         atmel_aes_write(dd, AES_CLENR, 0);
1445 
1446         /* If needed, overwrite the GCM Intermediate Hash Word Registers */
1447         if (ctx->ghash_in)
1448                 atmel_aes_write_block(dd, AES_GHASHR(0), ctx->ghash_in);
1449 
1450         return atmel_aes_gcm_ghash_finalize(dd);
1451 }
1452 
1453 static int atmel_aes_gcm_ghash_finalize(struct atmel_aes_dev *dd)
1454 {
1455         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1456         u32 isr;
1457 
1458         /* Write data into the Input Data Registers. */
1459         while (dd->datalen > 0) {
1460                 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
1461                 dd->data += 4;
1462                 dd->datalen -= AES_BLOCK_SIZE;
1463 
1464                 isr = atmel_aes_read(dd, AES_ISR);
1465                 if (!(isr & AES_INT_DATARDY)) {
1466                         dd->resume = atmel_aes_gcm_ghash_finalize;
1467                         atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1468                         return -EINPROGRESS;
1469                 }
1470         }
1471 
1472         /* Read the computed hash from GHASHRx. */
1473         atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash_out);
1474 
1475         return ctx->ghash_resume(dd);
1476 }
1477 
1478 
1479 static int atmel_aes_gcm_start(struct atmel_aes_dev *dd)
1480 {
1481         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1482         struct aead_request *req = aead_request_cast(dd->areq);
1483         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1484         struct atmel_aes_reqctx *rctx = aead_request_ctx(req);
1485         size_t ivsize = crypto_aead_ivsize(tfm);
1486         size_t datalen, padlen;
1487         const void *iv = req->iv;
1488         u8 *data = dd->buf;
1489         int err;
1490 
1491         atmel_aes_set_mode(dd, rctx);
1492 
1493         err = atmel_aes_hw_init(dd);
1494         if (err)
1495                 return atmel_aes_complete(dd, err);
1496 
1497         if (likely(ivsize == 12)) {
1498                 memcpy(ctx->j0, iv, ivsize);
1499                 ctx->j0[3] = cpu_to_be32(1);
1500                 return atmel_aes_gcm_process(dd);
1501         }
1502 
1503         padlen = atmel_aes_padlen(ivsize, AES_BLOCK_SIZE);
1504         datalen = ivsize + padlen + AES_BLOCK_SIZE;
1505         if (datalen > dd->buflen)
1506                 return atmel_aes_complete(dd, -EINVAL);
1507 
1508         memcpy(data, iv, ivsize);
1509         memset(data + ivsize, 0, padlen + sizeof(u64));
1510         ((u64 *)(data + datalen))[-1] = cpu_to_be64(ivsize * 8);
1511 
1512         return atmel_aes_gcm_ghash(dd, (const u32 *)data, datalen,
1513                                    NULL, ctx->j0, atmel_aes_gcm_process);
1514 }
1515 
1516 static int atmel_aes_gcm_process(struct atmel_aes_dev *dd)
1517 {
1518         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1519         struct aead_request *req = aead_request_cast(dd->areq);
1520         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1521         bool enc = atmel_aes_is_encrypt(dd);
1522         u32 authsize;
1523 
1524         /* Compute text length. */
1525         authsize = crypto_aead_authsize(tfm);
1526         ctx->textlen = req->cryptlen - (enc ? 0 : authsize);
1527 
1528         /*
1529          * According to tcrypt test suite, the GCM Automatic Tag Generation
1530          * fails when both the message and its associated data are empty.
1531          */
1532         if (likely(req->assoclen != 0 || ctx->textlen != 0))
1533                 dd->flags |= AES_FLAGS_GTAGEN;
1534 
1535         atmel_aes_write_ctrl(dd, false, NULL);
1536         return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_length);
1537 }
1538 
1539 static int atmel_aes_gcm_length(struct atmel_aes_dev *dd)
1540 {
1541         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1542         struct aead_request *req = aead_request_cast(dd->areq);
1543         u32 j0_lsw, *j0 = ctx->j0;
1544         size_t padlen;
1545 
1546         /* Write incr32(J0) into IV. */
1547         j0_lsw = j0[3];
1548         j0[3] = cpu_to_be32(be32_to_cpu(j0[3]) + 1);
1549         atmel_aes_write_block(dd, AES_IVR(0), j0);
1550         j0[3] = j0_lsw;
1551 
1552         /* Set aad and text lengths. */
1553         atmel_aes_write(dd, AES_AADLENR, req->assoclen);
1554         atmel_aes_write(dd, AES_CLENR, ctx->textlen);
1555 
1556         /* Check whether AAD are present. */
1557         if (unlikely(req->assoclen == 0)) {
1558                 dd->datalen = 0;
1559                 return atmel_aes_gcm_data(dd);
1560         }
1561 
1562         /* Copy assoc data and add padding. */
1563         padlen = atmel_aes_padlen(req->assoclen, AES_BLOCK_SIZE);
1564         if (unlikely(req->assoclen + padlen > dd->buflen))
1565                 return atmel_aes_complete(dd, -EINVAL);
1566         sg_copy_to_buffer(req->src, sg_nents(req->src), dd->buf, req->assoclen);
1567 
1568         /* Write assoc data into the Input Data register. */
1569         dd->data = (u32 *)dd->buf;
1570         dd->datalen = req->assoclen + padlen;
1571         return atmel_aes_gcm_data(dd);
1572 }
1573 
1574 static int atmel_aes_gcm_data(struct atmel_aes_dev *dd)
1575 {
1576         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1577         struct aead_request *req = aead_request_cast(dd->areq);
1578         bool use_dma = (ctx->textlen >= ATMEL_AES_DMA_THRESHOLD);
1579         struct scatterlist *src, *dst;
1580         u32 isr, mr;
1581 
1582         /* Write AAD first. */
1583         while (dd->datalen > 0) {
1584                 atmel_aes_write_block(dd, AES_IDATAR(0), dd->data);
1585                 dd->data += 4;
1586                 dd->datalen -= AES_BLOCK_SIZE;
1587 
1588                 isr = atmel_aes_read(dd, AES_ISR);
1589                 if (!(isr & AES_INT_DATARDY)) {
1590                         dd->resume = atmel_aes_gcm_data;
1591                         atmel_aes_write(dd, AES_IER, AES_INT_DATARDY);
1592                         return -EINPROGRESS;
1593                 }
1594         }
1595 
1596         /* GMAC only. */
1597         if (unlikely(ctx->textlen == 0))
1598                 return atmel_aes_gcm_tag_init(dd);
1599 
1600         /* Prepare src and dst scatter lists to transfer cipher/plain texts */
1601         src = scatterwalk_ffwd(ctx->src, req->src, req->assoclen);
1602         dst = ((req->src == req->dst) ? src :
1603                scatterwalk_ffwd(ctx->dst, req->dst, req->assoclen));
1604 
1605         if (use_dma) {
1606                 /* Update the Mode Register for DMA transfers. */
1607                 mr = atmel_aes_read(dd, AES_MR);
1608                 mr &= ~(AES_MR_SMOD_MASK | AES_MR_DUALBUFF);
1609                 mr |= AES_MR_SMOD_IDATAR0;
1610                 if (dd->caps.has_dualbuff)
1611                         mr |= AES_MR_DUALBUFF;
1612                 atmel_aes_write(dd, AES_MR, mr);
1613 
1614                 return atmel_aes_dma_start(dd, src, dst, ctx->textlen,
1615                                            atmel_aes_gcm_tag_init);
1616         }
1617 
1618         return atmel_aes_cpu_start(dd, src, dst, ctx->textlen,
1619                                    atmel_aes_gcm_tag_init);
1620 }
1621 
1622 static int atmel_aes_gcm_tag_init(struct atmel_aes_dev *dd)
1623 {
1624         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1625         struct aead_request *req = aead_request_cast(dd->areq);
1626         u64 *data = dd->buf;
1627 
1628         if (likely(dd->flags & AES_FLAGS_GTAGEN)) {
1629                 if (!(atmel_aes_read(dd, AES_ISR) & AES_INT_TAGRDY)) {
1630                         dd->resume = atmel_aes_gcm_tag_init;
1631                         atmel_aes_write(dd, AES_IER, AES_INT_TAGRDY);
1632                         return -EINPROGRESS;
1633                 }
1634 
1635                 return atmel_aes_gcm_finalize(dd);
1636         }
1637 
1638         /* Read the GCM Intermediate Hash Word Registers. */
1639         atmel_aes_read_block(dd, AES_GHASHR(0), ctx->ghash);
1640 
1641         data[0] = cpu_to_be64(req->assoclen * 8);
1642         data[1] = cpu_to_be64(ctx->textlen * 8);
1643 
1644         return atmel_aes_gcm_ghash(dd, (const u32 *)data, AES_BLOCK_SIZE,
1645                                    ctx->ghash, ctx->ghash, atmel_aes_gcm_tag);
1646 }
1647 
1648 static int atmel_aes_gcm_tag(struct atmel_aes_dev *dd)
1649 {
1650         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1651         unsigned long flags;
1652 
1653         /*
1654          * Change mode to CTR to complete the tag generation.
1655          * Use J0 as Initialization Vector.
1656          */
1657         flags = dd->flags;
1658         dd->flags &= ~(AES_FLAGS_OPMODE_MASK | AES_FLAGS_GTAGEN);
1659         dd->flags |= AES_FLAGS_CTR;
1660         atmel_aes_write_ctrl(dd, false, ctx->j0);
1661         dd->flags = flags;
1662 
1663         atmel_aes_write_block(dd, AES_IDATAR(0), ctx->ghash);
1664         return atmel_aes_wait_for_data_ready(dd, atmel_aes_gcm_finalize);
1665 }
1666 
1667 static int atmel_aes_gcm_finalize(struct atmel_aes_dev *dd)
1668 {
1669         struct atmel_aes_gcm_ctx *ctx = atmel_aes_gcm_ctx_cast(dd->ctx);
1670         struct aead_request *req = aead_request_cast(dd->areq);
1671         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1672         bool enc = atmel_aes_is_encrypt(dd);
1673         u32 offset, authsize, itag[4], *otag = ctx->tag;
1674         int err;
1675 
1676         /* Read the computed tag. */
1677         if (likely(dd->flags & AES_FLAGS_GTAGEN))
1678                 atmel_aes_read_block(dd, AES_TAGR(0), ctx->tag);
1679         else
1680                 atmel_aes_read_block(dd, AES_ODATAR(0), ctx->tag);
1681 
1682         offset = req->assoclen + ctx->textlen;
1683         authsize = crypto_aead_authsize(tfm);
1684         if (enc) {
1685                 scatterwalk_map_and_copy(otag, req->dst, offset, authsize, 1);
1686                 err = 0;
1687         } else {
1688                 scatterwalk_map_and_copy(itag, req->src, offset, authsize, 0);
1689                 err = crypto_memneq(itag, otag, authsize) ? -EBADMSG : 0;
1690         }
1691 
1692         return atmel_aes_complete(dd, err);
1693 }
1694 
1695 static int atmel_aes_gcm_crypt(struct aead_request *req,
1696                                unsigned long mode)
1697 {
1698         struct atmel_aes_base_ctx *ctx;
1699         struct atmel_aes_reqctx *rctx;
1700         struct atmel_aes_dev *dd;
1701 
1702         ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
1703         ctx->block_size = AES_BLOCK_SIZE;
1704 
1705         dd = atmel_aes_find_dev(ctx);
1706         if (!dd)
1707                 return -ENODEV;
1708 
1709         rctx = aead_request_ctx(req);
1710         rctx->mode = AES_FLAGS_GCM | mode;
1711 
1712         return atmel_aes_handle_queue(dd, &req->base);
1713 }
1714 
1715 static int atmel_aes_gcm_setkey(struct crypto_aead *tfm, const u8 *key,
1716                                 unsigned int keylen)
1717 {
1718         struct atmel_aes_base_ctx *ctx = crypto_aead_ctx(tfm);
1719 
1720         if (keylen != AES_KEYSIZE_256 &&
1721             keylen != AES_KEYSIZE_192 &&
1722             keylen != AES_KEYSIZE_128) {
1723                 crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
1724                 return -EINVAL;
1725         }
1726 
1727         memcpy(ctx->key, key, keylen);
1728         ctx->keylen = keylen;
1729 
1730         return 0;
1731 }
1732 
1733 static int atmel_aes_gcm_setauthsize(struct crypto_aead *tfm,
1734                                      unsigned int authsize)
1735 {
1736         /* Same as crypto_gcm_authsize() from crypto/gcm.c */
1737         switch (authsize) {
1738         case 4:
1739         case 8:
1740         case 12:
1741         case 13:
1742         case 14:
1743         case 15:
1744         case 16:
1745                 break;
1746         default:
1747                 return -EINVAL;
1748         }
1749 
1750         return 0;
1751 }
1752 
1753 static int atmel_aes_gcm_encrypt(struct aead_request *req)
1754 {
1755         return atmel_aes_gcm_crypt(req, AES_FLAGS_ENCRYPT);
1756 }
1757 
1758 static int atmel_aes_gcm_decrypt(struct aead_request *req)
