Commit cdf640a6 authored by Christoph Manszewski's avatar Christoph Manszewski Committed by Herbert Xu

crypto: s5p-sss: Add aes-ctr support

Add support for aes counter(ctr) block cipher mode of operation for
Exynos Hardware. In contrast to ecb and cbc modes, aes-ctr allows
encyption/decryption for request sizes not being a multiple of 16(bytes).

Hardware requires block sizes being a multiple of 16(bytes). In order to
achieve this, copy request source and destination memory, and align it's size
to 16. That way hardware processes additional bytes, that are omitted
when copying the result back to its original destination.

Tested on Odroid-U3 with Exynos 4412 CPU, kernel 4.19-rc2 with crypto
run-time self test testmgr.
Signed-off-by: default avatarChristoph Manszewski <c.manszewski@samsung.com>
Reviewed-by: default avatarKrzysztof Kozlowski <krzk@kernel.org>
Acked-by: default avatarKamil Konieczny <k.konieczny@partner.samsung.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent b1b4416f
...@@ -1813,7 +1813,7 @@ static struct ahash_alg algs_sha1_md5_sha256[] = { ...@@ -1813,7 +1813,7 @@ static struct ahash_alg algs_sha1_md5_sha256[] = {
}; };
static void s5p_set_aes(struct s5p_aes_dev *dev, static void s5p_set_aes(struct s5p_aes_dev *dev,
const u8 *key, const u8 *iv, const u8 *key, const u8 *iv, const u8 *ctr,
unsigned int keylen) unsigned int keylen)
{ {
void __iomem *keystart; void __iomem *keystart;
...@@ -1821,6 +1821,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, ...@@ -1821,6 +1821,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev,
if (iv) if (iv)
memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10); memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10);
if (ctr)
memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_CNT_DATA(0), ctr, 0x10);
if (keylen == AES_KEYSIZE_256) if (keylen == AES_KEYSIZE_256)
keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0); keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0);
else if (keylen == AES_KEYSIZE_192) else if (keylen == AES_KEYSIZE_192)
...@@ -1902,8 +1905,9 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) ...@@ -1902,8 +1905,9 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode)
u32 aes_control; u32 aes_control;
unsigned long flags; unsigned long flags;
int err; int err;
u8 *iv; u8 *iv, *ctr;
/* This sets bit [13:12] to 00, which selects 128-bit counter */
aes_control = SSS_AES_KEY_CHANGE_MODE; aes_control = SSS_AES_KEY_CHANGE_MODE;
if (mode & FLAGS_AES_DECRYPT) if (mode & FLAGS_AES_DECRYPT)
aes_control |= SSS_AES_MODE_DECRYPT; aes_control |= SSS_AES_MODE_DECRYPT;
...@@ -1911,11 +1915,14 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) ...@@ -1911,11 +1915,14 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode)
if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) { if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) {
aes_control |= SSS_AES_CHAIN_MODE_CBC; aes_control |= SSS_AES_CHAIN_MODE_CBC;
iv = req->info; iv = req->info;
ctr = NULL;
} else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) { } else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) {
aes_control |= SSS_AES_CHAIN_MODE_CTR; aes_control |= SSS_AES_CHAIN_MODE_CTR;
iv = req->info; iv = NULL;
ctr = req->info;
} else { } else {
iv = NULL; /* AES_ECB */ iv = NULL; /* AES_ECB */
ctr = NULL;
} }
if (dev->ctx->keylen == AES_KEYSIZE_192) if (dev->ctx->keylen == AES_KEYSIZE_192)
...@@ -1947,7 +1954,7 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) ...@@ -1947,7 +1954,7 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode)
goto outdata_error; goto outdata_error;
SSS_AES_WRITE(dev, AES_CONTROL, aes_control); SSS_AES_WRITE(dev, AES_CONTROL, aes_control);
s5p_set_aes(dev, dev->ctx->aes_key, iv, dev->ctx->keylen); s5p_set_aes(dev, dev->ctx->aes_key, iv, ctr, dev->ctx->keylen);
s5p_set_dma_indata(dev, dev->sg_src); s5p_set_dma_indata(dev, dev->sg_src);
s5p_set_dma_outdata(dev, dev->sg_dst); s5p_set_dma_outdata(dev, dev->sg_dst);
...@@ -2025,7 +2032,8 @@ static int s5p_aes_crypt(struct ablkcipher_request *req, unsigned long mode) ...@@ -2025,7 +2032,8 @@ static int s5p_aes_crypt(struct ablkcipher_request *req, unsigned long mode)
struct s5p_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm); struct s5p_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm);
struct s5p_aes_dev *dev = ctx->dev; struct s5p_aes_dev *dev = ctx->dev;
if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE)) { if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE) &&
((mode & FLAGS_AES_MODE_MASK) != FLAGS_AES_CTR)) {
dev_err(dev->dev, "request size is not exact amount of AES blocks\n"); dev_err(dev->dev, "request size is not exact amount of AES blocks\n");
return -EINVAL; return -EINVAL;
} }
...@@ -2072,6 +2080,11 @@ static int s5p_aes_cbc_decrypt(struct ablkcipher_request *req) ...@@ -2072,6 +2080,11 @@ static int s5p_aes_cbc_decrypt(struct ablkcipher_request *req)
return s5p_aes_crypt(req, FLAGS_AES_DECRYPT | FLAGS_AES_CBC); return s5p_aes_crypt(req, FLAGS_AES_DECRYPT | FLAGS_AES_CBC);
} }
static int s5p_aes_ctr_crypt(struct ablkcipher_request *req)
{
return s5p_aes_crypt(req, FLAGS_AES_CTR);
}
static int s5p_aes_cra_init(struct crypto_tfm *tfm) static int s5p_aes_cra_init(struct crypto_tfm *tfm)
{ {
struct s5p_aes_ctx *ctx = crypto_tfm_ctx(tfm); struct s5p_aes_ctx *ctx = crypto_tfm_ctx(tfm);
...@@ -2126,6 +2139,28 @@ static struct crypto_alg algs[] = { ...@@ -2126,6 +2139,28 @@ static struct crypto_alg algs[] = {
.decrypt = s5p_aes_cbc_decrypt, .decrypt = s5p_aes_cbc_decrypt,
} }
}, },
{
.cra_name = "ctr(aes)",
.cra_driver_name = "ctr-aes-s5p",
.cra_priority = 100,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct s5p_aes_ctx),
.cra_alignmask = 0x0f,
.cra_type = &crypto_ablkcipher_type,
.cra_module = THIS_MODULE,
.cra_init = s5p_aes_cra_init,
.cra_u.ablkcipher = {
.min_keysize = AES_MIN_KEY_SIZE,
.max_keysize = AES_MAX_KEY_SIZE,
.ivsize = AES_BLOCK_SIZE,
.setkey = s5p_aes_setkey,
.encrypt = s5p_aes_ctr_crypt,
.decrypt = s5p_aes_ctr_crypt,
}
},
}; };
static int s5p_aes_probe(struct platform_device *pdev) static int s5p_aes_probe(struct platform_device *pdev)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment