Commit 0e17e362 authored by Pascal van Leeuwen's avatar Pascal van Leeuwen Committed by Herbert Xu

crypto: inside-secure - add support for authenc(hmac(sha*),rfc3686(ctr(aes))) suites

This patch adds support for the following AEAD ciphersuites:
- authenc(hmac(sha1),rfc3686(ctr(aes)))
- authenc(hmac(sha224),rfc3686(ctr(aes)))
- authenc(hmac(sha256),rfc3686(ctr(aes)))
- authenc(hmac(sha384),rfc3686(ctr(aes)))
- authenc(hmac(sha512),rfc3686(ctr(aes)))
Signed-off-by: default avatarPascal van Leeuwen <pvanleeuwen@verimatrix.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 54f9e8fa
...@@ -592,17 +592,18 @@ inline int safexcel_rdesc_check_errors(struct safexcel_crypto_priv *priv, ...@@ -592,17 +592,18 @@ inline int safexcel_rdesc_check_errors(struct safexcel_crypto_priv *priv,
if (rdesc->buffer_overflow) if (rdesc->buffer_overflow)
dev_err(priv->dev, "Buffer overflow detected"); dev_err(priv->dev, "Buffer overflow detected");
if (rdesc->result_data.error_code & 0x4067) { if (rdesc->result_data.error_code & 0x4066) {
/* Fatal error (bits 0,1,2,5,6 & 14) */ /* Fatal error (bits 1,2,5,6 & 14) */
dev_err(priv->dev, dev_err(priv->dev,
"result descriptor error (%x)", "result descriptor error (%x)",
rdesc->result_data.error_code); rdesc->result_data.error_code);
return -EIO; return -EIO;
} else if (rdesc->result_data.error_code & } else if (rdesc->result_data.error_code &
(BIT(7) | BIT(4) | BIT(3))) { (BIT(7) | BIT(4) | BIT(3) | BIT(0))) {
/* /*
* Give priority over authentication fails: * Give priority over authentication fails:
* Blocksize & overflow errors, something wrong with the input! * Blocksize, length & overflow errors,
* something wrong with the input!
*/ */
return -EINVAL; return -EINVAL;
} else if (rdesc->result_data.error_code & BIT(9)) { } else if (rdesc->result_data.error_code & BIT(9)) {
...@@ -869,6 +870,11 @@ static struct safexcel_alg_template *safexcel_algs[] = { ...@@ -869,6 +870,11 @@ static struct safexcel_alg_template *safexcel_algs[] = {
&safexcel_alg_authenc_hmac_sha384_cbc_aes, &safexcel_alg_authenc_hmac_sha384_cbc_aes,
&safexcel_alg_authenc_hmac_sha512_cbc_aes, &safexcel_alg_authenc_hmac_sha512_cbc_aes,
&safexcel_alg_authenc_hmac_sha1_cbc_des3_ede, &safexcel_alg_authenc_hmac_sha1_cbc_des3_ede,
&safexcel_alg_authenc_hmac_sha1_ctr_aes,
&safexcel_alg_authenc_hmac_sha224_ctr_aes,
&safexcel_alg_authenc_hmac_sha256_ctr_aes,
&safexcel_alg_authenc_hmac_sha384_ctr_aes,
&safexcel_alg_authenc_hmac_sha512_ctr_aes,
}; };
static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv) static int safexcel_register_algorithms(struct safexcel_crypto_priv *priv)
......