1759 {
1760         return atmel_aes_gcm_crypt(req, 0);
1761 }
1762 
1763 static int atmel_aes_gcm_init(struct crypto_aead *tfm)
1764 {
1765         struct atmel_aes_gcm_ctx *ctx = crypto_aead_ctx(tfm);
1766 
1767         crypto_aead_set_reqsize(tfm, sizeof(struct atmel_aes_reqctx));
1768         ctx->base.start = atmel_aes_gcm_start;
1769 
1770         return 0;
1771 }
1772 
1773 static void atmel_aes_gcm_exit(struct crypto_aead *tfm)
1774 {
1775 
1776 }
1777 
1778 static struct aead_alg aes_gcm_alg = {
1779         .setkey         = atmel_aes_gcm_setkey,
1780         .setauthsize    = atmel_aes_gcm_setauthsize,
1781         .encrypt        = atmel_aes_gcm_encrypt,
1782         .decrypt        = atmel_aes_gcm_decrypt,
1783         .init           = atmel_aes_gcm_init,
1784         .exit           = atmel_aes_gcm_exit,
1785         .ivsize         = 12,
1786         .maxauthsize    = AES_BLOCK_SIZE,
1787 
1788         .base = {
1789                 .cra_name               = "gcm(aes)",
1790                 .cra_driver_name        = "atmel-gcm-aes",
1791                 .cra_priority           = ATMEL_AES_PRIORITY,
1792                 .cra_flags              = CRYPTO_ALG_ASYNC,
1793                 .cra_blocksize          = 1,
1794                 .cra_ctxsize            = sizeof(struct atmel_aes_gcm_ctx),
1795                 .cra_alignmask          = 0xf,
1796                 .cra_module             = THIS_MODULE,
1797         },
1798 };
1799 
1800 
1801 /* xts functions */
1802 
1803 static inline struct atmel_aes_xts_ctx *
1804 atmel_aes_xts_ctx_cast(struct atmel_aes_base_ctx *ctx)
1805 {
1806         return container_of(ctx, struct atmel_aes_xts_ctx, base);
1807 }
1808 
1809 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd);
1810 
1811 static int atmel_aes_xts_start(struct atmel_aes_dev *dd)
1812 {
1813         struct atmel_aes_xts_ctx *ctx = atmel_aes_xts_ctx_cast(dd->ctx);
1814         struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
1815         struct atmel_aes_reqctx *rctx = ablkcipher_request_ctx(req);
1816         unsigned long flags;
1817         int err;
1818 
1819         atmel_aes_set_mode(dd, rctx);
1820 
1821         err = atmel_aes_hw_init(dd);
1822         if (err)
1823                 return atmel_aes_complete(dd, err);
1824 
1825         /* Compute the tweak value from req->info with ecb(aes). */
1826         flags = dd->flags;
1827         dd->flags &= ~AES_FLAGS_MODE_MASK;
1828         dd->flags |= (AES_FLAGS_ECB | AES_FLAGS_ENCRYPT);
1829         atmel_aes_write_ctrl_key(dd, false, NULL,
1830                                  ctx->key2, ctx->base.keylen);
1831         dd->flags = flags;
1832 
1833         atmel_aes_write_block(dd, AES_IDATAR(0), req->info);
1834         return atmel_aes_wait_for_data_ready(dd, atmel_aes_xts_process_data);
1835 }
1836 
1837 static int atmel_aes_xts_process_data(struct atmel_aes_dev *dd)
1838 {
1839         struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
1840         bool use_dma = (req->nbytes >= ATMEL_AES_DMA_THRESHOLD);
1841         u32 tweak[AES_BLOCK_SIZE / sizeof(u32)];
1842         static const u32 one[AES_BLOCK_SIZE / sizeof(u32)] = {cpu_to_le32(1), };
1843         u8 *tweak_bytes = (u8 *)tweak;
1844         int i;
1845 
1846         /* Read the computed ciphered tweak value. */
1847         atmel_aes_read_block(dd, AES_ODATAR(0), tweak);
1848         /*
1849          * Hardware quirk:
1850          * the order of the ciphered tweak bytes need to be reversed before
1851          * writing them into the ODATARx registers.
