Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / 49489b886a720e29f7e668921ff361ae61422b1e / . / feed / kernel / crypto-eip / src / ddk-wrapper.c
blob: b3c5b904eff388565f0a2ef9690ca2e952ebd039 [file] [log] [blame]
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2023 MediaTek Inc.
4 *
5 * Author: Chris.Chou <chris.chou@mediatek.com>
6 * Ren-Ting Wang <ren-ting.wang@mediatek.com>
7 */
8
9#include <crypto/aes.h>
10#include <crypto/hash.h>
11#include <crypto/hmac.h>
12#include <crypto/md5.h>
13#include <linux/delay.h>
14
15#include <crypto-eip/ddk/slad/api_pcl.h>
16#include <crypto-eip/ddk/slad/api_pcl_dtl.h>
17#include <crypto-eip/ddk/slad/api_pec.h>
18#include <crypto-eip/ddk/slad/api_driver197_init.h>
19
20#include "crypto-eip/crypto-eip.h"
21#include "crypto-eip/ddk-wrapper.h"
22#include "crypto-eip/internal.h"
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]23
24LIST_HEAD(result_list);
25
26void crypto_free_sa(void *sa_pointer)
27{
28 DMABuf_Handle_t SAHandle = {0};
29
30 SAHandle.p = sa_pointer;
31 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
32 DMABuf_NULLHandle);
33 DMABuf_Release(SAHandle);
34}
35
36void crypto_free_token(void *token)
37{
38 DMABuf_Handle_t TokenHandle = {0};
39
40 TokenHandle.p = token;
41 DMABuf_Release(TokenHandle);
42}
43
44/* TODO: to be remove*/
45void crypto_free_pkt(void *pkt)
46{
47 DMABuf_Handle_t PktHandle = {0};
48
49 PktHandle.p = pkt;
50 DMABuf_Release(PktHandle);
51}
52
53void crypto_free_sglist(void *sglist)
54{
55 PEC_Status_t res;
56 unsigned int count;
57 unsigned int size;
58 DMABuf_Handle_t SGListHandle = {0};
59 DMABuf_Handle_t ParticleHandle = {0};
60 int i;
61 uint8_t *Particle_p;
62
63 SGListHandle.p = sglist;
64 res = PEC_SGList_GetCapacity(SGListHandle, &count);
65 if (res != PEC_STATUS_OK)
66 return;
67 for (i = 0; i < count; i++) {
68 PEC_SGList_Read(SGListHandle,
69 i,
70 &ParticleHandle,
71 &size,
72 &Particle_p);
73 DMABuf_Particle_Release(ParticleHandle);
74 }
75
76 PEC_SGList_Destroy(SGListHandle);
77}
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]78
79static bool crypto_iotoken_create(IOToken_Input_Dscr_t * const dscr_p,
80 void * const ext_p, u32 *data_p,
81 PEC_CommandDescriptor_t * const pec_cmd_dscr)
82{
83 int IOTokenRc;
84
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]85 dscr_p->InPacket_ByteCount = pec_cmd_dscr->SrcPkt_ByteCount;
86 dscr_p->Ext_p = ext_p;
87
88 IOTokenRc = IOToken_Create(dscr_p, data_p);
89 if (IOTokenRc < 0) {
90 CRYPTO_ERR("IOToken_Create error %d\n", IOTokenRc);
91 return false;
92 }
93
94 pec_cmd_dscr->InputToken_p = data_p;
95
96 return true;
97}
98
99unsigned int crypto_pe_busy_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
100 u32 *OutTokenData_p,
101 PEC_ResultDescriptor_t *RD_p)
102{
103 int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
104 int IOToken_Rc;
105 PEC_Status_t pecres;
106
107 ZEROINIT(*OutTokenDscr_p);
108 ZEROINIT(*RD_p);
109
110 /* Link data structures */
111 RD_p->OutputToken_p = OutTokenData_p;
112
113 while (LoopCounter > 0) {
114 /* Try to get the processed packet from the driver */
115 unsigned int Counter = 0;
116
117 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
118 if (pecres != PEC_STATUS_OK) {
119 /* IO error */
120 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
121 return 0;
122 }
123
124 if (Counter) {
125 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
126 if (IOToken_Rc < 0) {
127 /* IO error */
128 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
129 return 0;
130 }
131
132 if (OutTokenDscr_p->ErrorCode != 0) {
133 /* Packet process error */
134 CRYPTO_ERR("Result descriptor error 0x%x\n",
135 OutTokenDscr_p->ErrorCode);
136 return 0;
137 }
138
139 /* packet received */
140 return Counter;
141 }
142
143 /* Wait for MTK_EIP197_PKT_GET_TIMEOUT_MS milliseconds */
144 udelay(MTK_EIP197_PKT_GET_TIMEOUT_MS);
145 LoopCounter--;
146 }
147
148 /* IO error (timeout, not result packet received) */
149 return 0;
150}
151
152unsigned int crypto_pe_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
153 u32 *OutTokenData_p,
154 PEC_ResultDescriptor_t *RD_p)
155{
156 int IOToken_Rc;
157 unsigned int Counter = 0;
158 PEC_Status_t pecres;
159
160 ZEROINIT(*OutTokenDscr_p);
161 ZEROINIT(*RD_p);
162
163 RD_p->OutputToken_p = OutTokenData_p;
164
165 /* Try to get the processed packet from the driver */
166 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
167 if (pecres != PEC_STATUS_OK) {
168 /* IO error */
169 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
170 return 0;
171 }
172
173 if (Counter) {
174 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
175 if (IOToken_Rc < 0) {
176 /* IO error */
177 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
178 return 0;
179 }
180 if (OutTokenDscr_p->ErrorCode != 0) {
181 /* Packet process error */
182 CRYPTO_ERR("Result descriptor error 0x%x\n",
183 OutTokenDscr_p->ErrorCode);
184 return 0;
185 }
186 /* packet received */
187 return Counter;
188 }
189
190 /* IO error (timeout, not result packet received) */
191 return 0;
192}
193
194SABuilder_Crypto_Mode_t lookaside_match_alg_mode(enum mtk_crypto_cipher_mode mode)
195{
196 switch (mode) {
197 case MTK_CRYPTO_MODE_CBC:
198 return SAB_CRYPTO_MODE_CBC;
199 case MTK_CRYPTO_MODE_ECB:
200 return SAB_CRYPTO_MODE_ECB;
201 case MTK_CRYPTO_MODE_OFB:
202 return SAB_CRYPTO_MODE_OFB;
203 case MTK_CRYPTO_MODE_CFB:
204 return SAB_CRYPTO_MODE_CFB;
205 case MTK_CRYPTO_MODE_CTR:
206 return SAB_CRYPTO_MODE_CTR;
207 case MTK_CRYPTO_MODE_GCM:
208 return SAB_CRYPTO_MODE_GCM;
209 case MTK_CRYPTO_MODE_GMAC:
210 return SAB_CRYPTO_MODE_GMAC;
211 case MTK_CRYPTO_MODE_CCM:
212 return SAB_CRYPTO_MODE_CCM;
213 default:
214 return SAB_CRYPTO_MODE_BASIC;
215 }
216}
217
218SABuilder_Crypto_t lookaside_match_alg_name(enum mtk_crypto_alg alg)
219{
220 switch (alg) {
221 case MTK_CRYPTO_AES:
222 return SAB_CRYPTO_AES;
223 case MTK_CRYPTO_DES:
224 return SAB_CRYPTO_DES;
225 case MTK_CRYPTO_3DES:
226 return SAB_CRYPTO_3DES;
227 default:
228 return SAB_CRYPTO_NULL;
229 }
230}
231
232SABuilder_Auth_t aead_hash_match(enum mtk_crypto_alg alg)
233{
234 switch (alg) {
235 case MTK_CRYPTO_ALG_SHA1:
236 return SAB_AUTH_HMAC_SHA1;
237 case MTK_CRYPTO_ALG_SHA224:
238 return SAB_AUTH_HMAC_SHA2_224;
239 case MTK_CRYPTO_ALG_SHA256:
240 return SAB_AUTH_HMAC_SHA2_256;
241 case MTK_CRYPTO_ALG_SHA384:
242 return SAB_AUTH_HMAC_SHA2_384;
243 case MTK_CRYPTO_ALG_SHA512:
244 return SAB_AUTH_HMAC_SHA2_512;
245 case MTK_CRYPTO_ALG_MD5:
246 return SAB_AUTH_HMAC_MD5;
247 case MTK_CRYPTO_ALG_GCM:
248 return SAB_AUTH_AES_GCM;
249 case MTK_CRYPTO_ALG_GMAC:
250 return SAB_AUTH_AES_GMAC;
251 case MTK_CRYPTO_ALG_CCM:
252 return SAB_AUTH_AES_CCM;
253 default:
254 return SAB_AUTH_NULL;
255 }
256}
257
258void mtk_crypto_interrupt_handler(void)
259{
260 struct mtk_crypto_result *rd;
261 struct mtk_crypto_context *ctx;
262 IOToken_Output_Dscr_t OutTokenDscr;
263 PEC_ResultDescriptor_t Res;
264 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
265 int ret = 0;
266
267 while (true) {
268 if (list_empty(&result_list))
269 return;
270 rd = list_first_entry(&result_list, struct mtk_crypto_result, list);
271
272 if (crypto_pe_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
273 PEC_NotifyFunction_t CBFunc;
274
275 CBFunc = mtk_crypto_interrupt_handler;
276 if (OutTokenDscr.ErrorCode == 0) {
277 PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
278 return;
279 } else if (OutTokenDscr.ErrorCode & BIT(9)) {
280 ret = -EBADMSG;
281 } else if (OutTokenDscr.ErrorCode == 0x4003) {
282 ret = 0;
283 } else
284 ret = 1;
285
286 CRYPTO_ERR("error from crypto_pe_get_one: %d\n", ret);
287 }
288
289 ctx = crypto_tfm_ctx(rd->async->tfm);
290 ret = ctx->handle_result(rd, ret);
291
292 spin_lock_bh(&add_lock);
293 list_del(&rd->list);
294 spin_unlock_bh(&add_lock);
295 kfree(rd);
296 }
297}
298
299int crypto_aead_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
300 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
301 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
302{
303 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
304 struct mtk_crypto_result *result;
305 struct scatterlist *sg;
306 unsigned int totlen_src;
307 unsigned int totlen_dst;
308 unsigned int src_pkt = cryptlen + assoclen;
309 unsigned int pass_assoc = 0;
310 int pass_id;
311 int rc;
312 int i;
313 SABuilder_Params_t params;
314 SABuilder_Params_Basic_t ProtocolParams;
315 unsigned int SAWords = 0;
316
317 DMABuf_Status_t DMAStatus;
318 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
319 DMABuf_HostAddress_t SAHostAddress;
320 DMABuf_HostAddress_t TokenHostAddress;
321 DMABuf_HostAddress_t PktHostAddress;
322
323 DMABuf_Handle_t SAHandle = {0};
324 DMABuf_Handle_t TokenHandle = {0};
325 DMABuf_Handle_t SrcSGListHandle = {0};
326 DMABuf_Handle_t DstSGListHandle = {0};
327
328 unsigned int TCRWords = 0;
329 void *TCRData = 0;
330 unsigned int TokenWords = 0;
331 unsigned int TokenHeaderWord;
332 unsigned int TokenMaxWords = 0;
333
334 TokenBuilder_Params_t TokenParams;
335 PEC_CommandDescriptor_t Cmd;
336 PEC_NotifyFunction_t CBFunc;
337 unsigned int count;
338
339 IOToken_Input_Dscr_t InTokenDscr;
340 IOToken_Output_Dscr_t OutTokenDscr;
341 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
342 void *InTokenDscrExt_p = NULL;
343 uint8_t gcm_iv[16] = {0};
344 uint8_t *aad = NULL;
345
346#ifdef CRYPTO_IOTOKEN_EXT
347 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
348
349 ZEROINIT(InTokenDscrExt);
350 InTokenDscrExt_p = &InTokenDscrExt;
351#endif
352 ZEROINIT(InTokenDscr);
353 ZEROINIT(OutTokenDscr);
354
355 /* Init SA */
356 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT) {
357 totlen_src = cryptlen + assoclen;
358 totlen_dst = totlen_src + digestsize;
359 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
360 } else {
361 totlen_src = cryptlen + assoclen;
362 totlen_dst = totlen_src - digestsize;
363 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
364 }
365 if (rc) {
366 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
367 goto error_exit;
368 }
369
370 /* Build SA */
371 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
372 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
373 params.KeyByteCount = ctx->key_len;
374 params.Key_p = (uint8_t *) ctx->key;
375 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
376 params.Nonce_p = (uint8_t *) &ctx->nonce;
377 params.IVSrc = SAB_IV_SRC_TOKEN;
378 params.flags |= SAB_FLAG_COPY_IV;
379 memcpy(gcm_iv, &ctx->nonce, 4);
380 memcpy(gcm_iv + 4, iv, ivsize);
381 gcm_iv[15] = 1;
382 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GMAC) {
383 params.Nonce_p = (uint8_t *) &ctx->nonce;
384 params.IVSrc = SAB_IV_SRC_TOKEN;
385 memcpy(gcm_iv, &ctx->nonce, 4);
386 memcpy(gcm_iv + 4, iv, ivsize);
387 gcm_iv[15] = 1;
388 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GCM) {
389 params.IVSrc = SAB_IV_SRC_TOKEN;
390 memcpy(gcm_iv, iv, ivsize);
391 gcm_iv[15] = 1;
392 } else if (params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
393 params.IVSrc = SAB_IV_SRC_SA;
394 params.Nonce_p = (uint8_t *) &ctx->nonce + 1;
395 params.IV_p = iv;
396 } else {
397 params.IVSrc = SAB_IV_SRC_SA;
398 params.IV_p = iv;
399 }
400
401 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
402 params.Nonce_p = (uint8_t *) &ctx->nonce;
403
404 params.AuthAlgo = aead_hash_match(ctx->hash_alg);
405 params.AuthKey1_p = (uint8_t *) ctx->ipad;
406 params.AuthKey2_p = (uint8_t *) ctx->opad;
407
408 ProtocolParams.ICVByteCount = digestsize;
409
410 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
411 if (rc) {
412 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
413 goto error_remove_sg;
414 }
415
416 DMAProperties.fCached = true;
417 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
418 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
419 DMAProperties.Size = MAX(4*SAWords, 256);
420
421 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
422 if (DMAStatus != DMABUF_STATUS_OK) {
423 rc = 1;
424 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
425 goto error_remove_sg;
426 }
427
428 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
429 if (rc) {
430 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
431 goto error_remove_sg;
432 }
433
434 /* Check dst buffer has enough size */
435 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
436 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
437
438 if (src == dst) {
439 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
440 mtk_req->nr_dst = mtk_req->nr_src;
441 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
442 CRYPTO_ERR("In-place buffer not large enough\n");
443 return -EINVAL;
444 }
445 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
446 } else {
447 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
448 CRYPTO_ERR("Source buffer not large enough\n");
449 return -EINVAL;
450 }
451 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
452
453 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
454 CRYPTO_ERR("Dest buffer not large enough\n");
455 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
456 return -EINVAL;
457 }
458 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
459 }
460
461 if (params.CryptoMode == SAB_CRYPTO_MODE_CCM ||
462 (params.CryptoMode == SAB_CRYPTO_MODE_GCM &&
463 ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP)) {
464