...@@ -710,5 +710,10 @@ extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_aes; ...@@ -710,5 +710,10 @@ extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_cbc_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_aes; extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_aes; extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_cbc_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede; extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_ctr_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_ctr_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_ctr_aes;
extern struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_ctr_aes;
#endif #endif
...@@ -58,11 +58,9 @@ struct safexcel_cipher_req { ...@@ -58,11 +58,9 @@ struct safexcel_cipher_req {
int nr_src, nr_dst; int nr_src, nr_dst;
}; };
static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv, static void safexcel_cipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
struct safexcel_command_desc *cdesc, struct safexcel_command_desc *cdesc)
u32 length)
{ {
struct safexcel_token *token;
u32 block_sz = 0; u32 block_sz = 0;
if (ctx->mode != CONTEXT_CONTROL_CRYPTO_MODE_ECB) { if (ctx->mode != CONTEXT_CONTROL_CRYPTO_MODE_ECB) {
...@@ -92,6 +90,15 @@ static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv, ...@@ -92,6 +90,15 @@ static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
memcpy(cdesc->control_data.token, iv, block_sz); memcpy(cdesc->control_data.token, iv, block_sz);
} }
} }
}
static void safexcel_skcipher_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
struct safexcel_command_desc *cdesc,
u32 length)
{
struct safexcel_token *token;
safexcel_cipher_token(ctx, iv, cdesc);
/* skip over worst case IV of 4 dwords, no need to be exact */ /* skip over worst case IV of 4 dwords, no need to be exact */
token = (struct safexcel_token *)(cdesc->control_data.token + 4); token = (struct safexcel_token *)(cdesc->control_data.token + 4);
...@@ -111,26 +118,8 @@ static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv, ...@@ -111,26 +118,8 @@ static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
u32 cryptlen, u32 assoclen, u32 digestsize) u32 cryptlen, u32 assoclen, u32 digestsize)
{ {
struct safexcel_token *token; struct safexcel_token *token;
u32 block_sz = 0;
if (ctx->mode != CONTEXT_CONTROL_CRYPTO_MODE_ECB) { safexcel_cipher_token(ctx, iv, cdesc);
switch (ctx->alg) {
case SAFEXCEL_DES:
block_sz = DES_BLOCK_SIZE;
cdesc->control_data.options |= EIP197_OPTION_2_TOKEN_IV_CMD;
break;
case SAFEXCEL_3DES:
block_sz = DES3_EDE_BLOCK_SIZE;
cdesc->control_data.options |= EIP197_OPTION_2_TOKEN_IV_CMD;
break;
case SAFEXCEL_AES:
block_sz = AES_BLOCK_SIZE;
cdesc->control_data.options |= EIP197_OPTION_4_TOKEN_IV_CMD;
break;
}
memcpy(cdesc->control_data.token, iv, block_sz);
}
if (direction == SAFEXCEL_DECRYPT) if (direction == SAFEXCEL_DECRYPT)
cryptlen -= digestsize; cryptlen -= digestsize;
...@@ -165,18 +154,27 @@ static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv, ...@@ -165,18 +154,27 @@ static void safexcel_aead_token(struct safexcel_cipher_ctx *ctx, u8 *iv,
token[3].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT; token[3].instructions = EIP197_TOKEN_INS_TYPE_OUTPUT;
} }
token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION; if (unlikely(!cryptlen)) {
token[0].packet_length = assoclen; token[1].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH; token[1].packet_length = assoclen;
token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
token[1].opcode = EIP197_TOKEN_OPCODE_DIRECTION; token[1].instructions = EIP197_TOKEN_INS_LAST |
token[1].packet_length = cryptlen; EIP197_TOKEN_INS_TYPE_HASH;
token[1].stat = EIP197_TOKEN_STAT_LAST_HASH; } else {
token[1].instructions = EIP197_TOKEN_INS_LAST | if (likely(assoclen)) {
EIP197_TOKEN_INS_TYPE_CRYPTO | token[0].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
EIP197_TOKEN_INS_TYPE_HASH | token[0].packet_length = assoclen;
EIP197_TOKEN_INS_TYPE_OUTPUT; token[0].instructions = EIP197_TOKEN_INS_TYPE_HASH;
}
token[1].opcode = EIP197_TOKEN_OPCODE_DIRECTION;
token[1].packet_length = cryptlen;
token[1].stat = EIP197_TOKEN_STAT_LAST_HASH;