1852          */
1853         for (i = 0; i < AES_BLOCK_SIZE/2; ++i) {
1854                 u8 tmp = tweak_bytes[AES_BLOCK_SIZE - 1 - i];
1855 
1856                 tweak_bytes[AES_BLOCK_SIZE - 1 - i] = tweak_bytes[i];
1857                 tweak_bytes[i] = tmp;
1858         }
1859 
1860         /* Process the data. */
1861         atmel_aes_write_ctrl(dd, use_dma, NULL);
1862         atmel_aes_write_block(dd, AES_TWR(0), tweak);
1863         atmel_aes_write_block(dd, AES_ALPHAR(0), one);
1864         if (use_dma)
1865                 return atmel_aes_dma_start(dd, req->src, req->dst, req->nbytes,
1866                                            atmel_aes_transfer_complete);
1867 
1868         return atmel_aes_cpu_start(dd, req->src, req->dst, req->nbytes,
1869                                    atmel_aes_transfer_complete);
1870 }
1871 
1872 static int atmel_aes_xts_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
1873                                 unsigned int keylen)
1874 {
1875         struct atmel_aes_xts_ctx *ctx = crypto_ablkcipher_ctx(tfm);
1876         int err;
1877 
1878         err = xts_check_key(crypto_ablkcipher_tfm(tfm), key, keylen);
1879         if (err)
1880                 return err;
1881 
1882         memcpy(ctx->base.key, key, keylen/2);
1883         memcpy(ctx->key2, key + keylen/2, keylen/2);
1884         ctx->base.keylen = keylen/2;
1885 
1886         return 0;
1887 }
1888 
1889 static int atmel_aes_xts_encrypt(struct ablkcipher_request *req)
1890 {
1891         return atmel_aes_crypt(req, AES_FLAGS_XTS | AES_FLAGS_ENCRYPT);
1892 }
1893 
1894 static int atmel_aes_xts_decrypt(struct ablkcipher_request *req)
1895 {
1896         return atmel_aes_crypt(req, AES_FLAGS_XTS);
1897 }
1898 
1899 static int atmel_aes_xts_cra_init(struct crypto_tfm *tfm)
1900 {
1901         struct atmel_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm);
1902 
1903         tfm->crt_ablkcipher.reqsize = sizeof(struct atmel_aes_reqctx);
1904         ctx->base.start = atmel_aes_xts_start;
1905 
1906         return 0;
1907 }
1908 
1909 static struct crypto_alg aes_xts_alg = {
1910         .cra_name               = "xts(aes)",
1911         .cra_driver_name        = "atmel-xts-aes",
1912         .cra_priority           = ATMEL_AES_PRIORITY,
1913         .cra_flags              = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC,
1914         .cra_blocksize          = AES_BLOCK_SIZE,
1915         .cra_ctxsize            = sizeof(struct atmel_aes_xts_ctx),
1916         .cra_alignmask          = 0xf,
1917         .cra_type               = &crypto_ablkcipher_type,
1918         .cra_module             = THIS_MODULE,
1919         .cra_init               = atmel_aes_xts_cra_init,
1920         .cra_exit               = atmel_aes_cra_exit,
1921         .cra_u.ablkcipher = {
1922                 .min_keysize    = 2 * AES_MIN_KEY_SIZE,
1923                 .max_keysize    = 2 * AES_MAX_KEY_SIZE,
1924                 .ivsize         = AES_BLOCK_SIZE,
1925                 .setkey         = atmel_aes_xts_setkey,
1926                 .encrypt        = atmel_aes_xts_encrypt,
1927                 .decrypt        = atmel_aes_xts_decrypt,
1928         }
1929 };
1930 
1931 
1932 /* Probe functions */
1933 
1934 static int atmel_aes_buff_init(struct atmel_aes_dev *dd)
1935 {
1936         dd->buf = (void *)__get_free_pages(GFP_KERNEL, ATMEL_AES_BUFFER_ORDER);
1937         dd->buflen = ATMEL_AES_BUFFER_SIZE;
1938         dd->buflen &= ~(AES_BLOCK_SIZE - 1);
1939 
1940         if (!dd->buf) {
1941                 dev_err(dd->dev, "unable to alloc pages.\n");
1942                 return -ENOMEM;
1943         }
1944 
1945         return 0;
1946 }
1947 
1948 static void atmel_aes_buff_cleanup(struct atmel_aes_dev *dd)
1949 {
1950         free_page((unsigned long)dd->buf);
1951 }
1952 
1953 static bool atmel_aes_filter(struct dma_chan *chan, void *slave)
1954 {
1955         struct at_dma_slave     *sl = slave;
1956 
1957         if (sl && sl->dma_dev == chan->device->dev) {
1958                 chan->private = sl;
1959                 return true;
1960         } else {
1961                 return false;
1962         }
1963 }
1964 
1965 static int atmel_aes_dma_init(struct atmel_aes_dev *dd,
1966                               struct crypto_platform_data *pdata)
1967 {
1968         struct at_dma_slave *slave;
1969         int err = -ENOMEM;
1970         dma_cap_mask_t mask;
1971 
1972         dma_cap_zero(mask);
1973         dma_cap_set(DMA_SLAVE, mask);
1974 
1975         /* Try to grab 2 DMA channels */
1976         slave = &pdata->dma_slave->rxdata;
1977         dd->src.chan = dma_request_slave_channel_compat(mask, atmel_aes_filter,
1978                                                         slave, dd->dev, "tx");
1979         if (!dd->src.chan)
1980                 goto err_dma_in;
1981 
1982         slave = &pdata->dma_slave->txdata;
1983         dd->dst.chan = dma_request_slave_channel_compat(mask, atmel_aes_filter,
1984                                                         slave, dd->dev, "rx");
1985         if (!dd->dst.chan)
1986                 goto err_dma_out;
1987 
1988         return 0;
1989 
1990 err_dma_out:
1991         dma_release_channel(dd->src.chan);
1992 err_dma_in:
1993         dev_warn(dd->dev, "no DMA channel available\n");
1994         return err;
1995 }
1996 
1997 static void atmel_aes_dma_cleanup(struct atmel_aes_dev *dd)
1998 {
1999         dma_release_channel(dd->dst.chan);
2000         dma_release_channel(dd->src.chan);
2001 }
2002 
2003 static void atmel_aes_queue_task(unsigned long data)
2004 {
2005         struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data;
2006 
2007         atmel_aes_handle_queue(dd, NULL);
2008 }
2009 
2010 static void atmel_aes_done_task(unsigned long data)
2011 {
2012         struct atmel_aes_dev *dd = (struct atmel_aes_dev *)data;
2013 
2014         dd->is_async = true;
2015         (void)dd->resume(dd);
2016 }
2017 
2018 static irqreturn_t atmel_aes_irq(int irq, void *dev_id)
2019 {
2020         struct atmel_aes_dev *aes_dd = dev_id;
2021         u32 reg;
2022 
2023         reg = atmel_aes_read(aes_dd, AES_ISR);
2024         if (reg & atmel_aes_read(aes_dd, AES_IMR)) {
2025                 atmel_aes_write(aes_dd, AES_IDR, reg);
2026                 if (AES_FLAGS_BUSY & aes_dd->flags)
2027                         tasklet_schedule(&aes_dd->done_task);
2028                 else
2029                         dev_warn(aes_dd->dev, "AES interrupt when no active requests.\n");
2030                 return IRQ_HANDLED;
2031         }
2032 
2033         return IRQ_NONE;
2034 }
2035 
2036 static void atmel_aes_unregister_algs(struct atmel_aes_dev *dd)
2037 {
2038         int i;
2039 
2040         if (dd->caps.has_xts)
2041                 crypto_unregister_alg(&aes_xts_alg);
2042 
2043         if (dd->caps.has_gcm)
2044                 crypto_unregister_aead(&aes_gcm_alg);
2045 
2046         if (dd->caps.has_cfb64)
2047                 crypto_unregister_alg(&aes_cfb64_alg);
2048 
2049         for (i = 0; i < ARRAY_SIZE(aes_algs); i++)
2050                 crypto_unregister_alg(&aes_algs[i]);
2051 }
2052 
2053 static int atmel_aes_register_algs(struct atmel_aes_dev *dd)
2054 {
2055         int err, i, j;
2056 
2057         for (i = 0; i < ARRAY_SIZE(aes_algs); i++) {
2058                 err = crypto_register_alg(&aes_algs[i]);
2059                 if (err)
2060                         goto err_aes_algs;
2061         }
2062 
2063         if (dd->caps.has_cfb64) {
2064                 err = crypto_register_alg(&aes_cfb64_alg);
2065                 if (err)
2066                         goto err_aes_cfb64_alg;
2067         }
2068 
2069         if (dd->caps.has_gcm) {
2070                 err = crypto_register_aead(&aes_gcm_alg);
2071                 if (err)
2072                         goto err_aes_gcm_alg;
2073         }
2074 
2075         if (dd->caps.has_xts) {
2076                 err = crypto_register_alg(&aes_xts_alg);
2077                 if (err)
2078                         goto err_aes_xts_alg;
2079         }
2080 
2081         return 0;
2082 
2083 err_aes_xts_alg:
2084         crypto_unregister_aead(&aes_gcm_alg);
2085 err_aes_gcm_alg:
2086         crypto_unregister_alg(&aes_cfb64_alg);
2087 err_aes_cfb64_alg:
2088         i = ARRAY_SIZE(aes_algs);
2089 err_aes_algs:
2090         for (j = 0; j < i; j++)
2091                 crypto_unregister_alg(&aes_algs[j]);
2092 
2093         return err;
2094 }
2095 
2096 static void atmel_aes_get_cap(struct atmel_aes_dev *dd)
2097 {
2098         dd->caps.has_dualbuff = 0;
2099         dd->caps.has_cfb64 = 0;
2100         dd->caps.has_ctr32 = 0;
2101         dd->caps.has_gcm = 0;
2102         dd->caps.has_xts = 0;
2103         dd->caps.max_burst_size = 1;
2104 
2105         /* keep only major version number */
2106         switch (dd->hw_version & 0xff0) {
2107         case 0x500:
2108                 dd->caps.has_dualbuff = 1;
2109                 dd->caps.has_cfb64 = 1;
2110                 dd->caps.has_ctr32 = 1;
2111                 dd->caps.has_gcm = 1;
2112                 dd->caps.has_xts = 1;
2113                 dd->caps.max_burst_size = 4;
2114                 break;
2115         case 0x200:
2116                 dd->caps.has_dualbuff = 1;
2117                 dd->caps.has_cfb64 = 1;
2118                 dd->caps.has_ctr32 = 1;
2119                 dd->caps.has_gcm = 1;
2120                 dd->caps.max_burst_size = 4;
2121                 break;
2122         case 0x130:
2123                 dd->caps.has_dualbuff = 1;
2124                 dd->caps.has_cfb64 = 1;
2125                 dd->caps.max_burst_size = 4;
2126                 break;
2127         case 0x120:
2128                 break;
2129         default:
2130                 dev_warn(dd->dev,
2131                                 "Unmanaged aes version, set minimum capabilities\n");
2132                 break;
2133         }
2134 }
2135 
2136 #if defined(CONFIG_OF)
2137 static const struct of_device_id atmel_aes_dt_ids[] = {
2138         { .compatible = "atmel,at91sam9g46-aes" },
2139         { /* sentinel */ }
2140 };
2141 MODULE_DEVICE_TABLE(of, atmel_aes_dt_ids);
2142 
2143 static struct crypto_platform_data *atmel_aes_of_init(struct platform_device *pdev)
2144 {
2145         struct device_node *np = pdev->dev.of_node;
2146         struct crypto_platform_data *pdata;
2147 
2148         if (!np) {
2149                 dev_err(&pdev->dev, "device node not found\n");
2150                 return ERR_PTR(-EINVAL);
2151         }
2152 
2153         pdata = devm_kzalloc(&pdev->dev, sizeof(*pdata), GFP_KERNEL);
2154         if (!pdata) {
2155                 dev_err(&pdev->dev, "could not allocate memory for pdata\n");
2156                 return ERR_PTR(-ENOMEM);
2157         }
2158 
2159         pdata->dma_slave = devm_kzalloc(&pdev->dev,
2160                                         sizeof(*(pdata->dma_slave)),
2161                                         GFP_KERNEL);
2162         if (!pdata->dma_slave) {
2163                 dev_err(&pdev->dev, "could not allocate memory for dma_slave\n");
2164                 devm_kfree(&pdev->dev, pdata);
2165                 return ERR_PTR(-ENOMEM);
2166         }
2167 
2168         return pdata;
2169 }
2170 #else
2171 static inline struct crypto_platform_data *atmel_aes_of_init(struct platform_device *pdev)
2172 {
2173         return ERR_PTR(-EINVAL);
2174 }
2175 #endif
2176 
2177 static int atmel_aes_probe(struct platform_device *pdev)
2178 {
2179         struct atmel_aes_dev *aes_dd;
2180         struct crypto_platform_data *pdata;
2181         struct device *dev = &pdev->dev;
2182         struct resource *aes_res;
2183         int err;
2184 
2185         pdata = pdev->dev.platform_data;
2186         if (!pdata) {
2187                 pdata = atmel_aes_of_init(pdev);
2188                 if (IS_ERR(pdata)) {
2189                         err = PTR_ERR(pdata);
2190                         goto aes_dd_err;
2191                 }
2192         }
2193 
2194         if (!pdata->dma_slave) {
2195                 err = -ENXIO;
2196                 goto aes_dd_err;
2197         }
2198 
2199         aes_dd = devm_kzalloc(&pdev->dev, sizeof(*aes_dd), GFP_KERNEL);
2200         if (aes_dd == NULL) {
2201                 dev_err(dev, "unable to alloc data struct.\n");
2202                 err = -ENOMEM;
2203                 goto aes_dd_err;
2204         }
2205 
2206         aes_dd->dev = dev;
2207 
2208         platform_set_drvdata(pdev, aes_dd);
2209 
2210         INIT_LIST_HEAD(&aes_dd->list);
2211         spin_lock_init(&aes_dd->lock);
2212 
2213         tasklet_init(&aes_dd->done_task, atmel_aes_done_task,
2214                                         (unsigned long)aes_dd);
2215         tasklet_init(&aes_dd->queue_task, atmel_aes_queue_task,
2216                                         (unsigned long)aes_dd);
2217 
2218         crypto_init_queue(&aes_dd->queue, ATMEL_AES_QUEUE_LENGTH);
2219 
2220         aes_dd->irq = -1;
2221 
2222         /* Get the base address */
2223         aes_res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
2224         if (!aes_res) {
2225                 dev_err(dev, "no MEM resource info\n");
2226                 err = -ENODEV;
2227                 goto res_err;
2228         }
2229         aes_dd->phys_base = aes_res->start;
2230 
2231         /* Get the IRQ */
2232         aes_dd->irq = platform_get_irq(pdev,  0);
2233         if (aes_dd->irq < 0) {
2234                 dev_err(dev, "no IRQ resource info\n");
2235                 err = aes_dd->irq;
2236                 goto res_err;
2237         }
2238 
2239         err = devm_request_irq(&pdev->dev, aes_dd->irq, atmel_aes_irq,
2240                                IRQF_SHARED, "atmel-aes", aes_dd);
2241         if (err) {
2242                 dev_err(dev, "unable to request aes irq.\n");
2243                 goto res_err;
2244         }
2245 
2246         /* Initializing the clock */
2247         aes_dd->iclk = devm_clk_get(&pdev->dev, "aes_clk");
2248         if (IS_ERR(aes_dd->iclk)) {
2249                 dev_err(dev, "clock initialization failed.\n");
2250                 err = PTR_ERR(aes_dd->iclk);
2251                 goto res_err;
2252         }
2253 
2254         aes_dd->io_base = devm_ioremap_resource(&pdev->dev, aes_res);
2255         if (IS_ERR(aes_dd->io_base)) {
2256                 dev_err(dev, "can't ioremap\n");
2257                 err = PTR_ERR(aes_dd->io_base);
2258                 goto res_err;
2259         }
2260 
2261         err = clk_prepare(aes_dd->iclk);
2262         if (err)
2263                 goto res_err;
2264 
2265         err = atmel_aes_hw_version_init(aes_dd);
2266         if (err)
2267                 goto iclk_unprepare;
2268 
2269         atmel_aes_get_cap(aes_dd);
2270 
2271         err = atmel_aes_buff_init(aes_dd);
2272         if (err)
2273                 goto err_aes_buff;
2274 
2275         err = atmel_aes_dma_init(aes_dd, pdata);
2276         if (err)
2277                 goto err_aes_dma;
2278 
2279         spin_lock(&atmel_aes.lock);
2280         list_add_tail(&aes_dd->list, &atmel_aes.dev_list);
2281         spin_unlock(&atmel_aes.lock);
2282 
2283         err = atmel_aes_register_algs(aes_dd);
2284         if (err)
2285                 goto err_algs;
2286 
2287         dev_info(dev, "Atmel AES - Using %s, %s for DMA transfers\n",
2288                         dma_chan_name(aes_dd->src.chan),
2289                         dma_chan_name(aes_dd->dst.chan));
2290 
2291         return 0;
2292 
2293 err_algs:
2294         spin_lock(&atmel_aes.lock);
2295         list_del(&aes_dd->list);
2296         spin_unlock(&atmel_aes.lock);
2297         atmel_aes_dma_cleanup(aes_dd);
2298 err_aes_dma:
2299         atmel_aes_buff_cleanup(aes_dd);
2300 err_aes_buff:
2301 iclk_unprepare:
2302         clk_unprepare(aes_dd->iclk);
2303 res_err:
2304         tasklet_kill(&aes_dd->done_task);
2305         tasklet_kill(&aes_dd->queue_task);
2306 aes_dd_err:
2307         dev_err(dev, "initialization failed.\n");
2308 
2309         return err;
2310 }
2311 
2312 static int atmel_aes_remove(struct platform_device *pdev)
2313 {
2314         struct atmel_aes_dev *aes_dd;
2315 
2316         aes_dd = platform_get_drvdata(pdev);
2317         if (!aes_dd)
2318                 return -ENODEV;
2319         spin_lock(&atmel_aes.lock);
2320         list_del(&aes_dd->list);
2321         spin_unlock(&atmel_aes.lock);
2322 
2323         atmel_aes_unregister_algs(aes_dd);
2324 
2325         tasklet_kill(&aes_dd->done_task);
2326         tasklet_kill(&aes_dd->queue_task);
2327 
2328         atmel_aes_dma_cleanup(aes_dd);
2329         atmel_aes_buff_cleanup(aes_dd);
2330 
2331         clk_unprepare(aes_dd->iclk);
2332 
2333         return 0;
2334 }
2335 
2336 static struct platform_driver atmel_aes_driver = {
2337         .probe          = atmel_aes_probe,
2338         .remove         = atmel_aes_remove,
2339         .driver         = {
2340                 .name   = "atmel_aes",
2341                 .of_match_table = of_match_ptr(atmel_aes_dt_ids),
2342         },
2343 };
2344 
2345 module_platform_driver(atmel_aes_driver);
2346 
2347 MODULE_DESCRIPTION("Atmel AES hw acceleration support.");
2348 MODULE_LICENSE("GPL v2");
2349 MODULE_AUTHOR("Nicolas Royer - Eukréa Electromatique");
2350 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us