Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / 345e02163f2b39f2461e5817f5e0a99f9f246b7b / . / feed / kernel / crypto-eip / src / ddk-wrapper.c
blob: edecc900411d07c7aea077718cd78da2babcb250 [file] [log] [blame]
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2023 MediaTek Inc.
4 *
5 * Author: Chris.Chou <chris.chou@mediatek.com>
6 * Ren-Ting Wang <ren-ting.wang@mediatek.com>
7 */
8
9#include <crypto/aes.h>
10#include <crypto/hash.h>
11#include <crypto/hmac.h>
12#include <crypto/md5.h>
13#include <linux/delay.h>
14
15#include <crypto-eip/ddk/slad/api_pcl.h>
16#include <crypto-eip/ddk/slad/api_pcl_dtl.h>
17#include <crypto-eip/ddk/slad/api_pec.h>
18#include <crypto-eip/ddk/slad/api_driver197_init.h>
19
20#include "crypto-eip/crypto-eip.h"
21#include "crypto-eip/ddk-wrapper.h"
22#include "crypto-eip/internal.h"
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]23
24LIST_HEAD(result_list);
25
26void crypto_free_sa(void *sa_pointer)
27{
28 DMABuf_Handle_t SAHandle = {0};
29
30 SAHandle.p = sa_pointer;
31 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
32 DMABuf_NULLHandle);
33 DMABuf_Release(SAHandle);
34}
35
36void crypto_free_token(void *token)
37{
38 DMABuf_Handle_t TokenHandle = {0};
39
40 TokenHandle.p = token;
41 DMABuf_Release(TokenHandle);
42}
43
44/* TODO: to be remove*/
45void crypto_free_pkt(void *pkt)
46{
47 DMABuf_Handle_t PktHandle = {0};
48
49 PktHandle.p = pkt;
50 DMABuf_Release(PktHandle);
51}
52
53void crypto_free_sglist(void *sglist)
54{
55 PEC_Status_t res;
56 unsigned int count;
57 unsigned int size;
58 DMABuf_Handle_t SGListHandle = {0};
59 DMABuf_Handle_t ParticleHandle = {0};
60 int i;
61 uint8_t *Particle_p;
62
63 SGListHandle.p = sglist;
64 res = PEC_SGList_GetCapacity(SGListHandle, &count);
65 if (res != PEC_STATUS_OK)
66 return;
67 for (i = 0; i < count; i++) {
68 PEC_SGList_Read(SGListHandle,
69 i,
70 &ParticleHandle,
71 &size,
72 &Particle_p);
73 DMABuf_Particle_Release(ParticleHandle);
74 }
75
76 PEC_SGList_Destroy(SGListHandle);
77}
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]78
79static bool crypto_iotoken_create(IOToken_Input_Dscr_t * const dscr_p,
80 void * const ext_p, u32 *data_p,
81 PEC_CommandDescriptor_t * const pec_cmd_dscr)
82{
83 int IOTokenRc;
84
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]85 dscr_p->InPacket_ByteCount = pec_cmd_dscr->SrcPkt_ByteCount;
86 dscr_p->Ext_p = ext_p;
87
88 IOTokenRc = IOToken_Create(dscr_p, data_p);
89 if (IOTokenRc < 0) {
90 CRYPTO_ERR("IOToken_Create error %d\n", IOTokenRc);
91 return false;
92 }
93
94 pec_cmd_dscr->InputToken_p = data_p;
95
96 return true;
97}
98
99unsigned int crypto_pe_busy_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
100 u32 *OutTokenData_p,
101 PEC_ResultDescriptor_t *RD_p)
102{
103 int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
104 int IOToken_Rc;
105 PEC_Status_t pecres;
106
107 ZEROINIT(*OutTokenDscr_p);
108 ZEROINIT(*RD_p);
109
110 /* Link data structures */
111 RD_p->OutputToken_p = OutTokenData_p;
112
113 while (LoopCounter > 0) {
114 /* Try to get the processed packet from the driver */
115 unsigned int Counter = 0;
116
117 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
118 if (pecres != PEC_STATUS_OK) {
119 /* IO error */
120 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
121 return 0;
122 }
123
124 if (Counter) {
125 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
126 if (IOToken_Rc < 0) {
127 /* IO error */
128 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
129 return 0;
130 }
131
132 if (OutTokenDscr_p->ErrorCode != 0) {
133 /* Packet process error */
134 CRYPTO_ERR("Result descriptor error 0x%x\n",
135 OutTokenDscr_p->ErrorCode);
136 return 0;
137 }
138
139 /* packet received */
140 return Counter;
141 }
142
143 /* Wait for MTK_EIP197_PKT_GET_TIMEOUT_MS milliseconds */
144 udelay(MTK_EIP197_PKT_GET_TIMEOUT_MS);
145 LoopCounter--;
146 }
147
148 /* IO error (timeout, not result packet received) */
149 return 0;
150}
151
152unsigned int crypto_pe_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
153 u32 *OutTokenData_p,
154 PEC_ResultDescriptor_t *RD_p)
155{
156 int IOToken_Rc;
157 unsigned int Counter = 0;
158 PEC_Status_t pecres;
159
160 ZEROINIT(*OutTokenDscr_p);
161 ZEROINIT(*RD_p);
162
163 RD_p->OutputToken_p = OutTokenData_p;
164
165 /* Try to get the processed packet from the driver */
166 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
167 if (pecres != PEC_STATUS_OK) {
168 /* IO error */
169 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
170 return 0;
171 }
172
173 if (Counter) {
174 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
175 if (IOToken_Rc < 0) {
176 /* IO error */
177 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
178 return 0;
179 }
180 if (OutTokenDscr_p->ErrorCode != 0) {
181 /* Packet process error */
182 CRYPTO_ERR("Result descriptor error 0x%x\n",
183 OutTokenDscr_p->ErrorCode);
184 return 0;
185 }
186 /* packet received */
187 return Counter;
188 }
189
190 /* IO error (timeout, not result packet received) */
191 return 0;
192}
193
194SABuilder_Crypto_Mode_t lookaside_match_alg_mode(enum mtk_crypto_cipher_mode mode)
195{
196 switch (mode) {
197 case MTK_CRYPTO_MODE_CBC:
198 return SAB_CRYPTO_MODE_CBC;
199 case MTK_CRYPTO_MODE_ECB:
200 return SAB_CRYPTO_MODE_ECB;
201 case MTK_CRYPTO_MODE_OFB:
202 return SAB_CRYPTO_MODE_OFB;
203 case MTK_CRYPTO_MODE_CFB:
204 return SAB_CRYPTO_MODE_CFB;
205 case MTK_CRYPTO_MODE_CTR:
206 return SAB_CRYPTO_MODE_CTR;
207 case MTK_CRYPTO_MODE_GCM:
208 return SAB_CRYPTO_MODE_GCM;
209 case MTK_CRYPTO_MODE_GMAC:
210 return SAB_CRYPTO_MODE_GMAC;
211 case MTK_CRYPTO_MODE_CCM:
212 return SAB_CRYPTO_MODE_CCM;
213 default:
214 return SAB_CRYPTO_MODE_BASIC;
215 }
216}
217
218SABuilder_Crypto_t lookaside_match_alg_name(enum mtk_crypto_alg alg)
219{
220 switch (alg) {
221 case MTK_CRYPTO_AES:
222 return SAB_CRYPTO_AES;
223 case MTK_CRYPTO_DES:
224 return SAB_CRYPTO_DES;
225 case MTK_CRYPTO_3DES:
226 return SAB_CRYPTO_3DES;
227 default:
228 return SAB_CRYPTO_NULL;
229 }
230}
231
232SABuilder_Auth_t aead_hash_match(enum mtk_crypto_alg alg)
233{
234 switch (alg) {
235 case MTK_CRYPTO_ALG_SHA1:
236 return SAB_AUTH_HMAC_SHA1;
237 case MTK_CRYPTO_ALG_SHA224:
238 return SAB_AUTH_HMAC_SHA2_224;
239 case MTK_CRYPTO_ALG_SHA256:
240 return SAB_AUTH_HMAC_SHA2_256;
241 case MTK_CRYPTO_ALG_SHA384:
242 return SAB_AUTH_HMAC_SHA2_384;
243 case MTK_CRYPTO_ALG_SHA512:
244 return SAB_AUTH_HMAC_SHA2_512;
245 case MTK_CRYPTO_ALG_MD5:
246 return SAB_AUTH_HMAC_MD5;
247 case MTK_CRYPTO_ALG_GCM:
248 return SAB_AUTH_AES_GCM;
249 case MTK_CRYPTO_ALG_GMAC:
250 return SAB_AUTH_AES_GMAC;
251 case MTK_CRYPTO_ALG_CCM:
252 return SAB_AUTH_AES_CCM;
253 default:
254 return SAB_AUTH_NULL;
255 }
256}
257
258void mtk_crypto_interrupt_handler(void)
259{
260 struct mtk_crypto_result *rd;
261 struct mtk_crypto_context *ctx;
262 IOToken_Output_Dscr_t OutTokenDscr;
263 PEC_ResultDescriptor_t Res;
264 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
265 int ret = 0;
266
267 while (true) {
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]268 spin_lock_bh(&add_lock);
269 if (list_empty(&result_list)) {
270 spin_unlock_bh(&add_lock);
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]271 return;
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]272 }
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]273 rd = list_first_entry(&result_list, struct mtk_crypto_result, list);
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]274 spin_unlock_bh(&add_lock);
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]275
276 if (crypto_pe_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
277 PEC_NotifyFunction_t CBFunc;
278
279 CBFunc = mtk_crypto_interrupt_handler;
280 if (OutTokenDscr.ErrorCode == 0) {
281 PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
282 return;
283 } else if (OutTokenDscr.ErrorCode & BIT(9)) {
284 ret = -EBADMSG;
285 } else if (OutTokenDscr.ErrorCode == 0x4003) {
286 ret = 0;
287 } else
288 ret = 1;
289
290 CRYPTO_ERR("error from crypto_pe_get_one: %d\n", ret);
291 }
292
293 ctx = crypto_tfm_ctx(rd->async->tfm);
294 ret = ctx->handle_result(rd, ret);
295
296 spin_lock_bh(&add_lock);
297 list_del(&rd->list);
298 spin_unlock_bh(&add_lock);
299 kfree(rd);
300 }
301}
302
303int crypto_aead_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
304 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
305 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
306{
307 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
308 struct mtk_crypto_result *result;
309 struct scatterlist *sg;
310 unsigned int totlen_src;
311 unsigned int totlen_dst;
312 unsigned int src_pkt = cryptlen + assoclen;
313 unsigned int pass_assoc = 0;
314 int pass_id;
315 int rc;
316 int i;
317 SABuilder_Params_t params;
318 SABuilder_Params_Basic_t ProtocolParams;
319 unsigned int SAWords = 0;
320
321 DMABuf_Status_t DMAStatus;
322 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
323 DMABuf_HostAddress_t SAHostAddress;
324 DMABuf_HostAddress_t TokenHostAddress;
325 DMABuf_HostAddress_t PktHostAddress;
326
327 DMABuf_Handle_t SAHandle = {0};
328 DMABuf_Handle_t TokenHandle = {0};
329 DMABuf_Handle_t SrcSGListHandle = {0};
330 DMABuf_Handle_t DstSGListHandle = {0};
331
332 unsigned int TCRWords = 0;
333 void *TCRData = 0;
334 unsigned int TokenWords = 0;
335 unsigned int TokenHeaderWord;
336 unsigned int TokenMaxWords = 0;
337
338 TokenBuilder_Params_t TokenParams;
339 PEC_CommandDescriptor_t Cmd;
340 PEC_NotifyFunction_t CBFunc;
341 unsigned int count;
342
343 IOToken_Input_Dscr_t InTokenDscr;
344 IOToken_Output_Dscr_t OutTokenDscr;
345 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
346 void *InTokenDscrExt_p = NULL;
347 uint8_t gcm_iv[16] = {0};
348 uint8_t *aad = NULL;
349
350#ifdef CRYPTO_IOTOKEN_EXT
351 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
352
353 ZEROINIT(InTokenDscrExt);
354 InTokenDscrExt_p = &InTokenDscrExt;
355#endif
356 ZEROINIT(InTokenDscr);
357 ZEROINIT(OutTokenDscr);
358
359 /* Init SA */
360 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT) {
361 totlen_src = cryptlen + assoclen;
362 totlen_dst = totlen_src + digestsize;
363 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
364 } else {
365 totlen_src = cryptlen + assoclen;
366 totlen_dst = totlen_src - digestsize;
367 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
368 }
369 if (rc) {
370 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
371 goto error_exit;
372 }
373
374 /* Build SA */
375 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
376 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
377 params.KeyByteCount = ctx->key_len;
378 params.Key_p = (uint8_t *) ctx->key;
379 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
380 params.Nonce_p = (uint8_t *) &ctx->nonce;
381 params.IVSrc = SAB_IV_SRC_TOKEN;
382 params.flags |= SAB_FLAG_COPY_IV;
383 memcpy(gcm_iv, &ctx->nonce, 4);
384 memcpy(gcm_iv + 4, iv, ivsize);
385 gcm_iv[15] = 1;
386 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GMAC) {
387 params.Nonce_p = (uint8_t *) &ctx->nonce;
388 params.IVSrc = SAB_IV_SRC_TOKEN;
389 memcpy(gcm_iv, &ctx->nonce, 4);
390 memcpy(gcm_iv + 4, iv, ivsize);
391 gcm_iv[15] = 1;
392 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GCM) {
393 params.IVSrc = SAB_IV_SRC_TOKEN;
394 memcpy(gcm_iv, iv, ivsize);
395 gcm_iv[15] = 1;
396 } else if (params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
397 params.IVSrc = SAB_IV_SRC_SA;
398 params.Nonce_p = (uint8_t *) &ctx->nonce + 1;
399 params.IV_p = iv;
400 } else {
401 params.IVSrc = SAB_IV_SRC_SA;
402 params.IV_p = iv;
403 }
404
405 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
406 params.Nonce_p = (uint8_t *) &ctx->nonce;
407
408 params.AuthAlgo = aead_hash_match(ctx->hash_alg);
409 params.AuthKey1_p = (uint8_t *) ctx->ipad;
410 params.AuthKey2_p = (uint8_t *) ctx->opad;
411
412 ProtocolParams.ICVByteCount = digestsize;
413
414 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
415 if (rc) {
416 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
417 goto error_remove_sg;
418 }
419
420 DMAProperties.fCached = true;
421 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
422 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
423 DMAProperties.Size = MAX(4*SAWords, 256);
424
425 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
426 if (DMAStatus != DMABUF_STATUS_OK) {
427 rc = 1;
428 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
429 goto error_remove_sg;
430 }
431
432 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
433 if (rc) {
434 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
435 goto error_remove_sg;
436 }
437
438 /* Check dst buffer has enough size */
439 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
440 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
441
442 if (src == dst) {
443 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
444 mtk_req->nr_dst = mtk_req->nr_src;
445 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
446 CRYPTO_ERR("In-place buffer not large enough\n");
447 return -EINVAL;
448 }
449 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
450 } else {
451 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
452 CRYPTO_ERR("Source buffer not large enough\n");
453 return -EINVAL;
454 }
455 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
456
457 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
458 CRYPTO_ERR("Dest buffer not large enough\n");
459 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
460 return -EINVAL;
461 }
462 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
463 }
464
465 if (params.CryptoMode == SAB_CRYPTO_MODE_CCM ||
466 (params.CryptoMode == SAB_CRYPTO_MODE_GCM &&
467 ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP)) {
468
469 aad = kmalloc(assoclen, GFP_KERNEL);
470 if (!aad)
471 goto error_remove_sg;
472 sg_copy_to_buffer(src, mtk_req->nr_src, aad, assoclen);
473 src_pkt -= assoclen;
474 pass_assoc = assoclen;
475 }
476
477 /* Assign sg list */
478 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
479 if (rc != PEC_STATUS_OK) {
480 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
481 goto error_remove_sg;
482 }
483
484 pass_id = 0;
485 DMAProperties.fCached = true;
486 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
487 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