token[1].instructions = EIP197_TOKEN_INS_LAST |
EIP197_TOKEN_INS_TYPE_CRYPTO |
EIP197_TOKEN_INS_TYPE_HASH |
EIP197_TOKEN_INS_TYPE_OUTPUT;
}
} }
static int safexcel_skcipher_aes_setkey(struct crypto_skcipher *ctfm, static int safexcel_skcipher_aes_setkey(struct crypto_skcipher *ctfm,
...@@ -220,23 +218,43 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, ...@@ -220,23 +218,43 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
struct safexcel_ahash_export_state istate, ostate; struct safexcel_ahash_export_state istate, ostate;
struct safexcel_crypto_priv *priv = ctx->priv; struct safexcel_crypto_priv *priv = ctx->priv;
struct crypto_authenc_keys keys; struct crypto_authenc_keys keys;
struct crypto_aes_ctx aes;
u32 flags; u32 flags;
int err; int err = -EINVAL;
if (crypto_authenc_extractkeys(&keys, key, len) != 0) if (crypto_authenc_extractkeys(&keys, key, len) != 0)
goto badkey; goto badkey;
if (keys.enckeylen > sizeof(ctx->key)) if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD) {
goto badkey; /* 20 is minimum AES key: 16 bytes + 4 bytes nonce */
if (keys.enckeylen < 20)
goto badkey;
/* last 4 bytes of key are the nonce! */
ctx->nonce = *(u32 *)(keys.enckey + keys.enckeylen - 4);
/* exclude the nonce here */
keys.enckeylen -= 4;
}
/* Encryption key */ /* Encryption key */
if (ctx->alg == SAFEXCEL_3DES) { switch (ctx->alg) {
case SAFEXCEL_3DES:
if (keys.enckeylen != 24)
goto badkey;
flags = crypto_aead_get_flags(ctfm); flags = crypto_aead_get_flags(ctfm);
err = __des3_verify_key(&flags, keys.enckey); err = __des3_verify_key(&flags, keys.enckey);
crypto_aead_set_flags(ctfm, flags); crypto_aead_set_flags(ctfm, flags);
if (unlikely(err)) if (unlikely(err))
return err; goto badkey_expflags;
break;
case SAFEXCEL_AES:
err = aes_expandkey(&aes, keys.enckey, keys.enckeylen);
if (unlikely(err))
goto badkey;
break;
default:
dev_err(priv->dev, "aead: unsupported cipher algorithm\n");
goto badkey;
} }
if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma && if (priv->flags & EIP197_TRC_CACHE && ctx->base.ctxr_dma &&
...@@ -295,8 +313,9 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, ...@@ -295,8 +313,9 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key,
badkey: badkey:
crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN); crypto_aead_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
badkey_expflags:
memzero_explicit(&keys, sizeof(keys)); memzero_explicit(&keys, sizeof(keys));
return -EINVAL; return err;
} }
static int safexcel_context_control(struct safexcel_cipher_ctx *ctx, static int safexcel_context_control(struct safexcel_cipher_ctx *ctx,
...@@ -1392,6 +1411,7 @@ static int safexcel_aead_cra_init(struct crypto_tfm *tfm) ...@@ -1392,6 +1411,7 @@ static int safexcel_aead_cra_init(struct crypto_tfm *tfm)
ctx->priv = tmpl->priv; ctx->priv = tmpl->priv;
ctx->alg = SAFEXCEL_AES; /* default */
ctx->aead = true; ctx->aead = true;
ctx->base.send = safexcel_aead_send; ctx->base.send = safexcel_aead_send;
ctx->base.handle_result = safexcel_aead_handle_result; ctx->base.handle_result = safexcel_aead_handle_result;
...@@ -1573,6 +1593,15 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_aes = { ...@@ -1573,6 +1593,15 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_cbc_aes = {
}, },
}; };
static int safexcel_aead_sha1_des3_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha1_cra_init(tfm);
ctx->alg = SAFEXCEL_3DES; /* override default */
return 0;
}
static int safexcel_aead_encrypt_3des(struct aead_request *req) static int safexcel_aead_encrypt_3des(struct aead_request *req)
{ {
struct safexcel_cipher_req *creq = aead_request_ctx(req); struct safexcel_cipher_req *creq = aead_request_ctx(req);
...@@ -1606,7 +1635,172 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = { ...@@ -1606,7 +1635,172 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_cbc_des3_ede = {
.cra_blocksize = DES3_EDE_BLOCK_SIZE, .cra_blocksize = DES3_EDE_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx), .cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0, .cra_alignmask = 0,
.cra_init = safexcel_aead_sha1_cra_init, .cra_init = safexcel_aead_sha1_des3_cra_init,
.cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE,
},
},
};
static int safexcel_aead_sha1_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha1_cra_init(tfm);
ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
return 0;
}
struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_aes = {
.type = SAFEXCEL_ALG_TYPE_AEAD,
.alg.aead = {
.setkey = safexcel_aead_setkey,
.encrypt = safexcel_aead_encrypt_aes,
.decrypt = safexcel_aead_decrypt_aes,
.ivsize = 8,
.maxauthsize = SHA1_DIGEST_SIZE,
.base = {
.cra_name = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
.cra_driver_name = "safexcel-authenc-hmac-sha1-ctr-aes",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0,
.cra_init = safexcel_aead_sha1_ctr_cra_init,
.cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE,
},
},
};
static int safexcel_aead_sha256_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha256_cra_init(tfm);
ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
return 0;
}
struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_ctr_aes = {
.type = SAFEXCEL_ALG_TYPE_AEAD,
.alg.aead = {
.setkey = safexcel_aead_setkey,
.encrypt = safexcel_aead_encrypt_aes,
.decrypt = safexcel_aead_decrypt_aes,
.ivsize = 8,
.maxauthsize = SHA256_DIGEST_SIZE,
.base = {
.cra_name = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
.cra_driver_name = "safexcel-authenc-hmac-sha256-ctr-aes",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0,
.cra_init = safexcel_aead_sha256_ctr_cra_init,
.cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE,
},
},
};
static int safexcel_aead_sha224_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha224_cra_init(tfm);
ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
return 0;
}
struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_ctr_aes = {
.type = SAFEXCEL_ALG_TYPE_AEAD,
.alg.aead = {
.setkey = safexcel_aead_setkey,
.encrypt = safexcel_aead_encrypt_aes,
.decrypt = safexcel_aead_decrypt_aes,
.ivsize = 8,
.maxauthsize = SHA224_DIGEST_SIZE,
.base = {
.cra_name = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
.cra_driver_name = "safexcel-authenc-hmac-sha224-ctr-aes",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0,
.cra_init = safexcel_aead_sha224_ctr_cra_init,
.cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE,
},
},
};
static int safexcel_aead_sha512_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha512_cra_init(tfm);
ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
return 0;
}
struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_ctr_aes = {
.type = SAFEXCEL_ALG_TYPE_AEAD,
.alg.aead = {
.setkey = safexcel_aead_setkey,
.encrypt = safexcel_aead_encrypt_aes,
.decrypt = safexcel_aead_decrypt_aes,
.ivsize = 8,
.maxauthsize = SHA512_DIGEST_SIZE,
.base = {
.cra_name = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
.cra_driver_name = "safexcel-authenc-hmac-sha512-ctr-aes",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0,
.cra_init = safexcel_aead_sha512_ctr_cra_init,
.cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE,
},
},
};
static int safexcel_aead_sha384_ctr_cra_init(struct crypto_tfm *tfm)
{
struct safexcel_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
safexcel_aead_sha384_cra_init(tfm);
ctx->mode = CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; /* override default */
return 0;
}
struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_ctr_aes = {
.type = SAFEXCEL_ALG_TYPE_AEAD,
.alg.aead = {
.setkey = safexcel_aead_setkey,
.encrypt = safexcel_aead_encrypt_aes,
.decrypt = safexcel_aead_decrypt_aes,
.ivsize = 8,
.maxauthsize = SHA384_DIGEST_SIZE,
.base = {
.cra_name = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
.cra_driver_name = "safexcel-authenc-hmac-sha384-ctr-aes",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_ASYNC |
CRYPTO_ALG_KERN_DRIVER_ONLY,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct safexcel_cipher_ctx),
.cra_alignmask = 0,
.cra_init = safexcel_aead_sha384_ctr_cra_init,
.cra_exit = safexcel_aead_cra_exit, .cra_exit = safexcel_aead_cra_exit,
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
}, },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment