diff options
Diffstat (limited to 'drivers/staging/ccree/ssi_cipher.c')
-rw-r--r-- | drivers/staging/ccree/ssi_cipher.c | 185 |
1 files changed, 95 insertions, 90 deletions
diff --git a/drivers/staging/ccree/ssi_cipher.c b/drivers/staging/ccree/ssi_cipher.c index cd2eafc04232..8d31a93fd8b7 100644 --- a/drivers/staging/ccree/ssi_cipher.c +++ b/drivers/staging/ccree/ssi_cipher.c @@ -23,6 +23,8 @@ #include <crypto/aes.h> #include <crypto/ctr.h> #include <crypto/des.h> +#include <crypto/xts.h> +#include <crypto/scatterwalk.h> #include "ssi_config.h" #include "ssi_driver.h" @@ -31,7 +33,6 @@ #include "ssi_cipher.h" #include "ssi_request_mgr.h" #include "ssi_sysfs.h" -#include "ssi_fips_local.h" #define MAX_ABLKCIPHER_SEQ_LEN 6 @@ -68,7 +69,8 @@ struct ssi_ablkcipher_ctx { static void ssi_ablkcipher_complete(struct device *dev, void *ssi_req, void __iomem *cc_base); -static int validate_keys_sizes(struct ssi_ablkcipher_ctx *ctx_p, u32 size) { +static int validate_keys_sizes(struct ssi_ablkcipher_ctx *ctx_p, u32 size) +{ switch (ctx_p->flow_mode) { case S_DIN_to_AES: switch (size) { @@ -92,8 +94,7 @@ static int validate_keys_sizes(struct ssi_ablkcipher_ctx *ctx_p, u32 size) { break; } case S_DIN_to_DES: - if (likely(size == DES3_EDE_KEY_SIZE || - size == DES_KEY_SIZE)) + if (likely(size == DES3_EDE_KEY_SIZE || size == DES_KEY_SIZE)) return 0; break; #if SSI_CC_HAS_MULTI2 @@ -108,7 +109,8 @@ static int validate_keys_sizes(struct ssi_ablkcipher_ctx *ctx_p, u32 size) { return -EINVAL; } -static int validate_data_size(struct ssi_ablkcipher_ctx *ctx_p, unsigned int size) { +static int validate_data_size(struct ssi_ablkcipher_ctx *ctx_p, unsigned int size) +{ switch (ctx_p->flow_mode) { case S_DIN_to_AES: switch (ctx_p->cipher_mode) { @@ -183,10 +185,9 @@ static int ssi_blkcipher_init(struct crypto_tfm *tfm) int rc = 0; unsigned int max_key_buf_size = get_max_keysize(tfm); - SSI_LOG_DEBUG("Initializing context @%p for %s\n", ctx_p, - crypto_tfm_alg_name(tfm)); + SSI_LOG_DEBUG("Initializing context @%p for %s\n", + ctx_p, crypto_tfm_alg_name(tfm)); - CHECK_AND_RETURN_UPON_FIPS_ERROR(); ctx_p->cipher_mode = ssi_alg->cipher_mode; ctx_p->flow_mode = ssi_alg->flow_mode; ctx_p->drvdata = ssi_alg->drvdata; @@ -203,15 +204,16 @@ static int ssi_blkcipher_init(struct crypto_tfm *tfm) /* Map key buffer */ ctx_p->user.key_dma_addr = dma_map_single(dev, (void *)ctx_p->user.key, - max_key_buf_size, DMA_TO_DEVICE); + max_key_buf_size, + DMA_TO_DEVICE); if (dma_mapping_error(dev, ctx_p->user.key_dma_addr)) { SSI_LOG_ERR("Mapping Key %u B at va=%pK for DMA failed\n", - max_key_buf_size, ctx_p->user.key); + max_key_buf_size, ctx_p->user.key); return -ENOMEM; } - SSI_LOG_DEBUG("Mapped key %u B at va=%pK to dma=0x%llX\n", - max_key_buf_size, ctx_p->user.key, - (unsigned long long)ctx_p->user.key_dma_addr); + SSI_LOG_DEBUG("Mapped key %u B at va=%pK to dma=%pad\n", + max_key_buf_size, ctx_p->user.key, + ctx_p->user.key_dma_addr); if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) { /* Alloc hash tfm for essiv */ @@ -232,7 +234,7 @@ static void