488 for_each_sg(src, sg, mtk_req->nr_src, i) {
489 int len = sg_dma_len(sg);
490 DMABuf_Handle_t sg_handle;
491 DMABuf_HostAddress_t host;
492
493 if (totlen_src < len)
494 len = totlen_src;
495
496 if (pass_assoc) {
497 if (pass_assoc >= len) {
498 pass_assoc -= len;
499 pass_id++;
500 continue;
501 }
502 DMAProperties.Size = MAX(len - pass_assoc, 1);
503 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg) + pass_assoc,
504 &host, &sg_handle);
505 if (rc != DMABUF_STATUS_OK) {
506 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
507 goto error_remove_sg;
508 }
509 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle,
510 len - pass_assoc);
511 if (rc != PEC_STATUS_OK)
512 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
513 pass_assoc = 0;
514 } else {
515 DMAProperties.Size = MAX(len, 1);
516 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg),
517 &host, &sg_handle);
518 if (rc != DMABUF_STATUS_OK) {
519 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
520 goto error_remove_sg;
521 }
522
523 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle, len);
524 if (rc != PEC_STATUS_OK)
525 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
526 }
527
528 totlen_src -= len;
529 if (!totlen_src)
530 break;
531 }
532
533 /* Alloc sg list for result */
534 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
535 if (rc != PEC_STATUS_OK) {
536 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
537 goto error_remove_sg;
538 }
539
540 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
541 int len = sg_dma_len(sg);
542 DMABuf_Handle_t sg_handle;
543 DMABuf_HostAddress_t host;
544
545 if (len > totlen_dst)
546 len = totlen_dst;
547
548 DMAProperties.Size = MAX(len, 1);
549 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
550 if (rc != DMABUF_STATUS_OK) {
551 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
552 goto error_remove_sg;
553 }
554 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
555 if (rc != PEC_STATUS_OK)
556 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
557
558 if (unlikely(!len))
559 break;
560 totlen_dst -= len;
561 }
562
563 /* Build Token */
564 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
565 if (rc) {
566 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
567 goto error_remove_sg;
568 }
569
570 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
571 if (!TCRData) {
572 rc = 1;
573 CRYPTO_ERR("Allocation of TCR failed\n");
574 goto error_remove_sg;
575 }
576
577 rc = TokenBuilder_BuildContext(&params, TCRData);
578 if (rc) {
579 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
580 goto error_remove_sg;
581 }
582
583 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
584 if (rc) {
585 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
586 goto error_remove_sg;
587 }
588
589 DMAProperties.fCached = true;
590 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
591 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
592 DMAProperties.Size = 4*TokenMaxWords;
593
594 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
595 if (DMAStatus != DMABUF_STATUS_OK) {
596 rc = 1;
597 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
598 goto error_remove_sg;
599 }
600
601 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
602 DMABuf_NULLHandle);
603 if (rc != PEC_STATUS_OK) {
604 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
605 goto error_remove_sg;
606 }
607
608 ZEROINIT(TokenParams);
609
610 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM || params.CryptoMode == SAB_CRYPTO_MODE_GMAC)
611 TokenParams.IV_p = gcm_iv;
612
613 if ((params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) ||
614 params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
615 TokenParams.AdditionalValue = assoclen - ivsize;
616 TokenParams.AAD_p = aad;
617 } else if (params.CryptoMode != SAB_CRYPTO_MODE_GMAC)
618 TokenParams.AdditionalValue = assoclen;
619
620
621 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
622 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, src_pkt,
623 &TokenParams, (uint32_t *)TokenHostAddress.p,
624 &TokenWords, &TokenHeaderWord);
625 kfree(PktHostAddress.p);
626 if (rc != TKB_STATUS_OK) {
627 CRYPTO_ERR("Token builder failed: %d\n", rc);
628 goto error_exit_unregister;
629 }
630
631 ZEROINIT(Cmd);
632 Cmd.Token_Handle = TokenHandle;
633 Cmd.Token_WordCount = TokenWords;
634 Cmd.SrcPkt_Handle = SrcSGListHandle;
635 Cmd.SrcPkt_ByteCount = src_pkt;
636 Cmd.DstPkt_Handle = DstSGListHandle;
637 Cmd.SA_Handle1 = SAHandle;
638 Cmd.SA_Handle2 = DMABuf_NULLHandle;
639
640 #if defined(CRYPTO_IOTOKEN_EXT)
641 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
642#endif
643 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
644
645 if (!crypto_iotoken_create(&InTokenDscr,
646 InTokenDscrExt_p,
647 InputToken,
648 &Cmd)) {
649 rc = 1;
650 goto error_exit_unregister;
651 }
652
653 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
654 if (rc != PEC_STATUS_OK && count != 1)
655 goto error_exit_unregister;
656
657 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
658 if (!result) {
659 rc = 1;
660 CRYPTO_ERR("No memory for result\n");
661 goto error_exit_unregister;
662 }
663 INIT_LIST_HEAD(&result->list);
664 result->eip.sa = SAHandle.p;
665 result->eip.token = TokenHandle.p;
666 result->eip.token_context = TCRData;
667 result->eip.pkt_handle = SrcSGListHandle.p;
668 result->async = async;
669 result->dst = DstSGListHandle.p;
670
671 spin_lock_bh(&add_lock);
672 list_add_tail(&result->list, &result_list);
673 spin_unlock_bh(&add_lock);
674 CBFunc = mtk_crypto_interrupt_handler;
675 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
676 if (rc != PEC_STATUS_OK) {
677 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
678 goto error_exit_unregister;
679 }
680
681 return rc;
682
683error_exit_unregister:
684 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
685 DMABuf_NULLHandle);
686error_remove_sg:
687 if (src == dst) {
688 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
689 } else {
690 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
691 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
692 }
693
694 if (aad != NULL)
695 kfree(aad);
696
697 crypto_free_sglist(SrcSGListHandle.p);
698 crypto_free_sglist(DstSGListHandle.p);
699
700error_exit:
701 DMABuf_Release(SAHandle);
702 DMABuf_Release(TokenHandle);
703
704 if (TCRData != NULL)
705 kfree(TCRData);
706
707 return rc;
708}
709
710int crypto_basic_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
711 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
712 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
713{
714 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
715 struct skcipher_request *areq = skcipher_request_cast(async);
716 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(areq);
717 struct mtk_crypto_result *result;
718 struct scatterlist *sg;
719 unsigned int totlen_src = cryptlen + assoclen;
720 unsigned int totlen_dst = totlen_src;
721 unsigned int blksize = crypto_skcipher_blocksize(skcipher);
722 int rc;
723 int i;
724 SABuilder_Params_t params;
725 SABuilder_Params_Basic_t ProtocolParams;
726 unsigned int SAWords = 0;
727
728 DMABuf_Status_t DMAStatus;
729 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
730 DMABuf_HostAddress_t SAHostAddress;
731 DMABuf_HostAddress_t TokenHostAddress;
732 DMABuf_HostAddress_t PktHostAddress;
733
734 DMABuf_Handle_t SAHandle = {0};
735 DMABuf_Handle_t TokenHandle = {0};
736 DMABuf_Handle_t SrcSGListHandle = {0};
737 DMABuf_Handle_t DstSGListHandle = {0};
738
739 unsigned int TCRWords = 0;
740 void *TCRData = 0;
741 unsigned int TokenWords = 0;
742 unsigned int TokenHeaderWord;
743 unsigned int TokenMaxWords = 0;
744
745 TokenBuilder_Params_t TokenParams;
746 PEC_CommandDescriptor_t Cmd;
747 unsigned int count;
748
749 IOToken_Input_Dscr_t InTokenDscr;
750 IOToken_Output_Dscr_t OutTokenDscr;
751 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
752 void *InTokenDscrExt_p = NULL;
753 PEC_NotifyFunction_t CBFunc;
754
755#ifdef CRYPTO_IOTOKEN_EXT
756 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
757
758 ZEROINIT(InTokenDscrExt);
759 InTokenDscrExt_p = &InTokenDscrExt;
760#endif
761 ZEROINIT(InTokenDscr);
762 ZEROINIT(OutTokenDscr);
763
764 /* If the data is not aligned with block size, return invalid */
765 if (!IS_ALIGNED(cryptlen, blksize))
766 return -EINVAL;
767
768 /* Init SA */
769 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT)
770 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
771 else
772 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
773 if (rc) {
774 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
775 goto error_exit;
776 }
777
778 /* Build SA */
779 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
780 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
781 params.KeyByteCount = ctx->key_len;
782 params.Key_p = (uint8_t *) ctx->key;
783 params.IVSrc = SAB_IV_SRC_SA;
784 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
785 params.Nonce_p = (uint8_t *) &ctx->nonce;
786 params.IV_p = iv;
787
788 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
789 if (rc) {
790 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
791 goto error_exit;
792 }
793
794 DMAProperties.fCached = true;
795 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
796 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
797 DMAProperties.Size = MAX(4*SAWords, 256);
798
799 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
800 if (DMAStatus != DMABUF_STATUS_OK) {
801 rc = 1;
802 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
803 goto error_exit;
804 }
805
806 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
807 if (rc) {
808 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
809 goto error_exit;
810 }
811
812 /* Build Token */
813 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
814 if (rc) {
815 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
816 goto error_exit;
817 }
818
819 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
820 if (!TCRData) {
821 rc = 1;
822 CRYPTO_ERR("Allocation of TCR failed\n");
823 goto error_exit;
824 }
825
826 rc = TokenBuilder_BuildContext(&params, TCRData);
827 if (rc) {
828 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
829 goto error_exit;
830 }
831
832 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
833 if (rc) {
834 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
835 goto error_exit;
836 }
837
838 DMAProperties.fCached = true;
839 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
840 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
841 DMAProperties.Size = 4*TokenMaxWords;
842
843 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
844 if (DMAStatus != DMABUF_STATUS_OK) {
845 rc = 1;
846 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
847 goto error_exit;
848 }
849
850 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
851 DMABuf_NULLHandle);
852 if (rc != PEC_STATUS_OK) {
853 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
854 goto error_exit;
855 }
856
857 /* Check buffer has enough size for output */
858 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
859 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
860
861 if (src == dst) {
862 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
863 mtk_req->nr_dst = mtk_req->nr_src;
864 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
865 CRYPTO_ERR("In-place buffer not large enough\n");
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]866 kfree(TCRData);
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]867 return -EINVAL;
868 }
869 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
870 } else {
871 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
872 CRYPTO_ERR("Source buffer not large enough\n");
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]873 kfree(TCRData);
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]874 return -EINVAL;
875 }
876 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
877
878 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
879 CRYPTO_ERR("Dest buffer not large enough\n");
880 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
developer0bed96a2024-04-01 19:03:52 +0800[diff] [blame]881 kfree(TCRData);
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]882 return -EINVAL;
883 }
884 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
885 }
886
887 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
888 if (rc != PEC_STATUS_OK) {
889 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
890 goto error_remove_sg;
891 }
892
893 DMAProperties.fCached = true;
894 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
895 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
896 for_each_sg(src, sg, mtk_req->nr_src, i) {
897 int len = sg_dma_len(sg);
898 DMABuf_Handle_t sg_handle;
899 DMABuf_HostAddress_t host;
900
901 if (totlen_src < len)
902 len = totlen_src;
903
904 DMAProperties.Size = MAX(len, 1);
905 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
906 if (rc != DMABUF_STATUS_OK) {
907 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
908 goto error_remove_sg;
909 }
910 rc = PEC_SGList_Write(SrcSGListHandle, i, sg_handle, len);
911 if (rc != PEC_STATUS_OK)
912 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
913
914 totlen_src -= len;
915 if (!totlen_src)
916 break;
917 }
918
919 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
920 if (rc != PEC_STATUS_OK) {
921 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
922 goto error_remove_sg;
923 }
924
925 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
926 int len = sg_dma_len(sg);
927 DMABuf_Handle_t sg_handle;
928 DMABuf_HostAddress_t host;
929
930 if (len > totlen_dst)
931 len = totlen_dst;
932
933 DMAProperties.Size = MAX(len, 1);
934 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
935 if (rc != DMABUF_STATUS_OK) {
936 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
937 goto error_remove_sg;
938 }
939 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
940
941 if (unlikely(!len))
942 break;
943 totlen_dst -= len;
944 }
945
946 if (params.CryptoMode == SAB_CRYPTO_MODE_CBC &&
947 mtk_req->direction == MTK_CRYPTO_DECRYPT)
948 sg_pcopy_to_buffer(src, mtk_req->nr_src, iv, ivsize, cryptlen - ivsize);
949
950 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
951 ZEROINIT(TokenParams);
952 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, cryptlen,
953 &TokenParams, (uint32_t *)TokenHostAddress.p,
954 &TokenWords, &TokenHeaderWord);
955 kfree(PktHostAddress.p);
956 if (rc != TKB_STATUS_OK) {
957 CRYPTO_ERR("Token builder failed: %d\n", rc);
958 goto error_remove_sg;
959 }
960
961 ZEROINIT(Cmd);
962 Cmd.Token_Handle = TokenHandle;
963 Cmd.Token_WordCount = TokenWords;
964 Cmd.SrcPkt_Handle = SrcSGListHandle;
965 Cmd.SrcPkt_ByteCount = cryptlen;
966 Cmd.DstPkt_Handle = DstSGListHandle;
967 Cmd.SA_Handle1 = SAHandle;
968 Cmd.SA_Handle2 = DMABuf_NULLHandle;
969
970#if defined(CRYPTO_IOTOKEN_EXT)
971 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
972#endif
973 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
974
975 if (!crypto_iotoken_create(&InTokenDscr,
976 InTokenDscrExt_p,
977 InputToken,
978 &Cmd)) {
979 rc = 1;
980 goto error_remove_sg;
981 }
982
983 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
984 if (rc != PEC_STATUS_OK && count != 1) {
985 rc = 1;
986 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
987 goto error_remove_sg;
988 }
989
990 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
991 if (!result) {
992 rc = 1;
993 CRYPTO_ERR("No memory for result\n");
994 goto error_remove_sg;
995 }
996 INIT_LIST_HEAD(&result->list);
997 result->eip.sa = SAHandle.p;
998 result->eip.token = TokenHandle.p;
999 result->eip.token_context = TCRData;
1000 result->eip.pkt_handle = SrcSGListHandle.p;
1001 result->async = async;
1002 result->dst = DstSGListHandle.p;
1003
1004 spin_lock_bh(&add_lock);
1005 list_add_tail(&result->list, &result_list);
1006 spin_unlock_bh(&add_lock);
1007 CBFunc = mtk_crypto_interrupt_handler;
1008 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1009 if (rc != PEC_STATUS_OK) {
1010 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1011 goto error_remove_sg;
1012 }
1013 return 0;
1014
1015error_remove_sg:
1016 if (src == dst) {
1017 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
1018 } else {
1019 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
1020 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
1021 }
1022
1023 crypto_free_sglist(SrcSGListHandle.p);
1024 crypto_free_sglist(DstSGListHandle.p);
1025
1026 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1027 DMABuf_NULLHandle);
1028
1029error_exit:
1030 DMABuf_Release(SAHandle);
1031 DMABuf_Release(TokenHandle);
1032
1033 if (TCRData != NULL)
1034 kfree(TCRData);
1035
1036 return rc;
1037}
1038
1039SABuilder_Auth_t lookaside_match_hash(enum mtk_crypto_alg alg)
1040{
1041 switch (alg) {
1042 case MTK_CRYPTO_ALG_SHA1:
1043 return SAB_AUTH_HASH_SHA1;
1044 case MTK_CRYPTO_ALG_SHA224:
1045 return SAB_AUTH_HASH_SHA2_224;
1046 case MTK_CRYPTO_ALG_SHA256:
1047 return SAB_AUTH_HASH_SHA2_256;
1048 case MTK_CRYPTO_ALG_SHA384:
1049 return SAB_AUTH_HASH_SHA2_384;
1050 case MTK_CRYPTO_ALG_SHA512:
1051 return SAB_AUTH_HASH_SHA2_512;
1052 case MTK_CRYPTO_ALG_MD5:
1053 return SAB_AUTH_HASH_MD5;
1054 case MTK_CRYPTO_ALG_XCBC:
1055 return SAB_AUTH_AES_XCBC_MAC;
1056 case MTK_CRYPTO_ALG_CMAC_128:
1057 return SAB_AUTH_AES_CMAC_128;
1058 case MTK_CRYPTO_ALG_CMAC_192:
1059 return SAB_AUTH_AES_CMAC_192;
1060 case MTK_CRYPTO_ALG_CMAC_256:
1061 return SAB_AUTH_AES_CMAC_256;
1062 default:
1063 return SAB_AUTH_NULL;
1064 }
1065}
1066
1067int crypto_ahash_token_req(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1068 uint8_t *Input_p, unsigned int InputByteCount, bool finish)
1069{
1070 struct mtk_crypto_result *result;
1071
1072 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1073 DMABuf_HostAddress_t TokenHostAddress;
1074 DMABuf_HostAddress_t PktHostAddress;
1075 DMABuf_Status_t DMAStatus;
1076
1077 DMABuf_Handle_t TokenHandle = {0};
1078 DMABuf_Handle_t PktHandle = {0};
1079 DMABuf_Handle_t SAHandle = {0};
1080
1081 unsigned int TokenMaxWords = 0;
1082 unsigned int TokenHeaderWord;
1083 unsigned int TokenWords = 0;
1084 void *TCRData = 0;
1085
1086 TokenBuilder_Params_t TokenParams;
1087 PEC_CommandDescriptor_t Cmd;
1088 PEC_NotifyFunction_t CBFunc;
1089
1090 unsigned int count;
1091 int rc;
1092
1093 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1094 IOToken_Output_Dscr_t OutTokenDscr;
1095 IOToken_Input_Dscr_t InTokenDscr;
1096 void *InTokenDscrExt_p = NULL;
1097
1098#ifdef CRYPTO_IOTOKEN_EXT
1099 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1100
1101 ZEROINIT(InTokenDscrExt);
1102 InTokenDscrExt_p = &InTokenDscrExt;
1103#endif
1104 ZEROINIT(InTokenDscr);
1105 ZEROINIT(OutTokenDscr);
1106
1107 TCRData = mtk_req->token_context;
1108 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1109 if (rc) {
1110 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1111 goto error_exit;
1112 }
1113
1114 DMAProperties.fCached = true;
1115 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1116 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1117 DMAProperties.Size = 4*TokenMaxWords;
1118
1119 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1120 if (DMAStatus != DMABUF_STATUS_OK) {
1121 rc = 1;
1122 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1123 goto error_exit;
1124 }
1125
1126 DMAProperties.fCached = true;
1127 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1128 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1129 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1130
1131 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1132 if (DMAStatus != DMABUF_STATUS_OK) {
1133 rc = 1;
1134 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1135 DMAStatus);
1136 goto error_exit;
1137 }
1138 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1139
1140 ZEROINIT(TokenParams);
1141 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHAPPEND;
1142 if (finish)
1143 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1144
1145 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1146 InputByteCount, &TokenParams,
1147 (u32 *) TokenHostAddress.p,
1148 &TokenWords, &TokenHeaderWord);
1149 if (rc != TKB_STATUS_OK) {
1150 CRYPTO_ERR("Token builder failed: %d\n", rc);
1151 goto error_exit_unregister;
1152 }
1153
1154 SAHandle.p = mtk_req->sa_pointer;
1155 ZEROINIT(Cmd);
1156 Cmd.Token_Handle = TokenHandle;
1157 Cmd.Token_WordCount = TokenWords;
1158 Cmd.SrcPkt_Handle = PktHandle;
1159 Cmd.SrcPkt_ByteCount = InputByteCount;
1160 Cmd.DstPkt_Handle = PktHandle;
1161 Cmd.SA_Handle1 = SAHandle;
1162 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1163
1164#if defined(CRYPTO_IOTOKEN_EXT)
1165 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1166#endif
1167 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1168
1169 if (!crypto_iotoken_create(&InTokenDscr,
1170 InTokenDscrExt_p,
1171 InputToken,
1172 &Cmd)) {
1173 rc = 1;
1174 goto error_exit_unregister;
1175 }
1176
1177 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1178 if (rc != PEC_STATUS_OK && count != 1) {
1179 rc = 1;
1180 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1181 goto error_exit_unregister;
1182 }
1183
1184 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1185 if (!result) {
1186 rc = 1;
1187 CRYPTO_ERR("No memory for result\n");
1188 goto error_exit_unregister;
1189 }
1190 INIT_LIST_HEAD(&result->list);
1191 result->eip.token = TokenHandle.p;
1192 result->eip.pkt_handle = PktHandle.p;
1193 result->async = async;
1194 result->dst = PktHostAddress.p;
1195
1196 spin_lock_bh(&add_lock);
1197 list_add_tail(&result->list, &result_list);
1198 spin_unlock_bh(&add_lock);
1199 CBFunc = mtk_crypto_interrupt_handler;
1200 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1201
1202 return rc;
1203
1204error_exit_unregister:
1205 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1206 DMABuf_NULLHandle);
1207
1208error_exit:
1209 DMABuf_Release(SAHandle);
1210 DMABuf_Release(TokenHandle);
1211 DMABuf_Release(PktHandle);
1212
1213 if (TCRData != NULL)
1214 kfree(TCRData);
1215
1216 return rc;
1217}
1218
1219int crypto_ahash_aes_cbc(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1220 uint8_t *Input_p, unsigned int InputByteCount)
1221{
1222 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1223 struct mtk_crypto_result *result;
1224 SABuilder_Params_Basic_t ProtocolParams;
1225 SABuilder_Params_t params;
1226 unsigned int SAWords = 0;
1227 int rc;
1228
1229 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1230 DMABuf_HostAddress_t TokenHostAddress;
1231 DMABuf_HostAddress_t PktHostAddress;
1232 DMABuf_HostAddress_t SAHostAddress;
1233 DMABuf_Status_t DMAStatus;
1234
1235 DMABuf_Handle_t TokenHandle = {0};
1236 DMABuf_Handle_t PktHandle = {0};
1237 DMABuf_Handle_t SAHandle = {0};
1238
1239 unsigned int TokenMaxWords = 0;
1240 unsigned int TokenHeaderWord;
1241 unsigned int TokenWords = 0;
1242 unsigned int TCRWords = 0;
1243 void *TCRData = 0;
1244
1245 TokenBuilder_Params_t TokenParams;
1246 PEC_CommandDescriptor_t Cmd;
1247 PEC_NotifyFunction_t CBFunc;
1248
1249 unsigned int count;
1250 int i;
1251
1252 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1253 IOToken_Output_Dscr_t OutTokenDscr;
1254 IOToken_Input_Dscr_t InTokenDscr;
1255 void *InTokenDscrExt_p = NULL;
1256
1257#ifdef CRYPTO_IOTOKEN_EXT
1258 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1259
1260 ZEROINIT(InTokenDscrExt);
1261 InTokenDscrExt_p = &InTokenDscrExt;
1262#endif
1263 ZEROINIT(InTokenDscr);
1264 ZEROINIT(OutTokenDscr);
1265
1266 if (!IS_ALIGNED(InputByteCount, 16)) {
1267 pr_notice("not aligned: %d\n", InputByteCount);
1268 return -EINVAL;
1269 }
1270 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1271 if (rc) {
1272 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1273 goto error_exit;
1274 }
1275
1276 params.CryptoAlgo = SAB_CRYPTO_AES;
1277 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
1278 params.KeyByteCount = ctx->key_sz - 2 * AES_BLOCK_SIZE;
1279 params.Key_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1280 params.IVSrc = SAB_IV_SRC_SA;
1281 params.IV_p = (uint8_t *) mtk_req->state;
1282
1283 if (ctx->alg == MTK_CRYPTO_ALG_XCBC) {
1284 for (i = 0; i < params.KeyByteCount; i = i + 4) {
1285 swap(params.Key_p[i], params.Key_p[i+3]);
1286 swap(params.Key_p[i+1], params.Key_p[i+2]);
1287 }
1288 }
1289
1290 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1291 if (rc) {
1292 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1293 goto error_exit;
1294 }
1295
1296 DMAProperties.fCached = true;
1297 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1298 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1299 DMAProperties.Size = MAX(4*SAWords, 256);
1300
1301 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1302 if (DMAStatus != DMABUF_STATUS_OK) {
1303 rc = 1;
1304 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1305 goto error_exit;
1306 }
1307
1308 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1309 if (rc) {
1310 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1311 goto error_exit;
1312 }
1313
1314 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1315 if (rc) {
1316 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1317 goto error_exit;
1318 }
1319
1320 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1321 if (!TCRData) {
1322 rc = 1;
1323 CRYPTO_ERR("Allocation of TCR failed\n");
1324 goto error_exit;
1325 }
1326
1327 rc = TokenBuilder_BuildContext(&params, TCRData);
1328 if (rc) {
1329 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1330 goto error_exit;
1331 }
1332
1333 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1334 if (rc) {
1335 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1336 goto error_exit;
1337 }
1338
1339 DMAProperties.fCached = true;
1340 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1341 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1342 DMAProperties.Size = 4*TokenMaxWords;
1343
1344 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1345 if (DMAStatus != DMABUF_STATUS_OK) {
1346 rc = 1;
1347 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1348 goto error_exit;
1349 }
1350
1351 DMAProperties.fCached = true;
1352 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1353 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1354 DMAProperties.Size = MAX(InputByteCount, 1);
1355
1356 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1357 if (DMAStatus != DMABUF_STATUS_OK) {
1358 rc = 1;
1359 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n", DMAStatus);
1360 goto error_exit;
1361 }
1362
1363 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1364 DMABuf_NULLHandle);
1365 if (rc != PEC_STATUS_OK) {
1366 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1367 goto error_exit;
1368 }
1369
1370 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1371
1372 ZEROINIT(TokenParams);
1373 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *) PktHostAddress.p, InputByteCount,
1374 &TokenParams, (uint32_t *) TokenHostAddress.p,
1375 &TokenWords, &TokenHeaderWord);
1376 if (rc != TKB_STATUS_OK) {
1377 CRYPTO_ERR("Token builder failed: %d\n", rc);
1378 goto error_exit_unregister;
1379 }
1380
1381 ZEROINIT(Cmd);
1382 Cmd.Token_Handle = TokenHandle;
1383 Cmd.Token_WordCount = TokenWords;
1384 Cmd.SrcPkt_Handle = PktHandle;
1385 Cmd.SrcPkt_ByteCount = InputByteCount;
1386 Cmd.DstPkt_Handle = PktHandle;
1387 Cmd.SA_Handle1 = SAHandle;
1388 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1389
1390#if defined(CRYPTO_IOTOKEN_EXT)
1391 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1392#endif
1393 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1394
1395 if (!crypto_iotoken_create(&InTokenDscr,
1396 InTokenDscrExt_p,
1397 InputToken,
1398 &Cmd)) {
1399 rc = 1;
1400 goto error_exit_unregister;
1401 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1402
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1403 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1404 if (rc != PEC_STATUS_OK && count != 1) {
1405 rc = 1;
1406 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1407 goto error_exit_unregister;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1408 }
1409
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1410 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1411 if (!result) {
1412 rc = 1;
1413 CRYPTO_ERR("No memory for result\n");
1414 goto error_exit_unregister;
1415 }
1416 INIT_LIST_HEAD(&result->list);
1417 result->eip.sa = SAHandle.p;
1418 result->eip.token = TokenHandle.p;
1419 result->eip.token_context = TCRData;
1420 result->eip.pkt_handle = PktHandle.p;
1421 result->async = async;
1422 result->dst = PktHostAddress.p;
1423 result->size = InputByteCount;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1424
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1425 spin_lock_bh(&add_lock);
1426 list_add_tail(&result->list, &result_list);
1427 spin_unlock_bh(&add_lock);
1428
1429 CBFunc = mtk_crypto_interrupt_handler;
1430 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1431 if (rc != PEC_STATUS_OK) {
1432 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1433 goto error_exit_unregister;
1434 }
1435 return 0;
1436
1437error_exit_unregister:
1438 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1439 DMABuf_NULLHandle);
1440
1441error_exit:
1442 DMABuf_Release(SAHandle);
1443 DMABuf_Release(TokenHandle);
1444 DMABuf_Release(PktHandle);
1445
1446 if (TCRData != NULL)
1447 kfree(TCRData);
1448
1449 return rc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1450}
1451
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1452int crypto_first_ahash_req(struct crypto_async_request *async,
1453 struct mtk_crypto_ahash_req *mtk_req, uint8_t *Input_p,
1454 unsigned int InputByteCount, bool finish)
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1455{
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1456 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1457 struct mtk_crypto_result *result;
1458 SABuilder_Params_Basic_t ProtocolParams;
1459 SABuilder_Params_t params;
1460 unsigned int SAWords = 0;
1461 static uint8_t DummyAuthKey[64];
1462 int rc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1463
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1464 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1465 DMABuf_HostAddress_t TokenHostAddress;
1466 DMABuf_HostAddress_t PktHostAddress;
1467 DMABuf_HostAddress_t SAHostAddress;
1468 DMABuf_Status_t DMAStatus;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1469
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1470 DMABuf_Handle_t TokenHandle = {0};
1471 DMABuf_Handle_t PktHandle = {0};
1472 DMABuf_Handle_t SAHandle = {0};
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1473
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1474 unsigned int TokenMaxWords = 0;
1475 unsigned int TokenHeaderWord;
1476 unsigned int TokenWords = 0;
1477 unsigned int TCRWords = 0;
1478 void *TCRData = 0;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1479
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1480 TokenBuilder_Params_t TokenParams;
1481 PEC_CommandDescriptor_t Cmd;
1482 PEC_NotifyFunction_t CBFunc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1483
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1484 unsigned int count;
1485 int i;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1486
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1487 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1488 IOToken_Output_Dscr_t OutTokenDscr;
1489 IOToken_Input_Dscr_t InTokenDscr;
1490 void *InTokenDscrExt_p = NULL;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1491
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1492#ifdef CRYPTO_IOTOKEN_EXT
1493 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1494
1495 ZEROINIT(InTokenDscrExt);
1496 InTokenDscrExt_p = &InTokenDscrExt;
1497#endif
1498 ZEROINIT(InTokenDscr);
1499 ZEROINIT(OutTokenDscr);
1500
1501 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1502 if (rc) {
1503 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1504 goto error_exit;
1505 }
1506
1507 params.IV_p = (uint8_t *) ctx->ipad;
1508 params.AuthAlgo = lookaside_match_hash(ctx->alg);
1509 params.AuthKey1_p = DummyAuthKey;
1510 if (params.AuthAlgo == SAB_AUTH_AES_XCBC_MAC) {
1511 params.AuthKey1_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1512 params.AuthKey2_p = (uint8_t *) ctx->ipad;
1513 params.AuthKey3_p = (uint8_t *) ctx->ipad + AES_BLOCK_SIZE;
1514
1515 for (i = 0; i < AES_BLOCK_SIZE; i = i + 4) {
1516 swap(params.AuthKey1_p[i], params.AuthKey1_p[i+3]);
1517 swap(params.AuthKey1_p[i+1], params.AuthKey1_p[i+2]);
1518
1519 swap(params.AuthKey2_p[i], params.AuthKey2_p[i+3]);
1520 swap(params.AuthKey2_p[i+1], params.AuthKey2_p[i+2]);
1521
1522 swap(params.AuthKey3_p[i], params.AuthKey3_p[i+3]);
1523 swap(params.AuthKey3_p[i+1], params.AuthKey3_p[i+2]);
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1524 }
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1525 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1526
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1527 if (!finish)
1528 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1529
1530 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1531 ProtocolParams.ICVByteCount = mtk_req->digest_sz;
1532
1533 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1534 if (rc) {
1535 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1536 goto error_exit;
1537 }
1538
1539 DMAProperties.fCached = true;
1540 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1541 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1542 DMAProperties.Size = MAX(4*SAWords, 256);
1543
1544 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1545 if (DMAStatus != DMABUF_STATUS_OK) {
1546 rc = 1;
1547 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1548 goto error_exit;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1549 }
1550
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1551 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1552 if (rc) {
1553 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1554 goto error_exit;
1555 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1556
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1557 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1558 if (rc) {
1559 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1560 goto error_exit;
1561 }
1562
1563 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1564 if (!TCRData) {
1565 rc = 1;
1566 CRYPTO_ERR("Allocation of TCR failed\n");
1567 goto error_exit;
1568 }
1569
1570 rc = TokenBuilder_BuildContext(&params, TCRData);
1571 if (rc) {
1572 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1573 goto error_exit;
1574 }
1575 mtk_req->token_context = TCRData;
1576
1577 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1578 if (rc) {
1579 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1580 goto error_exit;
1581 }
1582
1583 DMAProperties.fCached = true;
1584 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1585 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1586 DMAProperties.Size = 4*TokenMaxWords;
1587
1588 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1589 if (DMAStatus != DMABUF_STATUS_OK) {
1590 rc = 1;
1591 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1592 goto error_exit;
1593 }
1594
1595 DMAProperties.fCached = true;
1596 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1597 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1598 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1599
1600 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1601 if (DMAStatus != DMABUF_STATUS_OK) {
1602 rc = 1;
1603 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1604 DMAStatus);
1605 goto error_exit;
1606 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1607
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1608 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1609 DMABuf_NULLHandle);
1610 if (rc != PEC_STATUS_OK) {
1611 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1612 goto error_exit;
1613 }
1614 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1615
1616 ZEROINIT(TokenParams);
1617 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1618 | TKB_PACKET_FLAG_HASHAPPEND);
1619 if (finish)
1620 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1621
1622 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1623 InputByteCount, &TokenParams,
1624 (u32 *) TokenHostAddress.p,
1625 &TokenWords, &TokenHeaderWord);
1626 if (rc != TKB_STATUS_OK) {
1627 CRYPTO_ERR("Token builder failed: %d\n", rc);
1628 goto error_exit_unregister;
1629 }
1630
1631 ZEROINIT(Cmd);
1632 Cmd.Token_Handle = TokenHandle;
1633 Cmd.Token_WordCount = TokenWords;
1634 Cmd.SrcPkt_Handle = PktHandle;
1635 Cmd.SrcPkt_ByteCount = InputByteCount;
1636 Cmd.DstPkt_Handle = PktHandle;
1637 Cmd.SA_Handle1 = SAHandle;
1638 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1639
1640 mtk_req->sa_pointer = SAHandle.p;
1641
1642#if defined(CRYPTO_IOTOKEN_EXT)
1643 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1644#endif
1645 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1646
1647 if (!crypto_iotoken_create(&InTokenDscr,
1648 InTokenDscrExt_p,
1649 InputToken,
1650 &Cmd)) {
1651 rc = 1;
1652 goto error_exit_unregister;
1653 }
1654
1655 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1656 if (rc != PEC_STATUS_OK && count != 1) {
1657 rc = 1;
1658 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1659 goto error_exit_unregister;
1660 }
1661
1662 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1663 if (!result) {
1664 rc = 1;
1665 CRYPTO_ERR("No memory for result\n");
1666 goto error_exit_unregister;
1667 }
1668 INIT_LIST_HEAD(&result->list);
1669 result->eip.token = TokenHandle.p;
1670 result->eip.pkt_handle = PktHandle.p;
1671 result->async = async;
1672 result->dst = PktHostAddress.p;
1673
1674 spin_lock_bh(&add_lock);
1675 list_add_tail(&result->list, &result_list);
1676 spin_unlock_bh(&add_lock);
1677 CBFunc = mtk_crypto_interrupt_handler;
1678 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1679
1680 return rc;
1681
1682error_exit_unregister:
1683 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1684 DMABuf_NULLHandle);
1685
1686error_exit:
1687 DMABuf_Release(SAHandle);
1688 DMABuf_Release(TokenHandle);
1689 DMABuf_Release(PktHandle);
1690
1691 if (TCRData != NULL)
1692 kfree(TCRData);
1693
1694 return rc;
1695}
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1696
1697bool crypto_basic_hash(SABuilder_Auth_t HashAlgo, uint8_t *Input_p,
1698 unsigned int InputByteCount, uint8_t *Output_p,
1699 unsigned int OutputByteCount, bool fFinalize)
1700{
1701 SABuilder_Params_Basic_t ProtocolParams;
1702 SABuilder_Params_t params;
1703 unsigned int SAWords = 0;
1704 static uint8_t DummyAuthKey[64];
1705 int rc;
1706
1707 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1708 DMABuf_HostAddress_t TokenHostAddress;
1709 DMABuf_HostAddress_t PktHostAddress;
1710 DMABuf_HostAddress_t SAHostAddress;
1711 DMABuf_Status_t DMAStatus;
1712
1713 DMABuf_Handle_t TokenHandle = {0};
1714 DMABuf_Handle_t PktHandle = {0};
1715 DMABuf_Handle_t SAHandle = {0};
1716
1717 unsigned int TokenMaxWords = 0;
1718 unsigned int TokenHeaderWord;
1719 unsigned int TokenWords = 0;
1720 unsigned int TCRWords = 0;
1721 void *TCRData = 0;
1722
1723 TokenBuilder_Params_t TokenParams;
1724 PEC_CommandDescriptor_t Cmd;
1725 PEC_ResultDescriptor_t Res;
1726 unsigned int count;
1727
1728 u32 OutputToken[IOTOKEN_IN_WORD_COUNT];
1729 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1730 IOToken_Output_Dscr_t OutTokenDscr;
1731 IOToken_Input_Dscr_t InTokenDscr;
1732 void *InTokenDscrExt_p = NULL;
1733
1734#ifdef CRYPTO_IOTOKEN_EXT
1735 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1736
1737 ZEROINIT(InTokenDscrExt);
1738 InTokenDscrExt_p = &InTokenDscrExt;
1739#endif
1740 ZEROINIT(InTokenDscr);
1741 ZEROINIT(OutTokenDscr);
1742
1743 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1744 if (rc) {
1745 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1746 goto error_exit;
1747 }
1748
1749 params.AuthAlgo = HashAlgo;
1750 params.AuthKey1_p = DummyAuthKey;
1751
1752 if (!fFinalize)
1753 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1754 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1755 ProtocolParams.ICVByteCount = OutputByteCount;
1756
1757 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1758 if (rc) {
1759 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1760 goto error_exit;
1761 }
1762
1763 DMAProperties.fCached = true;
1764 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1765 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1766 DMAProperties.Size = MAX(4*SAWords, 256);
1767
1768 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1769 if (DMAStatus != DMABUF_STATUS_OK) {
1770 rc = 1;
1771 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1772 goto error_exit;
1773 }
1774
1775 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1776 if (rc) {
1777 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1778 goto error_exit;
1779 }
1780
1781 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1782 if (rc) {
1783 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1784 goto error_exit;
1785 }
1786
1787 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1788 if (!TCRData) {
1789 rc = 1;
1790 CRYPTO_ERR("Allocation of TCR failed\n");
1791 goto error_exit;
1792 }
1793
1794 rc = TokenBuilder_BuildContext(&params, TCRData);
1795 if (rc) {
1796 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1797 goto error_exit;
1798 }
1799
1800 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1801 if (rc) {
1802 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1803 goto error_exit;
1804 }
1805
1806 DMAProperties.fCached = true;
1807 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1808 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1809 DMAProperties.Size = 4*TokenMaxWords;
1810
1811 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1812 if (DMAStatus != DMABUF_STATUS_OK) {
1813 rc = 1;
1814 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1815 goto error_exit;
1816 }
1817
1818 DMAProperties.fCached = true;
1819 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1820 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1821 DMAProperties.Size = MAX(InputByteCount, OutputByteCount);
1822
1823 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1824 if (DMAStatus != DMABUF_STATUS_OK) {
1825 rc = 1;
1826 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1827 DMAStatus);
1828 goto error_exit;
1829 }
1830
1831 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1832 DMABuf_NULLHandle);
1833 if (rc != PEC_STATUS_OK) {
1834 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1835 goto error_exit;
1836 }
1837
1838 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1839
1840 ZEROINIT(TokenParams);
1841 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1842 | TKB_PACKET_FLAG_HASHAPPEND);
1843 if (fFinalize)
1844 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1845
1846 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1847 InputByteCount, &TokenParams,
1848 (u32 *) TokenHostAddress.p,
1849 &TokenWords, &TokenHeaderWord);
1850 if (rc != TKB_STATUS_OK) {
1851 CRYPTO_ERR("Token builder failed: %d\n", rc);
1852 goto error_exit_unregister;
1853 }
1854
1855 ZEROINIT(Cmd);
1856 Cmd.Token_Handle = TokenHandle;
1857 Cmd.Token_WordCount = TokenWords;
1858 Cmd.SrcPkt_Handle = PktHandle;
1859 Cmd.SrcPkt_ByteCount = InputByteCount;
1860 Cmd.DstPkt_Handle = PktHandle;
1861 Cmd.SA_Handle1 = SAHandle;
1862 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1863
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1864#if defined(CRYPTO_IOTOKEN_EXT)
1865 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1866#endif
1867 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1868
1869 if (!crypto_iotoken_create(&InTokenDscr,
1870 InTokenDscrExt_p,
1871 InputToken,
1872 &Cmd)) {
1873 rc = 1;
1874 goto error_exit_unregister;
1875 }
1876
1877 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1878 if (rc != PEC_STATUS_OK && count != 1) {
1879 rc = 1;
1880 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1881 goto error_exit_unregister;
1882 }
1883
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1884 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1885 rc = 1;
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1886 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1887 goto error_exit_unregister;
1888 }
1889 memcpy(Output_p, PktHostAddress.p, OutputByteCount);
1890
1891error_exit_unregister:
1892 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1893 DMABuf_NULLHandle);
1894
1895error_exit:
1896 DMABuf_Release(SAHandle);
1897 DMABuf_Release(TokenHandle);
1898 DMABuf_Release(PktHandle);
1899
1900 if (TCRData != NULL)
1901 kfree(TCRData);
1902
1903 return rc == 0;
1904}
1905
1906bool crypto_hmac_precompute(SABuilder_Auth_t AuthAlgo,
1907 uint8_t *AuthKey_p,
1908 unsigned int AuthKeyByteCount,
1909 uint8_t *Inner_p,
1910 uint8_t *Outer_p)
1911{
1912 SABuilder_Auth_t HashAlgo;
1913 unsigned int blocksize, hashsize, digestsize;
1914 static uint8_t pad_block[128], hashed_key[128];
1915 unsigned int i;
1916
1917 switch (AuthAlgo) {
1918 case SAB_AUTH_HMAC_MD5:
1919 HashAlgo = SAB_AUTH_HASH_MD5;
1920 blocksize = 64;
1921 hashsize = 16;
1922 digestsize = 16;
1923 break;
1924 case SAB_AUTH_HMAC_SHA1:
1925 HashAlgo = SAB_AUTH_HASH_SHA1;
1926 blocksize = 64;
1927 hashsize = 20;
1928 digestsize = 20;
1929 break;
1930 case SAB_AUTH_HMAC_SHA2_224:
1931 HashAlgo = SAB_AUTH_HASH_SHA2_224;
1932 blocksize = 64;
1933 hashsize = 28;
1934 digestsize = 32;
1935 break;
1936 case SAB_AUTH_HMAC_SHA2_256:
1937 HashAlgo = SAB_AUTH_HASH_SHA2_256;
1938 blocksize = 64;
1939 hashsize = 32;
1940 digestsize = 32;
1941 break;
1942 case SAB_AUTH_HMAC_SHA2_384:
1943 HashAlgo = SAB_AUTH_HASH_SHA2_384;
1944 blocksize = 128;
1945 hashsize = 48;
1946 digestsize = 64;
1947 break;
1948 case SAB_AUTH_HMAC_SHA2_512:
1949 HashAlgo = SAB_AUTH_HASH_SHA2_512;
1950 blocksize = 128;
1951 hashsize = 64;
1952 digestsize = 64;
1953 break;
1954 default:
1955 CRYPTO_ERR("Unknown HMAC algorithm\n");
1956 return false;
1957 }
1958
1959 memset(hashed_key, 0, blocksize);
1960 if (AuthKeyByteCount <= blocksize) {
1961 memcpy(hashed_key, AuthKey_p, AuthKeyByteCount);
1962 } else {
1963 if (!crypto_basic_hash(HashAlgo, AuthKey_p, AuthKeyByteCount,
1964 hashed_key, hashsize, true))
1965 return false;
1966 }
1967
1968 for (i = 0; i < blocksize; i++)
1969 pad_block[i] = hashed_key[i] ^ 0x36;
1970
1971 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1972 Inner_p, digestsize, false))
1973 return false;
1974
1975 for (i = 0; i < blocksize; i++)
1976 pad_block[i] = hashed_key[i] ^ 0x5c;
1977
1978 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1979 Outer_p, digestsize, false))
1980 return false;
1981
1982 return true;
1983}
1984
1985static SABuilder_Crypto_t set_crypto_algo(struct xfrm_algo *ealg)
1986{
1987 if (strcmp(ealg->alg_name, "cbc(des)") == 0)
1988 return SAB_CRYPTO_DES;
1989 else if (strcmp(ealg->alg_name, "cbc(aes)") == 0)
1990 return SAB_CRYPTO_AES;
1991 else if (strcmp(ealg->alg_name, "cbc(des3_ede)") == 0)
1992 return SAB_CRYPTO_3DES;
1993
1994 return SAB_CRYPTO_NULL;
1995}
1996
1997static bool set_auth_algo(struct xfrm_algo_auth *aalg, SABuilder_Params_t *params,
1998 uint8_t *inner, uint8_t *outer)
1999{
2000 if (strcmp(aalg->alg_name, "hmac(sha1)") == 0) {
2001 params->AuthAlgo = SAB_AUTH_HMAC_SHA1;
2002 inner = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2003 outer = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2004 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA1, &aalg->alg_key[0],
2005 aalg->alg_key_len / 8, inner, outer);
2006
2007 params->AuthKey1_p = inner;
2008 params->AuthKey2_p = outer;
2009 } else if (strcmp(aalg->alg_name, "hmac(sha256)") == 0) {
2010 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2011 inner = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2012 outer = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2013 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_256, &aalg->alg_key[0],
2014 aalg->alg_key_len / 8, inner, outer);
2015 params->AuthKey1_p = inner;
2016 params->AuthKey2_p = outer;
2017 } else if (strcmp(aalg->alg_name, "hmac(sha384)") == 0) {
2018 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_384;
2019 inner = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2020 outer = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2021 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_384, &aalg->alg_key[0],
2022 aalg->alg_key_len / 8, inner, outer);
2023 params->AuthKey1_p = inner;
2024 params->AuthKey2_p = outer;
2025 } else if (strcmp(aalg->alg_name, "hmac(sha512)") == 0) {
2026 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_512;
2027 inner = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2028 outer = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2029 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_512, &aalg->alg_key[0],
2030 aalg->alg_key_len / 8, inner, outer);
2031 params->AuthKey1_p = inner;
2032 params->AuthKey2_p = outer;
2033 } else if (strcmp(aalg->alg_name, "hmac(md5)") == 0) {
2034 params->AuthAlgo = SAB_AUTH_HMAC_MD5;
2035 inner = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2036 outer = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2037 crypto_hmac_precompute(SAB_AUTH_HMAC_MD5, &aalg->alg_key[0],
2038 aalg->alg_key_len / 8, inner, outer);
2039 params->AuthKey1_p = inner;
2040 params->AuthKey2_p = outer;
2041 } else {
2042 return false;
2043 }
2044
2045 return true;
2046}
2047
2048u32 *mtk_ddk_tr_ipsec_build(struct mtk_xfrm_params *xfrm_params, u32 ipsec_mode)
2049{
2050 struct xfrm_state *xs = xfrm_params->xs;
2051 SABuilder_Params_IPsec_t ipsec_params;
2052 SABuilder_Status_t sa_status;
2053 SABuilder_Params_t params;
2054 bool set_auth_success = false;
2055 unsigned int SAWords = 0;
2056 uint8_t *inner, *outer;
2057
2058 DMABuf_Status_t dma_status;
2059 DMABuf_Properties_t dma_properties = {0, 0, 0, 0};
2060 DMABuf_HostAddress_t sa_host_addr;
2061
2062 DMABuf_Handle_t sa_handle = {0};
2063
2064 sa_status = SABuilder_Init_ESP(&params,
2065 &ipsec_params,
2066 be32_to_cpu(xs->id.spi),
2067 ipsec_mode,
2068 SAB_IPSEC_IPV4,
2069 xfrm_params->dir);
2070
2071 if (sa_status != SAB_STATUS_OK) {
2072 pr_err("SABuilder_Init_ESP failed\n");
2073 sa_handle.p = NULL;
2074 return (u32 *) sa_handle.p;
2075 }
2076
developer584d7e52023-12-13 19:28:49 +0800[diff] [blame]2077 /* No support for aead now */
2078 if (xs->aead) {
2079 CRYPTO_ERR("AEAD not supported\n");
2080 sa_handle.p = NULL;
2081 return (u32 *) sa_handle.p;
2082 }
2083
developer9d17aad2024-08-01 17:36:15 +0800[diff] [blame]2084 /* Check algorithm exist in xfrm state*/
2085 if (!xs->ealg || !xs->aalg) {
2086 CRYPTO_ERR("NULL algorithm in xfrm state\n");
2087 sa_handle.p = NULL;
2088 return (u32 *) sa_handle.p;
2089 }
2090
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2091 /* Add crypto key and parameters */
2092 params.CryptoAlgo = set_crypto_algo(xs->ealg);
2093 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2094 params.KeyByteCount = xs->ealg->alg_key_len / 8;
2095 params.Key_p = xs->ealg->alg_key;
2096
2097 /* Add authentication key and parameters */
2098 set_auth_success = set_auth_algo(xs->aalg, &params, inner, outer);
2099 if (set_auth_success != true) {
2100 CRYPTO_ERR("Set Auth Algo failed\n");
2101 sa_handle.p = NULL;
2102 return (u32 *) sa_handle.p;
2103 }
2104
2105 ipsec_params.IPsecFlags |= (SAB_IPSEC_PROCESS_IP_HEADERS
2106 | SAB_IPSEC_EXT_PROCESSING);
2107 if (ipsec_mode == SAB_IPSEC_TUNNEL) {
2108 ipsec_params.SrcIPAddr_p = (uint8_t *) &xs->props.saddr.a4;
2109 ipsec_params.DestIPAddr_p = (uint8_t *) &xs->id.daddr.a4;
2110 }
2111
2112 sa_status = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2113 if (sa_status != SAB_STATUS_OK) {
2114 CRYPTO_ERR("SA not created because of size errors\n");
2115 sa_handle.p = NULL;
2116 return (u32 *) sa_handle.p;
2117 }
2118
2119 dma_properties.fCached = true;
2120 dma_properties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2121 dma_properties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2122 dma_properties.Size = SAWords * sizeof(u32);
2123
2124 dma_status = DMABuf_Alloc(dma_properties, &sa_host_addr, &sa_handle);
2125 if (dma_status != DMABUF_STATUS_OK) {
2126 CRYPTO_ERR("Allocation of SA failed\n");
2127 /* goto error_exit; */
2128 sa_handle.p = NULL;
2129 return (u32 *) sa_handle.p;
2130 }
2131
2132 sa_status = SABuilder_BuildSA(&params, (u32 *) sa_host_addr.p, NULL, NULL);
2133 if (sa_status != SAB_STATUS_OK) {
2134 CRYPTO_ERR("SA not created because of errors\n");
2135 sa_handle.p = NULL;
2136 return (u32 *) sa_handle.p;
2137 }
2138
2139 kfree(inner);
2140 kfree(outer);
2141 return (u32 *) sa_host_addr.p;
2142}
2143
2144int mtk_ddk_pec_init(void)
2145{
2146 PEC_InitBlock_t pec_init_blk = {0, 0, false};
2147 PEC_Capabilities_t pec_cap;
2148 PEC_Status_t pec_sta;
2149 u32 i = MTK_EIP197_INLINE_NOF_TRIES;
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2150#ifdef PEC_PCL_EIP197
2151 PCL_Status_t pcl_sta;
2152#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2153
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2154#ifdef PEC_PCL_EIP197
2155 pcl_sta = PCL_Init(PCL_INTERFACE_ID, 1);
2156 if (pcl_sta != PCL_STATUS_OK) {
2157 CRYPTO_ERR("PCL could not be initialized, error=%d\n", pcl_sta);
2158 return 0;
2159 }
2160
2161 pcl_sta = PCL_DTL_Init(PCL_INTERFACE_ID);
2162 if (pcl_sta != PCL_STATUS_OK) {
2163 CRYPTO_ERR("PCL-DTL could not be initialized, error=%d\n", pcl_sta);
2164 return -1;
2165 }
2166#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2167 while (i) {
2168 pec_sta = PEC_Init(PEC_INTERFACE_ID, &pec_init_blk);
2169 if (pec_sta == PEC_STATUS_OK) {
2170 CRYPTO_INFO("PEC_INIT ok!\n");
2171 break;
2172 } else if (pec_sta != PEC_STATUS_OK && pec_sta != PEC_STATUS_BUSY) {
2173 return pec_sta;
2174 }
2175
2176 mdelay(MTK_EIP197_INLINE_RETRY_DELAY_MS);
2177 i--;
2178 }
2179
2180 if (!i) {
2181 CRYPTO_ERR("PEC could not be initialized: %d\n", pec_sta);
2182 return pec_sta;
2183 }
2184
2185 pec_sta = PEC_Capabilities_Get(&pec_cap);
2186 if (pec_sta != PEC_STATUS_OK) {
2187 CRYPTO_ERR("PEC capability could not be obtained: %d\n", pec_sta);
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2188#ifdef PEC_PCL_EIP197
2189 PCL_UnInit(PCL_INTERFACE_ID);
2190#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2191 return pec_sta;
2192 }
2193
2194 CRYPTO_INFO("PEC Capabilities: %s\n", pec_cap.szTextDescription);
2195
2196 return 0;
2197}
2198
2199void mtk_ddk_pec_deinit(void)
2200{
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2201 unsigned int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
2202 PEC_Status_t PEC_Status;
2203
2204 while (LoopCounter > 0) {
2205 PEC_Status = PEC_UnInit(PEC_INTERFACE_ID);
2206 if (PEC_Status == PEC_STATUS_OK)
2207 break;
2208 else if (PEC_Status != PEC_STATUS_OK && PEC_Status != PEC_STATUS_BUSY) {
2209 CRYPTO_ERR("PEC could not be un-initialized, error=%d\n", PEC_Status);
2210 return;
2211 }
2212 // Wait for MTK_EIP197_INLINE_RETRY_DELAY_MS milliseconds
2213 udelay(MTK_EIP197_INLINE_RETRY_DELAY_MS * 1000);
2214 LoopCounter--;
2215 }
2216 // Check for timeout
2217 if (LoopCounter == 0) {
2218 CRYPTO_ERR("PEC could not be un-initialized, timeout\n");
2219 return;
2220 }
2221
2222#ifdef PEC_PCL_EIP197
2223 PCL_DTL_UnInit(PCL_INTERFACE_ID);
2224 PCL_UnInit(PCL_INTERFACE_ID);
2225#endif
2226}
2227
2228bool
2229mtk_ddk_aes_block_encrypt(uint8_t *Key_p,
2230 unsigned int KeyByteCount,
2231 uint8_t *InData_p,
2232 uint8_t *OutData_p)
2233{
2234 int rc;
2235 SABuilder_Params_t params;
2236 SABuilder_Params_Basic_t ProtocolParams;
2237 unsigned int SAWords = 0;
2238
2239 DMABuf_Status_t DMAStatus;
2240 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2241 DMABuf_HostAddress_t SAHostAddress;
2242 DMABuf_HostAddress_t TokenHostAddress;
2243 DMABuf_HostAddress_t PktHostAddress;
2244
2245 DMABuf_Handle_t SAHandle = {0};
2246 DMABuf_Handle_t TokenHandle = {0};
2247 DMABuf_Handle_t PktHandle = {0};
2248
2249 unsigned int TCRWords = 0;
2250 void *TCRData = 0;
2251 unsigned int TokenWords = 0;
2252 unsigned int TokenHeaderWord;
2253 unsigned int TokenMaxWords = 0;
2254
2255 TokenBuilder_Params_t TokenParams;
2256 PEC_CommandDescriptor_t Cmd;
2257 PEC_ResultDescriptor_t Res;
2258 unsigned int count;
2259
2260 IOToken_Input_Dscr_t InTokenDscr;
2261 IOToken_Output_Dscr_t OutTokenDscr;
2262 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
2263 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
2264 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2265 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2266
2267 ZEROINIT(InTokenDscrExt);
2268 ZEROINIT(OutTokenDscrExt);
2269
2270 ZEROINIT(InTokenDscr);
2271 ZEROINIT(OutTokenDscr);
2272
2273 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
2274 if (rc != 0) {
2275 CRYPTO_ERR("SABuilder_Init_Basic failed\n");
2276 goto error_exit;
2277 }
2278 // Add crypto key and parameters.
2279 params.CryptoAlgo = SAB_CRYPTO_AES;
2280 params.CryptoMode = SAB_CRYPTO_MODE_ECB;
2281 params.KeyByteCount = KeyByteCount;
2282 params.Key_p = Key_p;
2283
2284 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2285
2286 if (rc != 0) {
2287 CRYPTO_ERR("SA not created because of errors\n");
2288 goto error_exit;
2289 }
2290
2291 DMAProperties.fCached = true;
2292 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2293 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2294 DMAProperties.Size = 4*SAWords;
2295
2296 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
2297 if (DMAStatus != DMABUF_STATUS_OK) {
2298 rc = 1;
2299 CRYPTO_ERR("Allocation of SA failed\n");
2300 goto error_exit;
2301 }
2302
2303 rc = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2304
2305 if (rc != 0) {
2306 LOG_CRIT("SA not created because of errors\n");
2307 goto error_exit;
2308 }
2309
2310 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
2311
2312 if (rc != 0) {
2313 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors\n");
2314 goto error_exit;
2315 }
2316
2317 // The Token Context Record does not need to be allocated
2318 // in a DMA-safe buffer.
2319 TCRData = kcalloc(4*TCRWords, sizeof(uint8_t), GFP_KERNEL);
2320 if (!TCRData) {
2321 rc = 1;
2322 CRYPTO_ERR("Allocation of TCR failed\n");
2323 goto error_exit;
2324 }
2325
2326 rc = TokenBuilder_BuildContext(&params, TCRData);
2327
2328 if (rc != 0) {
2329 CRYPTO_ERR("TokenBuilder_BuildContext failed\n");
2330 goto error_exit;
2331 }
2332
2333 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
2334 if (rc != 0) {
2335 CRYPTO_ERR("TokenBuilder_GetSize failed\n");
2336 goto error_exit;
2337 }
2338
2339 // Allocate one buffer for the token and two packet buffers.
2340
2341 DMAProperties.fCached = true;
2342 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2343 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2344 DMAProperties.Size = 4*TokenMaxWords;
2345
2346 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
2347 if (DMAStatus != DMABUF_STATUS_OK) {
2348 rc = 1;
2349 CRYPTO_ERR("Allocation of token buffer failed.\n");
2350 goto error_exit;
2351 }
2352
2353 DMAProperties.fCached = true;
2354 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2355 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2356 DMAProperties.Size = 16;
2357
2358 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress,
2359 &PktHandle);
2360 if (DMAStatus != DMABUF_STATUS_OK) {
2361 rc = 1;
2362 CRYPTO_ERR("Allocation of source packet buffer failed.\n");
2363 goto error_exit;
2364 }
2365
2366 // Register the SA
2367 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2368 DMABuf_NULLHandle);
2369 if (rc != PEC_STATUS_OK) {
2370 CRYPTO_ERR("PEC_SA_Register failed\n");
2371 goto error_exit;
2372 }
2373
2374 // Copy input packet into source packet buffer.
2375 memcpy(PktHostAddress.p, InData_p, 16);
2376
2377 // Set Token Parameters if specified in test vector.
2378 ZEROINIT(TokenParams);
2379
2380
2381 // Prepare a token to process the packet.
2382 rc = TokenBuilder_BuildToken(TCRData,
2383 (uint8_t *)PktHostAddress.p,
2384 16,
2385 &TokenParams,
2386 (uint32_t *)TokenHostAddress.p,
2387 &TokenWords,
2388 &TokenHeaderWord);
2389 if (rc != TKB_STATUS_OK) {
2390 if (rc == TKB_BAD_PACKET)
2391 CRYPTO_ERR("Token not created because packet size is invalid\n");
2392 else
2393 CRYPTO_ERR("Token builder failed\n");
2394 goto error_exit_unregister;
2395 }
2396
2397 ZEROINIT(Cmd);
2398 Cmd.Token_Handle = TokenHandle;
2399 Cmd.Token_WordCount = TokenWords;
2400 Cmd.SrcPkt_Handle = PktHandle;
2401 Cmd.SrcPkt_ByteCount = 16;
2402 Cmd.DstPkt_Handle = PktHandle;
2403 Cmd.SA_Handle1 = SAHandle;
2404 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2405
2406 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
2407 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
2408
2409 if (!crypto_iotoken_create(&InTokenDscr,
2410 &InTokenDscrExt,
2411 InputToken,
2412 &Cmd)) {
2413 rc = 1;
2414 goto error_exit_unregister;
2415 }
2416
2417 rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2418 &Cmd,
2419 1,
2420 &count);
2421 if (rc != PEC_STATUS_OK && count != 1) {
2422 rc = 1;
2423 CRYPTO_ERR("PEC_Packet_Put error\n");
2424 goto error_exit_unregister;
2425 }
2426
2427 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2428 rc = 1;
2429 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
2430 goto error_exit_unregister;
2431 }
2432 memcpy(OutData_p, PktHostAddress.p, 16);
2433
2434
2435error_exit_unregister:
2436 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2437 DMABuf_NULLHandle);
2438
2439error_exit:
2440 DMABuf_Release(SAHandle);
2441 DMABuf_Release(TokenHandle);
2442 DMABuf_Release(PktHandle);
2443
2444 if (TCRData != NULL)
2445 kfree(TCRData);
2446
2447 return rc == 0;
2448
2449}
2450
2451bool
2452mtk_ddk_invalidate_rec(
2453 const DMABuf_Handle_t Rec_p,
2454 const bool IsTransform)
2455{
2456 PEC_Status_t PEC_Rc;
2457 PEC_CommandDescriptor_t Cmd;
2458 PEC_ResultDescriptor_t Res;
2459 unsigned int count;
2460 IOToken_Input_Dscr_t InTokenDscr;
2461 IOToken_Output_Dscr_t OutTokenDscr;
2462 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT_IL];
2463 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT_IL];
2464 void *InTokenDscrExt_p = NULL;
2465 void *OutTokenDscrExt_p = NULL;
2466 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2467 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2468
2469 ZEROINIT(InTokenDscrExt);
2470 InTokenDscrExt_p = &InTokenDscrExt;
2471 OutTokenDscrExt_p = &OutTokenDscrExt;
2472
2473 ZEROINIT(InTokenDscr);
2474
2475 // Fill in the command descriptor for the Invalidate command
2476 ZEROINIT(Cmd);
2477
2478 Cmd.SrcPkt_Handle = DMABuf_NULLHandle;
2479 Cmd.DstPkt_Handle = DMABuf_NULLHandle;
2480 Cmd.SA_Handle1 = Rec_p;
2481 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2482 Cmd.Token_Handle = DMABuf_NULLHandle;
2483 Cmd.SrcPkt_ByteCount = 0;
2484
2485#if defined(IOTOKEN_USE_HW_SERVICE)
2486 if (IsTransform)
2487 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_TR;
2488 else
2489 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_FR;
2490#endif
2491
2492 if (!crypto_iotoken_create(&InTokenDscr, InTokenDscrExt_p, InputToken, &Cmd))
2493 return false;
2494
2495 // Issue command
2496 PEC_Rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2497 &Cmd,
2498 1,
2499 &count);
2500 if (PEC_Rc != PEC_STATUS_OK || count != 1) {
2501 CRYPTO_ERR("%s: PEC_Packet_Put() error %d, count %d\n",
2502 __func__,
2503 PEC_Rc,
2504 count);
2505 return false;
2506 }
2507
2508 // Receive the result packet ... do we care about contents ?
2509 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2510 CRYPTO_ERR("%s: crypto_pe_busy_get_one() failed\n", __func__);
2511 return false;
2512 }
2513
2514 return true;
2515}
2516
2517bool mtk_capwap_dtls_offload(
2518 const bool fVerbose,
2519 const bool fCAPWAP,
2520 const bool fPktCfy,
2521 const bool fInline,
2522 const bool fContinuousScatter,
2523 struct DTLS_param *DTLSParam_p,
2524 struct DTLSResourceMgmt **DTLSResource)
2525{
2526 bool success = false;
2527 SABuilder_Status_t SAStatus;
2528 SABuilder_Params_t params;
2529 SABuilder_Params_SSLTLS_t SSLTLSParams;
2530 uint8_t Offset;
2531 uint16_t DTLSVersion;
2532 uint32_t SAWords = 0;
2533 bool fInlinePlain, fInlineCipher;
2534
2535 DMABuf_Status_t DMAStatus;
2536 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2537 DMABuf_HostAddress_t SAHostAddress;
2538
2539 static uint8_t Zero[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2540 uint8_t *InboundHKey = NULL;
2541 uint8_t *OutboundHKey = NULL;
2542 uint8_t *InnerDigest = NULL;
2543 uint8_t *OuterDigest = NULL;
2544
2545 PCL_Status_t PCL_Status;
2546 PCL_SelectorParams_t SelectorParams;
2547 PCL_DTL_TransformParams_t DTLTransformParams;
2548 PCL_TransformParams_t TransformParams;
2549 PCL_DTL_Hash_Handle_t SAHashHandle;
2550
2551
2552 struct DTLSResourceMgmt *DTLSResourceEntity_p = NULL;
2553
2554 DTLSResourceEntity_p = kmalloc(sizeof(struct DTLSResourceMgmt), GFP_KERNEL);
2555 if (DTLSResourceEntity_p == NULL) {
2556 CRYPTO_ERR("%s: kmalloc for DTLSResourceEntity failed\n", __func__);
2557 goto error_exit;
2558 }
2559 memset(DTLSResourceEntity_p, 0, sizeof(struct DTLSResourceMgmt));
2560
2561 if (fCAPWAP)
2562 CRYPTO_INFO("Preparing Transforms and DTL for DTLS-CAPWAP\n");
2563 else
2564 CRYPTO_INFO("Preparing Transforms and DTL for DTLS\n");
2565
2566 if (fVerbose)
2567 CRYPTO_INFO("*** fVerbose Preparing Transforms and DTL ***\n\n");
2568
2569 Offset = 14;
2570
2571 if (fInline) {
2572 if (fContinuousScatter) {
2573 /* inline + continuous scatter:
2574 Redirect outbound packets ring->inline
2575 Redirect inbound packets inline->ring
2576 */
2577 fInlinePlain = false;
2578 fInlineCipher = true;
2579 } else {
2580 fInlinePlain = true;
2581 fInlineCipher = true;
2582 }
2583 } else {
2584 fInlinePlain = false;
2585 fInlineCipher = false;
2586 }
2587
2588 // Prepare the Outbound SA
2589 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2590 DTLSVersion = SAB_DTLS_VERSION_1_0;
2591 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2592 DTLSVersion = SAB_DTLS_VERSION_1_2;
2593 else {
2594 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2595 DTLSParam_p->dtls_version);
2596 goto error_exit;
2597 }
2598
2599 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2600 // will initialize many parameters, next fill in more parameters, such
2601 // as cryptographic keys.
2602 SAStatus = SABuilder_Init_SSLTLS(&params,
2603 &SSLTLSParams,
2604 DTLSVersion,
2605 SAB_DIRECTION_OUTBOUND);
2606 if (SAStatus != SAB_STATUS_OK) {
2607 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2608 goto error_exit;
2609 }
2610
2611 /* Set DTLS-CAPWAP param from cmd handler */
2612 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2613 params.CryptoAlgo = SAB_CRYPTO_AES;
2614 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2615 params.KeyByteCount = 16;
2616 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2617 params.AuthKeyByteCount = 20;
2618 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2619 params.CryptoAlgo = SAB_CRYPTO_AES;
2620 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2621 params.KeyByteCount = 16;
2622 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2623 params.AuthKeyByteCount = 32;
2624 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2625 params.CryptoAlgo = SAB_CRYPTO_AES;
2626 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2627 params.KeyByteCount = 32;
2628 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2629 params.AuthKeyByteCount = 20;
2630 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2631 params.CryptoAlgo = SAB_CRYPTO_AES;
2632 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2633 params.KeyByteCount = 32;
2634 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2635 params.AuthKeyByteCount = 32;
2636 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2637 params.CryptoAlgo = SAB_CRYPTO_AES;
2638 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2639 params.AuthAlgo = SAB_AUTH_AES_GCM;
2640 if (DTLSParam_p->sec_mode == AES128_GCM)
2641 params.KeyByteCount = 16;
2642 else if (DTLSParam_p->sec_mode == AES256_GCM)
2643 params.KeyByteCount = 32;
2644
2645 params.Nonce_p = DTLSParam_p->dtls_encrypt_nonce;
2646
2647 OutboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2648 if (OutboundHKey == NULL) {
2649 CRYPTO_ERR("%s: kmalloc for OutboundHKey failed\n", __func__);
2650 goto error_exit;
2651 }
2652
2653 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_encrypt, 16, Zero, OutboundHKey);
2654 if (fVerbose)
2655 Log_HexDump("OutboundHKey", 0, OutboundHKey, 16);
2656 // Byte-swap the HKEY
2657 {
2658 uint8_t t;
2659 unsigned int i;
2660
2661 for (i = 0; i < 4; i++) {
2662 t = OutboundHKey[4*i+3];
2663 OutboundHKey[4*i+3] = OutboundHKey[4*i];
2664 OutboundHKey[4*i] = t;
2665 t = OutboundHKey[4*i+2];
2666 OutboundHKey[4*i+2] = OutboundHKey[4*i+1];
2667 OutboundHKey[4*i+1] = t;
2668 }
2669 }
2670 if (fVerbose)
2671 Log_HexDump("OutboundHKey (swapped)", 0, OutboundHKey, 16);
2672 params.AuthKey1_p = OutboundHKey;
2673 DTLSResourceEntity_p->HKeyOutbound = OutboundHKey;
2674 } else {
2675 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2676 DTLSParam_p->sec_mode);
2677 goto error_exit;
2678 }
2679 // Add crypto key and parameters.
2680 params.Key_p = DTLSParam_p->key_encrypt;
2681 // Add authentication key and paramters.
2682 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2683#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2684 params.AuthKey1_p = DTLSParam_p->key_auth_encrypt_1; // inner digest directly
2685 params.AuthKey2_p = DTLSParam_p->key_auth_encrypt_2; // outer digest directly
2686#else
2687 // No hardware precompute support, so preform HMAC precompute in
2688 // the traditional way.
2689 InnerDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2690 if (InnerDigest == NULL) {
2691 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2692 goto error_exit;
2693 }
2694 memset(InnerDigest, 0, params.AuthKeyByteCount);
2695 DTLSResourceEntity_p->InnerDigestOutbound = InnerDigest;
2696 OuterDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2697 if (OuterDigest == NULL) {
2698 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2699 goto error_exit;
2700 }
2701 memset(OuterDigest, 0, params.AuthKeyByteCount);
2702 DTLSResourceEntity_p->OuterDigestOutbound = OuterDigest;
2703 crypto_hmac_precompute(params.AuthAlgo,
2704 DTLSParam_p->key_auth_encrypt_1,
2705 params.AuthKeyByteCount,
2706 InnerDigest,
2707 OuterDigest);
2708 if (fVerbose) {
2709 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2710 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2711 }
2712 params.AuthKey1_p = InnerDigest;
2713 params.AuthKey2_p = OuterDigest;
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2714#endif
2715 }
2716
2717 // Create a reference to the header processor context.
2718 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2719
2720 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
developer345e0212024-08-08 16:33:02 +0800[diff] [blame^]2721 SAB_DTLS_EXT_PROCESSING;
2722
2723 if (DTLSParam_p->net_type == MTK_DTLS_NET_IPV6)
2724 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_IPV6;
2725 else
2726 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_IPV4;
2727
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2728 if (fCAPWAP)
2729 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2730
2731 // Now the SA parameters are completely filled in.
2732
2733 // We are ready to probe the size required for the transform
2734 // record (SA).
2735 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2736
2737 if (fVerbose)
2738 CRYPTO_INFO(
2739 "%s: SABuilder_GetSizes returned %d SA size=%u words for outbound\n",
2740 __func__,
2741 SAStatus,
2742 SAWords);
2743 if (SAStatus != SAB_STATUS_OK) {
2744 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2745 goto error_exit;
2746 }
2747
2748 // Allocate a DMA-safe buffer for the SA.
2749 DMAProperties.fCached = true;
2750 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2751 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2752 DMAProperties.Size = SAWords * sizeof(uint32_t);
2753
2754 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2755 &DTLSResourceEntity_p->DTLSHandleSAOutbound);
2756 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAOutbound.p == NULL) {
2757 CRYPTO_ERR("%s Allocation of outbound SA failed\n", __func__);
2758 goto error_exit;
2759 }
2760
2761 // Now we can actually build the SA in the DMA-safe buffer.
2762 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2763
2764 if (SAStatus != SAB_STATUS_OK) {
2765 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2766 goto error_exit;
2767 }
2768 if (fVerbose) {
2769 CRYPTO_INFO("Outbound transform record created\n");
2770
2771 Log_HexDump("Outbound transform record",
2772 0,
2773 SAHostAddress.p,
2774 SAWords * sizeof(uint32_t));
2775 }
2776
2777 // Prepare the Inbound SA
2778 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2779 DTLSVersion = SAB_DTLS_VERSION_1_0;
2780 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2781 DTLSVersion = SAB_DTLS_VERSION_1_2;
2782 else {
2783 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2784 DTLSParam_p->dtls_version);
2785 goto error_exit;
2786 }
2787
2788 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2789 // will initialize many parameters, next fill in more parameters, such
2790 // as cryptographic keys.
2791 SAStatus = SABuilder_Init_SSLTLS(&params,
2792 &SSLTLSParams,
2793 DTLSVersion,
2794 SAB_DIRECTION_INBOUND);
2795 if (SAStatus != SAB_STATUS_OK) {
2796 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2797 goto error_exit;
2798 }
2799
2800 /* Set DTLS-CAPWAP param from cmd handler */
2801 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2802 params.CryptoAlgo = SAB_CRYPTO_AES;
2803 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2804 params.KeyByteCount = 16;
2805 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2806 params.AuthKeyByteCount = 20;
2807 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2808 params.CryptoAlgo = SAB_CRYPTO_AES;
2809 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2810 params.KeyByteCount = 16;
2811 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2812 params.AuthKeyByteCount = 32;
2813 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2814 params.CryptoAlgo = SAB_CRYPTO_AES;
2815 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2816 params.KeyByteCount = 32;
2817 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2818 params.AuthKeyByteCount = 20;
2819 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2820 params.CryptoAlgo = SAB_CRYPTO_AES;
2821 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2822 params.KeyByteCount = 32;
2823 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2824 params.AuthKeyByteCount = 32;
2825 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2826 params.CryptoAlgo = SAB_CRYPTO_AES;
2827 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2828 params.AuthAlgo = SAB_AUTH_AES_GCM;
2829 if (DTLSParam_p->sec_mode == AES128_GCM)
2830 params.KeyByteCount = 16;
2831 else if (DTLSParam_p->sec_mode == AES256_GCM)
2832 params.KeyByteCount = 32;
2833
2834 params.Nonce_p = DTLSParam_p->dtls_decrypt_nonce;
2835
2836 InboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2837 if (InboundHKey == NULL) {
2838 CRYPTO_ERR("%s: kmalloc for InboundHKey failed\n", __func__);
2839 goto error_exit;
2840 }
2841
2842 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_decrypt, 16, Zero, InboundHKey);
2843 if (fVerbose)
2844 Log_HexDump("InboundHKey", 0, InboundHKey, 16);
2845 // Byte-swap the HKEY
2846 {
2847 uint8_t t;
2848 unsigned int i;
2849
2850 for (i = 0; i < 4; i++) {
2851 t = InboundHKey[4*i+3];
2852 InboundHKey[4*i+3] = InboundHKey[4*i];
2853 InboundHKey[4*i] = t;
2854 t = InboundHKey[4*i+2];
2855 InboundHKey[4*i+2] = InboundHKey[4*i+1];
2856 InboundHKey[4*i+1] = t;
2857 }
2858 }
2859 if (fVerbose)
2860 Log_HexDump("InboundHKey (swapped)", 0, InboundHKey, 16);
2861 params.AuthKey1_p = InboundHKey;
2862 DTLSResourceEntity_p->HKeyInbound = InboundHKey;
2863 } else {
2864 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2865 DTLSParam_p->sec_mode);
2866 goto error_exit;
2867 }
2868
2869 // Add crypto key and parameters.
2870 params.Key_p = DTLSParam_p->key_decrypt;
2871 // Add authentication key and paramters.
2872 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2873#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2874 params.AuthKey1_p = DTLSParam_p->key_auth_decrypt_1;
2875 params.AuthKey2_p = DTLSParam_p->key_auth_decrypt_2;
2876#else
2877 // No hardware precompute support, so preform HMAC precompute in
2878 // the traditional way.
2879 InnerDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2880 if (InnerDigest == NULL) {
2881 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2882 goto error_exit;
2883 }
2884 memset(InnerDigest, 0, params.AuthKeyByteCount);
2885 DTLSResourceEntity_p->InnerDigestInbound = InnerDigest;
2886 OuterDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2887 if (OuterDigest == NULL) {
2888 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2889 goto error_exit;
2890 }
2891 memset(OuterDigest, 0, params.AuthKeyByteCount);
2892 DTLSResourceEntity_p->OuterDigestInbound = OuterDigest;
2893 crypto_hmac_precompute(params.AuthAlgo,
2894 DTLSParam_p->key_auth_decrypt_1,
2895 params.AuthKeyByteCount,
2896 InnerDigest,
2897 OuterDigest);
2898 if (fVerbose) {
2899 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2900 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2901 }
2902 params.AuthKey1_p = InnerDigest;
2903 params.AuthKey2_p = OuterDigest;
2904 InnerDigest = NULL;
2905 OuterDigest = NULL;
2906 }
2907#endif
2908
2909 if (fInlinePlain != fInlineCipher) {
2910 params.flags |= SAB_FLAG_REDIRECT;
2911 params.RedirectInterface = PEC_INTERFACE_ID; /*redirect to ring */
2912 }
2913
2914 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
developer345e0212024-08-08 16:33:02 +0800[diff] [blame^]2915 SAB_DTLS_EXT_PROCESSING;
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2916
2917 // Create a reference to the header processor context.
2918 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2919
developer345e0212024-08-08 16:33:02 +0800[diff] [blame^]2920 if (DTLSParam_p->net_type == MTK_DTLS_NET_IPV6)
2921 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_IPV6;
2922 else
2923 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_IPV4;
2924
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]2925 if (fCAPWAP)
2926 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2927
2928 // Now the SA parameters are completely filled in.
2929
2930 // We are ready to probe the size required for the transform
2931 // record (SA).
2932 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2933
2934 if (fVerbose)
2935 CRYPTO_INFO("%s: SABuilder_GetSizes returned %d SA size=%u words for inbound\n",
2936 __func__,
2937 SAStatus,
2938 SAWords);
2939
2940 if (SAStatus != SAB_STATUS_OK) {
2941 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2942 goto error_exit;
2943 }
2944
2945 // Allocate a DMA-safe buffer for the SA.
2946 DMAProperties.fCached = true;
2947 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2948 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2949 DMAProperties.Size = SAWords * sizeof(uint32_t);
2950
2951 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2952 &DTLSResourceEntity_p->DTLSHandleSAInbound);
2953 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAInbound.p == NULL) {
2954 CRYPTO_ERR("%s: Allocation of inbound SA failed\n", __func__);
2955 goto error_exit;
2956 }
2957
2958 // Now we can actually build the SA in the DMA-safe buffer.
2959 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2960 if (SAStatus != SAB_STATUS_OK) {
2961 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2962 goto error_exit;
2963 }
2964 if (fVerbose) {
2965 CRYPTO_INFO("Inbound transform record created\n");
2966
2967 Log_HexDump("Inbound transform record",
2968 0,
2969 SAHostAddress.p,
2970 SAWords * sizeof(uint32_t));
2971 }
2972
2973 // Register the SAs with the PCL API. DMA buffers for hardware transforms
2974 // (SAs) are allocated and filled in external to the PCL API.