ssi_blkcipher_exit(struct crypto_tfm *tfm) unsigned int max_key_buf_size = get_max_keysize(tfm); SSI_LOG_DEBUG("Clearing context @%p for %s\n", - crypto_tfm_ctx(tfm), crypto_tfm_alg_name(tfm)); + crypto_tfm_ctx(tfm), crypto_tfm_alg_name(tfm)); if (ctx_p->cipher_mode == DRV_CIPHER_ESSIV) { /* Free hash tfm for essiv */ @@ -242,9 +244,9 @@ static void ssi_blkcipher_exit(struct crypto_tfm *tfm) /* Unmap key buffer */ dma_unmap_single(dev, ctx_p->user.key_dma_addr, max_key_buf_size, - DMA_TO_DEVICE); - SSI_LOG_DEBUG("Unmapped key buffer key_dma_addr=0x%llX\n", - (unsigned long long)ctx_p->user.key_dma_addr); + DMA_TO_DEVICE); + SSI_LOG_DEBUG("Unmapped key buffer key_dma_addr=%pad\n", + ctx_p->user.key_dma_addr); /* Free key buffer in context */ kfree(ctx_p->user.key); @@ -263,31 +265,15 @@ static const u8 zero_buff[] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; /* The function verifies that tdes keys are not weak.*/ -static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen) +static int ssi_verify_3des_keys(const u8 *key, unsigned int keylen) { -#ifdef CCREE_FIPS_SUPPORT struct tdes_keys *tdes_key = (struct tdes_keys *)key; /* verify key1 != key2 and key3 != key2*/ if (unlikely((memcmp((u8 *)tdes_key->key1, (u8 *)tdes_key->key2, sizeof(tdes_key->key1)) == 0) || - (memcmp((u8 *)tdes_key->key3, (u8 *)tdes_key->key2, sizeof(tdes_key->key3)) == 0))) { + (memcmp((u8 *)tdes_key->key3, (u8 *)tdes_key->key2, sizeof(tdes_key->key3)) == 0))) { return -ENOEXEC; } -#endif /* CCREE_FIPS_SUPPORT */ - - return 0; -} - -/* The function verifies that xts keys are not weak.*/ -static int ssi_fips_verify_xts_keys(const u8 *key, unsigned int keylen) -{ -#ifdef CCREE_FIPS_SUPPORT - /* Weak key is define as key that its first half (128/256 lsb) equals its second half (128/256 msb) */ - int singleKeySize = keylen >> 1; - - if (unlikely(memcmp(key, &key[singleKeySize], singleKeySize) == 0)) - return -ENOEXEC; -#endif /* CCREE_FIPS_SUPPORT */ return 0; } @@ -317,12 +303,10 @@ static int ssi_blkcipher_setkey(struct crypto_tfm *tfm, unsigned int max_key_buf_size = get_max_keysize(tfm); SSI_LOG_DEBUG("Setting key in context @%p for %s. keylen=%u\n", - ctx_p, crypto_tfm_alg_name(tfm), keylen); + ctx_p, crypto_tfm_alg_name(tfm), keylen); dump_byte_array("key", (u8 *)key, keylen); - CHECK_AND_RETURN_UPON_FIPS_ERROR(); - - SSI_LOG_DEBUG("ssi_blkcipher_setkey: after FIPS check"); + SSI_LOG_DEBUG("after FIPS check"); /* STAT_PHASE_0: Init and sanity checks */ @@ -368,7 +352,7 @@ static int ssi_blkcipher_setkey(struct crypto_tfm *tfm, } ctx_p->keylen = keylen; - SSI_LOG_DEBUG("ssi_blkcipher_setkey: ssi_is_hw_key ret 0"); + SSI_LOG_DEBUG("ssi_is_hw_key ret 0"); return 0; } @@ -378,25 +362,25 @@ static int ssi_blkcipher_setkey(struct crypto_tfm *tfm, if (unlikely(!des_ekey(tmp, key)) && (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_WEAK_KEY)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; - SSI_LOG_DEBUG("ssi_blkcipher_setkey: weak DES key"); + SSI_LOG_DEBUG("weak DES key"); return -EINVAL; } } if ((ctx_p->cipher_mode == DRV_CIPHER_XTS) && - ssi_fips_verify_xts_keys(key, keylen) != 0) { - SSI_LOG_DEBUG("ssi_blkcipher_setkey: weak XTS key"); + xts_check_key(tfm, key, keylen) != 0) { + SSI_LOG_DEBUG("weak XTS key"); return -EINVAL; } if ((ctx_p->flow_mode == S_DIN_to_DES) && (keylen == DES3_EDE_KEY_SIZE) && - ssi_fips_verify_3des_keys(key, keylen) != 0) { - SSI_LOG_DEBUG("ssi_blkcipher_setkey: weak 3DES key"); + ssi_verify_3des_keys(key, keylen) != 0) { + SSI_LOG_DEBUG("weak 3DES key"); return -EINVAL; } /* STAT_PHASE_1: Copy key to ctx */ dma_sync_single_for_cpu(dev, ctx_p->user.key_dma_addr, - max_key_buf_size, DMA_TO_DEVICE); + max_key_buf_size, DMA_TO_DEVICE); if (ctx_p->flow_mode == S_DIN_to_MULTI2) { #if SSI_CC_HAS_MULTI2 @@ -405,7 +389,7 @@ static int ssi_blkcipher_setkey(struct crypto_tfm *tfm, if (ctx_p->key_round_number < CC_MULTI2_MIN_NUM_ROUNDS || ctx_p->key_round_number > CC_MULTI2_MAX_NUM_ROUNDS) { crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN); - SSI_LOG_DEBUG("ssi_blkcipher_setkey: SSI_CC_HAS_MULTI2 einval"); + SSI_LOG_DEBUG("SSI_CC_HAS_MULTI2 einval"); return -EINVAL; #endif /*SSI_CC_HAS_MULTI2*/ } else { @@ -429,10 +413,10 @@ static int ssi_blkcipher_setkey(struct crypto_tfm *tfm, } } dma_sync_single_for_device(dev, ctx_p->user.key_dma_addr, - max_key_buf_size, DMA_TO_DEVICE); + max_key_buf_size, DMA_TO_DEVICE); ctx_p->keylen = keylen; - SSI_LOG_DEBUG("ssi_blkcipher_setkey: return safely"); + SSI_LOG_DEBUG("return safely"); return 0; } @@ -632,17 +616,15 @@ ssi_blkcipher_create_data_desc( break; #endif /*SSI_CC_HAS_MULTI2*/ default: - SSI_LOG_ERR("invalid flow mode, flow_mode = %d \n", flow_mode); + SSI_LOG_ERR("invalid flow mode, flow_mode = %d\n", flow_mode); return; } /* Process */ if (likely(req_ctx->dma_buf_type == SSI_DMA_BUF_DLLI)) { - SSI_LOG_DEBUG(" data params addr 0x%llX length 0x%X \n", - (unsigned long long)sg_dma_address(src), - nbytes); - SSI_LOG_DEBUG(" data params addr 0x%llX length 0x%X \n", - (unsigned long long)sg_dma_address(dst), - nbytes); + SSI_LOG_DEBUG(" data params addr %pad length 0x%X\n", + sg_dma_address(src), nbytes); + SSI_LOG_DEBUG(" data params addr %pad length 0x%X\n", + sg_dma_address(dst), nbytes); hw_desc_init(&desc[*seq_size]); set_din_type(&desc[*seq_size], DMA_DLLI, sg_dma_address(src), nbytes, NS_BIT); @@ -655,9 +637,9 @@ ssi_blkcipher_create_data_desc( (*seq_size)++; } else { /* bypass */ - SSI_LOG_DEBUG(" bypass params addr 0x%llX " + SSI_LOG_DEBUG(" bypass params addr %pad " "length 0x%X addr 0x%08X\n", - (unsigned long long)req_ctx->mlli_params.mlli_dma_addr, + req_ctx->mlli_params.mlli_dma_addr, req_ctx->mlli_params.mlli_len, (unsigned int)ctx_p->drvdata->mlli_sram_addr); hw_desc_init(&desc[*seq_size]); @@ -706,16 +688,17 @@ ssi_blkcipher_create_data_desc( } static int ssi_blkcipher_complete(struct device *dev, - struct ssi_ablkcipher_ctx *ctx_p, - struct blkcipher_req_ctx *req_ctx, - struct scatterlist *dst, - struct scatterlist *src, - unsigned int ivsize, - void *areq, - void __iomem *cc_base) + struct ssi_ablkcipher_ctx *ctx_p, + struct blkcipher_req_ctx *req_ctx, + struct scatterlist *dst, + struct scatterlist *src, + unsigned int ivsize, + void *areq, + void __iomem *cc_base) { int completion_error = 0; u32 inflight_counter; + struct ablkcipher_request *req = (struct ablkcipher_request *)areq; ssi_buffer_mgr_unmap_blkcipher_request(dev, req_ctx, ivsize, src, dst); @@ -726,6 +709,22 @@ static int ssi_blkcipher_complete(struct device *dev, ctx_p->drvdata->inflight_counter--; if (areq) { + /* + * The crypto API expects us to set the req->info to the last + * ciphertext block. For encrypt, simply copy from the result. + * For decrypt, we must copy from a saved buffer since this + * could be an in-place decryption operation and the src is + * lost by this point. + */ + if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) { + memcpy(req->info, req_ctx->backup_info, ivsize); + kfree(req_ctx->backup_info); + } else { + scatterwalk_map_and_copy(req->info, req->dst, + (req->nbytes - ivsize), + ivsize, 0); + } + ablkcipher_request_complete(areq, completion_error); return 0; } @@ -749,21 +748,22 @@ static int ssi_blkcipher_process( int rc, seq_len = 0, cts_restore_flag = 0; SSI_LOG_DEBUG("%s areq=%p info=%p nbytes=%d\n", - ((direction == DRV_CRYPTO_DIRECTION_ENCRYPT) ? "Encrypt" : "Decrypt"), - areq, info, nbytes); + ((direction == DRV_CRYPTO_DIRECTION_ENCRYPT) ? "Encrypt" : "Decrypt"), + areq, info, nbytes); - CHECK_AND_RETURN_UPON_FIPS_ERROR(); /* STAT_PHASE_0: Init and sanity checks */ /* TODO: check data length according to mode */ if (unlikely(validate_data_size(ctx_p, nbytes))) { SSI_LOG_ERR("Unsupported data size %d.\n", nbytes); crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_BLOCK_LEN); - return -EINVAL; + rc = -EINVAL; + goto exit_process; } if (nbytes == 0) { /* No data to process is valid */ - return 0; + rc = 0; + goto exit_process; } /*For CTS in case of data size aligned to 16 use CBC mode*/ if (((nbytes % AES_BLOCK_SIZE) == 0) && (ctx_p->cipher_mode == DRV_CIPHER_CBC_CTS)) { @@ -804,12 +804,8 @@ static int ssi_blkcipher_process( ssi_blkcipher_create_setup_desc(tfm, req_ctx, ivsize, nbytes, desc, &seq_len); /* Data processing */ - ssi_blkcipher_create_data_desc(tfm, - req_ctx, - dst, src, - nbytes, - areq, - desc, &seq_len); + ssi_blkcipher_create_data_desc(tfm, req_ctx, dst, src, nbytes, areq, + desc, &seq_len); /* do we need to generate IV? */ if (req_ctx->is_giv) { @@ -842,6 +838,9 @@ exit_process: if (cts_restore_flag != 0) ctx_p->cipher_mode = DRV_CIPHER_CBC_CTS; + if (rc != -EINPROGRESS) + kfree(req_ctx->backup_info); + return rc; } @@ -853,8 +852,6 @@ static void ssi_ablkcipher_complete(struct device *dev, void *ssi_req, void __io struct ssi_ablkcipher_ctx *ctx_p = crypto_ablkcipher_ctx(tfm); unsigned int ivsize = crypto_ablkcipher_ivsize(tfm); - CHECK_AND_RETURN_VOID_UPON_FIPS_ERROR(); - ssi_blkcipher_complete(dev, ctx_p, req_ctx, areq->dst, areq->src, ivsize, areq, cc_base); } @@ -871,8 +868,8 @@ static int ssi_ablkcipher_init(struct crypto_tfm *tfm) } static int ssi_ablkcipher_setkey(struct crypto_ablkcipher *tfm, - const u8 *key, - unsigned int keylen) + const u8 *key, + unsigned int keylen) { return ssi_blkcipher_setkey(crypto_ablkcipher_tfm(tfm), key, keylen); } @@ -884,7 +881,6 @@ static int ssi_ablkcipher_encrypt(struct ablkcipher_request *req) struct blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req); unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm); - req_ctx->backup_info = req->info; req_ctx->is_giv = false; return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_ENCRYPT); @@ -897,8 +893,18 @@ static int ssi_ablkcipher_decrypt(struct ablkcipher_request *req) struct blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req); unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm); - req_ctx->backup_info = req->info; + /* + * Allocate and save the last IV sized bytes of the source, which will + * be lost in case of in-place decryption and might be needed for CTS. + */ + req_ctx->backup_info = kmalloc(ivsize, GFP_KERNEL); + if (!req_ctx->backup_info) + return -ENOMEM; + + scatterwalk_map_and_copy(req_ctx->backup_info, req->src, + (req->nbytes - ivsize), ivsize, 0); req_ctx->is_giv = false; + return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_DECRYPT); } @@ -1244,7 +1250,7 @@ struct ssi_crypto_alg *ssi_ablkcipher_create_alg(struct ssi_alg_template *templa struct ssi_crypto_alg *t_alg; struct crypto_alg *alg; - t_alg = kzalloc(sizeof(struct ssi_crypto_alg), GFP_KERNEL); + t_alg = kzalloc(sizeof(*t_alg), GFP_KERNEL); if (!t_alg) { SSI_LOG_ERR("failed to allocate t_alg\n"); return ERR_PTR(-ENOMEM); @@ -1286,7 +1292,7 @@ int ssi_ablkcipher_free(struct ssi_drvdata *drvdata) if (blkcipher_handle) { /* Remove registered algs */ list_for_each_entry_safe(t_alg, n, - &blkcipher_handle->blkcipher_alg_list, + &blkcipher_handle->blkcipher_alg_list, entry) { crypto_unregister_alg(&t_alg->crypto_alg); list_del(&t_alg->entry); @@ -1305,8 +1311,7 @@ int ssi_ablkcipher_alloc(struct ssi_drvdata *drvdata) int rc = -ENOMEM; int alg; - ablkcipher_handle = kmalloc(sizeof(struct ssi_blkcipher_handle), - GFP_KERNEL); + ablkcipher_handle = kmalloc(sizeof(*ablkcipher_handle), GFP_KERNEL); if (!ablkcipher_handle) return -ENOMEM; @@ -1322,7 +1327,7 @@ int ssi_ablkcipher_alloc(struct ssi_drvdata *drvdata) if (IS_ERR(t_alg)) { rc = PTR_ERR(t_alg); SSI_LOG_ERR("%s alg allocation failed\n", - blkcipher_algs[alg].driver_name); + blkcipher_algs[alg].driver_name); goto fail0; } t_alg->drvdata = drvdata; @@ -1330,17 +1335,17 @@ int ssi_ablkcipher_alloc(struct ssi_drvdata *drvdata) SSI_LOG_DEBUG("registering %s\n", blkcipher_algs[alg].driver_name); rc = crypto_register_alg(&t_alg->crypto_alg); SSI_LOG_DEBUG("%s alg registration rc = %x\n", - t_alg->crypto_alg.cra_driver_name, rc); + t_alg->crypto_alg.cra_driver_name, rc); if (unlikely(rc != 0)) { SSI_LOG_ERR("%s alg registration failed\n", - t_alg->crypto_alg.cra_driver_name); + t_alg->crypto_alg.cra_driver_name); kfree(t_alg); goto fail0; } else { list_add_tail(&t_alg->entry, &ablkcipher_handle->blkcipher_alg_list); SSI_LOG_DEBUG("Registered %s\n", - t_alg->crypto_alg.cra_driver_name); + t_alg->crypto_alg.cra_driver_name); } } return 0; |