2975 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2976 if (PCL_Status != PCL_STATUS_OK) {
2977 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2978 goto error_exit;
2979 }
2980 if (fVerbose)
2981 CRYPTO_INFO("%s: Outbound transform registered\n", __func__);
2982
2983 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAInbound);
2984 if (PCL_Status != PCL_STATUS_OK) {
2985 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2986 PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2987 goto error_exit;
2988 }
2989 if (fVerbose)
2990 CRYPTO_INFO("%s: Inbound transform registered\n", __func__);
2991
2992
2993
2994 /* Create the DTL entries. */
2995 if (fPktCfy) {
2996 ZEROINIT(SelectorParams);
2997 ZEROINIT(DTLTransformParams);
2998
developer345e0212024-08-08 16:33:02 +0800[diff] [blame^]2999 if (DTLSParam_p->net_type == MTK_DTLS_NET_IPV6) {
3000 SelectorParams.flags = PCL_SELECT_IPV6;
3001 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->sip.ip6.addr)));
3002 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->dip.ip6.addr)));
3003 } else {
3004 SelectorParams.flags = PCL_SELECT_IPV4;
3005 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->sip.ip4.addr32)));
3006 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->dip.ip4.addr32)));
3007 }
3008
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]3009 SelectorParams.IpProto = 17; //UDP
3010 SelectorParams.SrcPort = DTLSParam_p->sport;
3011 SelectorParams.DstPort = DTLSParam_p->dport;
3012 SelectorParams.spi = 0;
3013 SelectorParams.epoch = 0; // No epoch, not present in outbound packet
3014
3015 /* Compute the hash for the inbound DTL */
3016 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
3017 if (PCL_Status != PCL_STATUS_OK) {
3018 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
3019 goto error_exit_unregister;
3020 }
3021 if (fVerbose)
3022 CRYPTO_INFO("%s: Inbound flow hashed\n", __func__);
3023
3024 /* Add the inbound DTL entry. */
3025 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
3026 &DTLTransformParams,
3027 DTLSResourceEntity_p->DTLSHandleSAOutbound,
3028 &SAHashHandle);
3029 if (PCL_Status != PCL_STATUS_OK) {
3030 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3031 goto error_exit_unregister;
3032 }
3033 if (fVerbose)
3034 CRYPTO_INFO("%s: Outbound DTL added\n", __func__);
3035
3036 ZEROINIT(SelectorParams);
3037 ZEROINIT(DTLTransformParams);
3038
developer345e0212024-08-08 16:33:02 +0800[diff] [blame^]3039 if (DTLSParam_p->net_type == MTK_DTLS_NET_IPV6) {
3040 SelectorParams.flags = PCL_SELECT_IPV6;
3041 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->dip.ip6.addr)));
3042 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->sip.ip6.addr)));
3043 } else {
3044 SelectorParams.flags = PCL_SELECT_IPV4;
3045 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->dip.ip4.addr32)));
3046 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->sip.ip4.addr32)));
3047 }
developer49489b82024-03-28 15:18:08 +0800[diff] [blame]3048 SelectorParams.SrcPort = DTLSParam_p->dport;
3049 SelectorParams.DstPort = DTLSParam_p->sport;
3050 SelectorParams.IpProto = 17; //UDP
3051 SelectorParams.epoch = DTLSParam_p->dtls_epoch;
3052
3053 /* Compute the hash for the inbound DTL */
3054 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
3055 if (PCL_Status != PCL_STATUS_OK) {
3056 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
3057 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3058 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3059 goto error_exit_unregister;
3060 }
3061 if (fVerbose)
3062 CRYPTO_INFO("%s: Inbound lookup hashed\n", __func__);
3063
3064 /* Add the inbound DTL entry. */
3065 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
3066 &DTLTransformParams,
3067 DTLSResourceEntity_p->DTLSHandleSAInbound,
3068 &SAHashHandle);
3069 if (PCL_Status != PCL_STATUS_OK) {
3070 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3071 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3072 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3073 goto error_exit_unregister;
3074 }
3075 if (fVerbose)
3076 CRYPTO_INFO("%s: Inbound DTL added\n", __func__);
3077 }
3078
3079 /* At this point, both outbound and inbound transforms have been
3080 * registered and both outbound and inbound DTL entries are added to the
3081 * lookup table. The Packet Engine is ready to accept packets and
3082 * perform classification and processing autonomously.*/
3083
3084 if (fVerbose)
3085 CRYPTO_INFO("*** Finished update DTLS-CAPWAP SA ***\n\n");
3086
3087 // If we made it to here, consider this run a success. Any jump
3088 // to one of the error labels below will skip "success = true"
3089 success = true;
3090 DTLSParam_p->SA_encrypt = DTLSResourceEntity_p->DTLSHandleSAOutbound.p;
3091 DTLSParam_p->SA_decrypt = DTLSResourceEntity_p->DTLSHandleSAInbound.p;
3092 DTLSResourceEntity_p->DTLSParam = DTLSParam_p;
3093 *DTLSResource = DTLSResourceEntity_p;
3094
3095 return success;
3096
3097
3098error_exit_unregister:
3099 /* At this point, all flows have been removed, so we can start
3100 * removing the transform records. Note: all flows that use the
3101 * transform must be removed before removing the transform.
3102 *
3103 * When any flow creation error occurs, return to this point. The
3104 * flow records have not been created, but the transform records
3105 * are registered at this point.
3106 */
3107
3108 /* Obtain statistics of the outbound transform. We do this at the
3109 * end of the lifetime of the transform, but it can be done at any
3110 * time when the transform is registered.*/
3111 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAOutbound,
3112 &TransformParams);
3113 if (PCL_Status != PCL_STATUS_OK)
3114 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3115 else
3116 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3117 TransformParams.PacketsCounterLo,
3118 TransformParams.OctetsCounterLo);
3119
3120 /* Obtain statistics of the inbound transform. */
3121 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAInbound,
3122 &TransformParams);
3123 if (PCL_Status != PCL_STATUS_OK)
3124 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3125 else
3126 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3127 TransformParams.PacketsCounterLo,
3128 TransformParams.OctetsCounterLo);
3129
3130
3131 /* Unregister both transforms. Report, but do not handle the
3132 * results of these calls. If they fail, there is nothing sensible
3133 * that we can do to recover.
3134 */
3135 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAOutbound, true))
3136 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3137 else if (fVerbose)
3138 CRYPTO_INFO("transform invalidate succeeded\n");
3139
3140
3141 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3142 if (PCL_Status != PCL_STATUS_OK)
3143 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3144 else if (fVerbose)
3145 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3146
3147
3148 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAInbound, true))
3149 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3150 else if (fVerbose)
3151 CRYPTO_INFO("transform invalidate succeeded\n");
3152
3153
3154 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAInbound);
3155 if (PCL_Status != PCL_STATUS_OK)
3156 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3157 else if (fVerbose)
3158 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3159
3160
3161error_exit:
3162 /* Remove the buffers occupied by the transforms, the packets and the
3163 * header processor contexts.
3164 *
3165 * Return here if any error occurs before the transforms are registered.
3166 * When we return here with an error, not all buffers may have been
3167 * allocated.
3168 * Note: DMABuf_Release can be called when no buffer was allocated.
3169 */
3170 if (DTLSResourceEntity_p != NULL) {
3171 if (DTLSResourceEntity_p->DTLSHandleSAOutbound.p != NULL) {
3172 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3173 DTLSResourceEntity_p->DTLSHandleSAOutbound.p = NULL;
3174 DTLSResourceEntity_p->DTLSParam->SA_encrypt = (void *) NULL;
3175 }
3176 if (DTLSResourceEntity_p->DTLSHandleSAInbound.p != NULL) {
3177 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAInbound);
3178 DTLSResourceEntity_p->DTLSHandleSAInbound.p = NULL;
3179 DTLSResourceEntity_p->DTLSParam->SA_decrypt = (void *) NULL;
3180 }
3181 if (DTLSResourceEntity_p->HKeyOutbound != NULL) {
3182 kfree(DTLSResourceEntity_p->HKeyOutbound);
3183 DTLSResourceEntity_p->HKeyOutbound = NULL;
3184 }
3185 if (DTLSResourceEntity_p->HKeyInbound != NULL) {
3186 kfree(DTLSResourceEntity_p->HKeyInbound);
3187 DTLSResourceEntity_p->HKeyInbound = NULL;
3188 }
3189 if (DTLSResourceEntity_p->InnerDigestInbound != NULL) {
3190 kfree(DTLSResourceEntity_p->InnerDigestInbound);
3191 DTLSResourceEntity_p->InnerDigestInbound = NULL;
3192 }
3193 if (DTLSResourceEntity_p->OuterDigestInbound != NULL) {
3194 kfree(DTLSResourceEntity_p->OuterDigestInbound);
3195 DTLSResourceEntity_p->OuterDigestInbound = NULL;
3196 }
3197 if (DTLSResourceEntity_p->InnerDigestOutbound != NULL) {
3198 kfree(DTLSResourceEntity_p->InnerDigestOutbound);
3199 DTLSResourceEntity_p->InnerDigestOutbound = NULL;
3200 }
3201 if (DTLSResourceEntity_p->OuterDigestOutbound != NULL) {
3202 kfree(DTLSResourceEntity_p->OuterDigestOutbound);
3203 DTLSResourceEntity_p->OuterDigestOutbound = NULL;
3204 }
3205 if (DTLSResourceEntity_p != NULL) {
3206 kfree(DTLSResourceEntity_p);
3207 DTLSResourceEntity_p = NULL;
3208 }
3209 *DTLSResource = NULL;
3210 }
3211 return success;
3212}
3213
3214void mtk_ddk_remove_dtls_param(struct DTLSResourceMgmt **DTLSResource)
3215{
3216 bool fVerbose = false;
3217 bool fPktCfy = true;
3218 PCL_Status_t PCL_Status;
3219 PCL_TransformParams_t TransformParams;
3220
3221 if (*DTLSResource == NULL) {
3222 if (fVerbose)
3223 CRYPTO_ERR("%s: DTLSResource is NULL\n", __func__);
3224 return;
3225 }
3226
3227 // unregister_flows
3228 if (fPktCfy) {
3229 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3230 (*DTLSResource)->DTLSHandleSAInbound);
3231 if (PCL_Status != PCL_STATUS_OK)
3232 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Inbound failed\n", __func__);
3233 else
3234 if (fVerbose)
3235 CRYPTO_INFO("PCL_DTL_Transform_Remove Inbound succeeded\n");
3236
3237 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3238 (*DTLSResource)->DTLSHandleSAOutbound);
3239 if (PCL_Status != PCL_STATUS_OK)
3240 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Outbound failed\n", __func__);
3241 else
3242 if (fVerbose)
3243 CRYPTO_INFO("PCL_DTL_Transform_Remove Outbound succeeded\n");
3244 }
3245
3246 /* At this point, all flows have been removed, so we can start
3247 * removing the transform records. Note: all flows that use the
3248 * transform must be removed before removing the transform.
3249 *
3250 * When any flow creation error occurs, return to this point. The
3251 * flow records have not been created, but the transform records
3252 * are registered at this point.
3253 */
3254
3255 /* Obtain statistics of the outbound transform. We do this at the
3256 * end of the lifetime of the transform, but it can be done at any
3257 * time when the transform is registered.*/
3258 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAOutbound,
3259 &TransformParams);
3260 if (PCL_Status != PCL_STATUS_OK)
3261 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3262 else
3263 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3264 TransformParams.PacketsCounterLo,
3265 TransformParams.OctetsCounterLo);
3266
3267 /* Obtain statistics of the inbound transform. */
3268 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAInbound,
3269 &TransformParams);
3270 if (PCL_Status != PCL_STATUS_OK)
3271 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3272 else
3273 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3274 TransformParams.PacketsCounterLo,
3275 TransformParams.OctetsCounterLo);
3276
3277
3278 /* Unregister both transforms. Report, but do not handle the
3279 * results of these calls. If they fail, there is nothing sensible
3280 * that we can do to recover.
3281 */
3282 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAOutbound, true))
3283 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3284 else
3285 if (fVerbose)
3286 CRYPTO_INFO("transform invalidate succeeded\n");
3287#ifdef PEC_PCL_EIP197
3288 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAOutbound);
3289 if (PCL_Status != PCL_STATUS_OK)
3290 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3291 else
3292 if (fVerbose)
3293 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3294#else
3295 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAOutbound,
3296 DMABuf_NULLHandle, DMABuf_NULLHandle);
3297#endif
3298
3299 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAInbound, true))
3300 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3301 else
3302 if (fVerbose)
3303 CRYPTO_INFO("transform invalidate succeeded\n");
3304#ifdef PEC_PCL_EIP197
3305 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAInbound);
3306 if (PCL_Status != PCL_STATUS_OK)
3307 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3308 else
3309 if (fVerbose)
3310 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3311#else
3312 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAInbound,
3313 DMABuf_NULLHandle, DMABuf_NULLHandle);
3314#endif
3315
3316 /* Remove the buffers occupied by the transforms, the packets and the
3317 * header processor contexts.
3318 *
3319 * Return here if any error occurs before the transforms are registered.
3320 * When we return here with an error, not all buffers may have been
3321 * allocated.
3322 * Note: DMABuf_Release can be called when no buffer was allocated.
3323 */
3324 if ((*DTLSResource)->DTLSHandleSAOutbound.p != NULL) {
3325 DMABuf_Release((*DTLSResource)->DTLSHandleSAOutbound);
3326 (*DTLSResource)->DTLSHandleSAOutbound.p = NULL;
3327 (*DTLSResource)->DTLSParam->SA_encrypt = (void *) NULL;
3328 }
3329 if ((*DTLSResource)->DTLSHandleSAInbound.p != NULL) {
3330 DMABuf_Release((*DTLSResource)->DTLSHandleSAInbound);
3331 (*DTLSResource)->DTLSHandleSAInbound.p = NULL;
3332 (*DTLSResource)->DTLSParam->SA_decrypt = (void *) NULL;
3333 }
3334 if ((*DTLSResource)->HKeyOutbound != NULL) {
3335 kfree((*DTLSResource)->HKeyOutbound);
3336 (*DTLSResource)->HKeyOutbound = NULL;
3337 }
3338 if ((*DTLSResource)->HKeyInbound != NULL) {
3339 kfree((*DTLSResource)->HKeyInbound);
3340 (*DTLSResource)->HKeyInbound = NULL;
3341 }
3342 if ((*DTLSResource)->InnerDigestInbound != NULL) {
3343 kfree((*DTLSResource)->InnerDigestInbound);
3344 (*DTLSResource)->InnerDigestInbound = NULL;
3345 }
3346 if ((*DTLSResource)->OuterDigestInbound != NULL) {
3347 kfree((*DTLSResource)->OuterDigestInbound);
3348 (*DTLSResource)->OuterDigestInbound = NULL;
3349 }
3350 if ((*DTLSResource)->InnerDigestOutbound != NULL) {
3351 kfree((*DTLSResource)->InnerDigestOutbound);
3352 (*DTLSResource)->InnerDigestOutbound = NULL;
3353 }
3354 if ((*DTLSResource)->OuterDigestOutbound != NULL) {
3355 kfree((*DTLSResource)->OuterDigestOutbound);
3356 (*DTLSResource)->OuterDigestOutbound = NULL;
3357 }
3358 if (*DTLSResource != NULL) {
3359 kfree(*DTLSResource);
3360 *DTLSResource = NULL;
3361 }
3362 *DTLSResource = NULL;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]3363}