465 aad = kmalloc(assoclen, GFP_KERNEL);
466 if (!aad)
467 goto error_remove_sg;
468 sg_copy_to_buffer(src, mtk_req->nr_src, aad, assoclen);
469 src_pkt -= assoclen;
470 pass_assoc = assoclen;
471 }
472
473 /* Assign sg list */
474 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
475 if (rc != PEC_STATUS_OK) {
476 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
477 goto error_remove_sg;
478 }
479
480 pass_id = 0;
481 DMAProperties.fCached = true;
482 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
483 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
484 for_each_sg(src, sg, mtk_req->nr_src, i) {
485 int len = sg_dma_len(sg);
486 DMABuf_Handle_t sg_handle;
487 DMABuf_HostAddress_t host;
488
489 if (totlen_src < len)
490 len = totlen_src;
491
492 if (pass_assoc) {
493 if (pass_assoc >= len) {
494 pass_assoc -= len;
495 pass_id++;
496 continue;
497 }
498 DMAProperties.Size = MAX(len - pass_assoc, 1);
499 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg) + pass_assoc,
500 &host, &sg_handle);
501 if (rc != DMABUF_STATUS_OK) {
502 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
503 goto error_remove_sg;
504 }
505 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle,
506 len - pass_assoc);
507 if (rc != PEC_STATUS_OK)
508 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
509 pass_assoc = 0;
510 } else {
511 DMAProperties.Size = MAX(len, 1);
512 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg),
513 &host, &sg_handle);
514 if (rc != DMABUF_STATUS_OK) {
515 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
516 goto error_remove_sg;
517 }
518
519 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle, len);
520 if (rc != PEC_STATUS_OK)
521 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
522 }
523
524 totlen_src -= len;
525 if (!totlen_src)
526 break;
527 }
528
529 /* Alloc sg list for result */
530 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
531 if (rc != PEC_STATUS_OK) {
532 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
533 goto error_remove_sg;
534 }
535
536 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
537 int len = sg_dma_len(sg);
538 DMABuf_Handle_t sg_handle;
539 DMABuf_HostAddress_t host;
540
541 if (len > totlen_dst)
542 len = totlen_dst;
543
544 DMAProperties.Size = MAX(len, 1);
545 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
546 if (rc != DMABUF_STATUS_OK) {
547 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
548 goto error_remove_sg;
549 }
550 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
551 if (rc != PEC_STATUS_OK)
552 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
553
554 if (unlikely(!len))
555 break;
556 totlen_dst -= len;
557 }
558
559 /* Build Token */
560 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
561 if (rc) {
562 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
563 goto error_remove_sg;
564 }
565
566 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
567 if (!TCRData) {
568 rc = 1;
569 CRYPTO_ERR("Allocation of TCR failed\n");
570 goto error_remove_sg;
571 }
572
573 rc = TokenBuilder_BuildContext(&params, TCRData);
574 if (rc) {
575 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
576 goto error_remove_sg;
577 }
578
579 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
580 if (rc) {
581 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
582 goto error_remove_sg;
583 }
584
585 DMAProperties.fCached = true;
586 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
587 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
588 DMAProperties.Size = 4*TokenMaxWords;
589
590 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
591 if (DMAStatus != DMABUF_STATUS_OK) {
592 rc = 1;
593 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
594 goto error_remove_sg;
595 }
596
597 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
598 DMABuf_NULLHandle);
599 if (rc != PEC_STATUS_OK) {
600 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
601 goto error_remove_sg;
602 }
603
604 ZEROINIT(TokenParams);
605
606 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM || params.CryptoMode == SAB_CRYPTO_MODE_GMAC)
607 TokenParams.IV_p = gcm_iv;
608
609 if ((params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) ||
610 params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
611 TokenParams.AdditionalValue = assoclen - ivsize;
612 TokenParams.AAD_p = aad;
613 } else if (params.CryptoMode != SAB_CRYPTO_MODE_GMAC)
614 TokenParams.AdditionalValue = assoclen;
615
616
617 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
618 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, src_pkt,
619 &TokenParams, (uint32_t *)TokenHostAddress.p,
620 &TokenWords, &TokenHeaderWord);
621 kfree(PktHostAddress.p);
622 if (rc != TKB_STATUS_OK) {
623 CRYPTO_ERR("Token builder failed: %d\n", rc);
624 goto error_exit_unregister;
625 }
626
627 ZEROINIT(Cmd);
628 Cmd.Token_Handle = TokenHandle;
629 Cmd.Token_WordCount = TokenWords;
630 Cmd.SrcPkt_Handle = SrcSGListHandle;
631 Cmd.SrcPkt_ByteCount = src_pkt;
632 Cmd.DstPkt_Handle = DstSGListHandle;
633 Cmd.SA_Handle1 = SAHandle;
634 Cmd.SA_Handle2 = DMABuf_NULLHandle;
635
636 #if defined(CRYPTO_IOTOKEN_EXT)
637 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
638#endif
639 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
640
641 if (!crypto_iotoken_create(&InTokenDscr,
642 InTokenDscrExt_p,
643 InputToken,
644 &Cmd)) {
645 rc = 1;
646 goto error_exit_unregister;
647 }
648
649 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
650 if (rc != PEC_STATUS_OK && count != 1)
651 goto error_exit_unregister;
652
653 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
654 if (!result) {
655 rc = 1;
656 CRYPTO_ERR("No memory for result\n");
657 goto error_exit_unregister;
658 }
659 INIT_LIST_HEAD(&result->list);
660 result->eip.sa = SAHandle.p;
661 result->eip.token = TokenHandle.p;
662 result->eip.token_context = TCRData;
663 result->eip.pkt_handle = SrcSGListHandle.p;
664 result->async = async;
665 result->dst = DstSGListHandle.p;
666
667 spin_lock_bh(&add_lock);
668 list_add_tail(&result->list, &result_list);
669 spin_unlock_bh(&add_lock);
670 CBFunc = mtk_crypto_interrupt_handler;
671 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
672 if (rc != PEC_STATUS_OK) {
673 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
674 goto error_exit_unregister;
675 }
676
677 return rc;
678
679error_exit_unregister:
680 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
681 DMABuf_NULLHandle);
682error_remove_sg:
683 if (src == dst) {
684 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
685 } else {
686 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
687 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
688 }
689
690 if (aad != NULL)
691 kfree(aad);
692
693 crypto_free_sglist(SrcSGListHandle.p);
694 crypto_free_sglist(DstSGListHandle.p);
695
696error_exit:
697 DMABuf_Release(SAHandle);
698 DMABuf_Release(TokenHandle);
699
700 if (TCRData != NULL)
701 kfree(TCRData);
702
703 return rc;
704}
705
706int crypto_basic_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
707 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
708 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
709{
710 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
711 struct skcipher_request *areq = skcipher_request_cast(async);
712 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(areq);
713 struct mtk_crypto_result *result;
714 struct scatterlist *sg;
715 unsigned int totlen_src = cryptlen + assoclen;
716 unsigned int totlen_dst = totlen_src;
717 unsigned int blksize = crypto_skcipher_blocksize(skcipher);
718 int rc;
719 int i;
720 SABuilder_Params_t params;
721 SABuilder_Params_Basic_t ProtocolParams;
722 unsigned int SAWords = 0;
723
724 DMABuf_Status_t DMAStatus;
725 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
726 DMABuf_HostAddress_t SAHostAddress;
727 DMABuf_HostAddress_t TokenHostAddress;
728 DMABuf_HostAddress_t PktHostAddress;
729
730 DMABuf_Handle_t SAHandle = {0};
731 DMABuf_Handle_t TokenHandle = {0};
732 DMABuf_Handle_t SrcSGListHandle = {0};
733 DMABuf_Handle_t DstSGListHandle = {0};
734
735 unsigned int TCRWords = 0;
736 void *TCRData = 0;
737 unsigned int TokenWords = 0;
738 unsigned int TokenHeaderWord;
739 unsigned int TokenMaxWords = 0;
740
741 TokenBuilder_Params_t TokenParams;
742 PEC_CommandDescriptor_t Cmd;
743 unsigned int count;
744
745 IOToken_Input_Dscr_t InTokenDscr;
746 IOToken_Output_Dscr_t OutTokenDscr;
747 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
748 void *InTokenDscrExt_p = NULL;
749 PEC_NotifyFunction_t CBFunc;
750
751#ifdef CRYPTO_IOTOKEN_EXT
752 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
753
754 ZEROINIT(InTokenDscrExt);
755 InTokenDscrExt_p = &InTokenDscrExt;
756#endif
757 ZEROINIT(InTokenDscr);
758 ZEROINIT(OutTokenDscr);
759
760 /* If the data is not aligned with block size, return invalid */
761 if (!IS_ALIGNED(cryptlen, blksize))
762 return -EINVAL;
763
764 /* Init SA */
765 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT)
766 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
767 else
768 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
769 if (rc) {
770 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
771 goto error_exit;
772 }
773
774 /* Build SA */
775 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
776 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
777 params.KeyByteCount = ctx->key_len;
778 params.Key_p = (uint8_t *) ctx->key;
779 params.IVSrc = SAB_IV_SRC_SA;
780 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
781 params.Nonce_p = (uint8_t *) &ctx->nonce;
782 params.IV_p = iv;
783
784 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
785 if (rc) {
786 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
787 goto error_exit;
788 }
789
790 DMAProperties.fCached = true;
791 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
792 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
793 DMAProperties.Size = MAX(4*SAWords, 256);
794
795 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
796 if (DMAStatus != DMABUF_STATUS_OK) {
797 rc = 1;
798 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
799 goto error_exit;
800 }
801
802 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
803 if (rc) {
804 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
805 goto error_exit;
806 }
807
808 /* Build Token */
809 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
810 if (rc) {
811 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
812 goto error_exit;
813 }
814
815 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
816 if (!TCRData) {
817 rc = 1;
818 CRYPTO_ERR("Allocation of TCR failed\n");
819 goto error_exit;
820 }
821
822 rc = TokenBuilder_BuildContext(&params, TCRData);
823 if (rc) {
824 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
825 goto error_exit;
826 }
827
828 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
829 if (rc) {
830 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
831 goto error_exit;
832 }
833
834 DMAProperties.fCached = true;
835 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
836 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
837 DMAProperties.Size = 4*TokenMaxWords;
838
839 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
840 if (DMAStatus != DMABUF_STATUS_OK) {
841 rc = 1;
842 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
843 goto error_exit;
844 }
845
846 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
847 DMABuf_NULLHandle);
848 if (rc != PEC_STATUS_OK) {
849 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
850 goto error_exit;
851 }
852
853 /* Check buffer has enough size for output */
854 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
855 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
856
857 if (src == dst) {
858 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
859 mtk_req->nr_dst = mtk_req->nr_src;
860 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
861 CRYPTO_ERR("In-place buffer not large enough\n");
862 return -EINVAL;
863 }
864 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
865 } else {
866 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
867 CRYPTO_ERR("Source buffer not large enough\n");
868 return -EINVAL;
869 }
870 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
871
872 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
873 CRYPTO_ERR("Dest buffer not large enough\n");
874 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
875 return -EINVAL;
876 }
877 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
878 }
879
880 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
881 if (rc != PEC_STATUS_OK) {
882 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
883 goto error_remove_sg;
884 }
885
886 DMAProperties.fCached = true;
887 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
888 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
889 for_each_sg(src, sg, mtk_req->nr_src, i) {
890 int len = sg_dma_len(sg);
891 DMABuf_Handle_t sg_handle;
892 DMABuf_HostAddress_t host;
893
894 if (totlen_src < len)
895 len = totlen_src;
896
897 DMAProperties.Size = MAX(len, 1);
898 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
899 if (rc != DMABUF_STATUS_OK) {
900 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
901 goto error_remove_sg;
902 }
903 rc = PEC_SGList_Write(SrcSGListHandle, i, sg_handle, len);
904 if (rc != PEC_STATUS_OK)
905 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
906
907 totlen_src -= len;
908 if (!totlen_src)
909 break;
910 }
911
912 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
913 if (rc != PEC_STATUS_OK) {
914 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
915 goto error_remove_sg;
916 }
917
918 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
919 int len = sg_dma_len(sg);
920 DMABuf_Handle_t sg_handle;
921 DMABuf_HostAddress_t host;
922
923 if (len > totlen_dst)
924 len = totlen_dst;
925
926 DMAProperties.Size = MAX(len, 1);
927 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
928 if (rc != DMABUF_STATUS_OK) {
929 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
930 goto error_remove_sg;
931 }
932 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
933
934 if (unlikely(!len))
935 break;
936 totlen_dst -= len;
937 }
938
939 if (params.CryptoMode == SAB_CRYPTO_MODE_CBC &&
940 mtk_req->direction == MTK_CRYPTO_DECRYPT)
941 sg_pcopy_to_buffer(src, mtk_req->nr_src, iv, ivsize, cryptlen - ivsize);
942
943 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
944 ZEROINIT(TokenParams);
945 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, cryptlen,
946 &TokenParams, (uint32_t *)TokenHostAddress.p,
947 &TokenWords, &TokenHeaderWord);
948 kfree(PktHostAddress.p);
949 if (rc != TKB_STATUS_OK) {
950 CRYPTO_ERR("Token builder failed: %d\n", rc);
951 goto error_remove_sg;
952 }
953
954 ZEROINIT(Cmd);
955 Cmd.Token_Handle = TokenHandle;
956 Cmd.Token_WordCount = TokenWords;
957 Cmd.SrcPkt_Handle = SrcSGListHandle;
958 Cmd.SrcPkt_ByteCount = cryptlen;
959 Cmd.DstPkt_Handle = DstSGListHandle;
960 Cmd.SA_Handle1 = SAHandle;
961 Cmd.SA_Handle2 = DMABuf_NULLHandle;
962
963#if defined(CRYPTO_IOTOKEN_EXT)
964 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
965#endif
966 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
967
968 if (!crypto_iotoken_create(&InTokenDscr,
969 InTokenDscrExt_p,
970 InputToken,
971 &Cmd)) {
972 rc = 1;
973 goto error_remove_sg;
974 }
975
976 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
977 if (rc != PEC_STATUS_OK && count != 1) {
978 rc = 1;
979 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
980 goto error_remove_sg;
981 }
982
983 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
984 if (!result) {
985 rc = 1;
986 CRYPTO_ERR("No memory for result\n");
987 goto error_remove_sg;
988 }
989 INIT_LIST_HEAD(&result->list);
990 result->eip.sa = SAHandle.p;
991 result->eip.token = TokenHandle.p;
992 result->eip.token_context = TCRData;
993 result->eip.pkt_handle = SrcSGListHandle.p;
994 result->async = async;
995 result->dst = DstSGListHandle.p;
996
997 spin_lock_bh(&add_lock);
998 list_add_tail(&result->list, &result_list);
999 spin_unlock_bh(&add_lock);
1000 CBFunc = mtk_crypto_interrupt_handler;
1001 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1002 if (rc != PEC_STATUS_OK) {
1003 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1004 goto error_remove_sg;
1005 }
1006 return 0;
1007
1008error_remove_sg:
1009 if (src == dst) {
1010 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
1011 } else {
1012 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
1013 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
1014 }
1015
1016 crypto_free_sglist(SrcSGListHandle.p);
1017 crypto_free_sglist(DstSGListHandle.p);
1018
1019 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1020 DMABuf_NULLHandle);
1021
1022error_exit:
1023 DMABuf_Release(SAHandle);
1024 DMABuf_Release(TokenHandle);
1025
1026 if (TCRData != NULL)
1027 kfree(TCRData);
1028
1029 return rc;
1030}
1031
1032SABuilder_Auth_t lookaside_match_hash(enum mtk_crypto_alg alg)
1033{
1034 switch (alg) {
1035 case MTK_CRYPTO_ALG_SHA1:
1036 return SAB_AUTH_HASH_SHA1;
1037 case MTK_CRYPTO_ALG_SHA224:
1038 return SAB_AUTH_HASH_SHA2_224;
1039 case MTK_CRYPTO_ALG_SHA256:
1040 return SAB_AUTH_HASH_SHA2_256;
1041 case MTK_CRYPTO_ALG_SHA384:
1042 return SAB_AUTH_HASH_SHA2_384;
1043 case MTK_CRYPTO_ALG_SHA512:
1044 return SAB_AUTH_HASH_SHA2_512;
1045 case MTK_CRYPTO_ALG_MD5:
1046 return SAB_AUTH_HASH_MD5;
1047 case MTK_CRYPTO_ALG_XCBC:
1048 return SAB_AUTH_AES_XCBC_MAC;
1049 case MTK_CRYPTO_ALG_CMAC_128:
1050 return SAB_AUTH_AES_CMAC_128;
1051 case MTK_CRYPTO_ALG_CMAC_192:
1052 return SAB_AUTH_AES_CMAC_192;
1053 case MTK_CRYPTO_ALG_CMAC_256:
1054 return SAB_AUTH_AES_CMAC_256;
1055 default:
1056 return SAB_AUTH_NULL;
1057 }
1058}
1059
1060int crypto_ahash_token_req(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1061 uint8_t *Input_p, unsigned int InputByteCount, bool finish)
1062{
1063 struct mtk_crypto_result *result;
1064
1065 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1066 DMABuf_HostAddress_t TokenHostAddress;
1067 DMABuf_HostAddress_t PktHostAddress;
1068 DMABuf_Status_t DMAStatus;
1069
1070 DMABuf_Handle_t TokenHandle = {0};
1071 DMABuf_Handle_t PktHandle = {0};
1072 DMABuf_Handle_t SAHandle = {0};
1073
1074 unsigned int TokenMaxWords = 0;
1075 unsigned int TokenHeaderWord;
1076 unsigned int TokenWords = 0;
1077 void *TCRData = 0;
1078
1079 TokenBuilder_Params_t TokenParams;
1080 PEC_CommandDescriptor_t Cmd;
1081 PEC_NotifyFunction_t CBFunc;
1082
1083 unsigned int count;
1084 int rc;
1085
1086 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1087 IOToken_Output_Dscr_t OutTokenDscr;
1088 IOToken_Input_Dscr_t InTokenDscr;
1089 void *InTokenDscrExt_p = NULL;
1090
1091#ifdef CRYPTO_IOTOKEN_EXT
1092 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1093
1094 ZEROINIT(InTokenDscrExt);
1095 InTokenDscrExt_p = &InTokenDscrExt;
1096#endif
1097 ZEROINIT(InTokenDscr);
1098 ZEROINIT(OutTokenDscr);
1099
1100 TCRData = mtk_req->token_context;
1101 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1102 if (rc) {
1103 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1104 goto error_exit;
1105 }
1106
1107 DMAProperties.fCached = true;
1108 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1109 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1110 DMAProperties.Size = 4*TokenMaxWords;
1111
1112 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1113 if (DMAStatus != DMABUF_STATUS_OK) {
1114 rc = 1;
1115 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1116 goto error_exit;
1117 }
1118
1119 DMAProperties.fCached = true;
1120 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1121 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1122 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1123
1124 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1125 if (DMAStatus != DMABUF_STATUS_OK) {
1126 rc = 1;
1127 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1128 DMAStatus);
1129 goto error_exit;
1130 }
1131 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1132
1133 ZEROINIT(TokenParams);
1134 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHAPPEND;
1135 if (finish)
1136 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1137
1138 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1139 InputByteCount, &TokenParams,
1140 (u32 *) TokenHostAddress.p,
1141 &TokenWords, &TokenHeaderWord);
1142 if (rc != TKB_STATUS_OK) {
1143 CRYPTO_ERR("Token builder failed: %d\n", rc);
1144 goto error_exit_unregister;
1145 }
1146
1147 SAHandle.p = mtk_req->sa_pointer;
1148 ZEROINIT(Cmd);
1149 Cmd.Token_Handle = TokenHandle;
1150 Cmd.Token_WordCount = TokenWords;
1151 Cmd.SrcPkt_Handle = PktHandle;
1152 Cmd.SrcPkt_ByteCount = InputByteCount;
1153 Cmd.DstPkt_Handle = PktHandle;
1154 Cmd.SA_Handle1 = SAHandle;
1155 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1156
1157#if defined(CRYPTO_IOTOKEN_EXT)
1158 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1159#endif
1160 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1161
1162 if (!crypto_iotoken_create(&InTokenDscr,
1163 InTokenDscrExt_p,
1164 InputToken,
1165 &Cmd)) {
1166 rc = 1;
1167 goto error_exit_unregister;
1168 }
1169
1170 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1171 if (rc != PEC_STATUS_OK && count != 1) {
1172 rc = 1;
1173 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1174 goto error_exit_unregister;
1175 }
1176
1177 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1178 if (!result) {
1179 rc = 1;
1180 CRYPTO_ERR("No memory for result\n");
1181 goto error_exit_unregister;
1182 }
1183 INIT_LIST_HEAD(&result->list);
1184 result->eip.token = TokenHandle.p;
1185 result->eip.pkt_handle = PktHandle.p;
1186 result->async = async;
1187 result->dst = PktHostAddress.p;
1188
1189 spin_lock_bh(&add_lock);
1190 list_add_tail(&result->list, &result_list);
1191 spin_unlock_bh(&add_lock);
1192 CBFunc = mtk_crypto_interrupt_handler;
1193 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1194
1195 return rc;
1196
1197error_exit_unregister:
1198 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1199 DMABuf_NULLHandle);
1200
1201error_exit:
1202 DMABuf_Release(SAHandle);
1203 DMABuf_Release(TokenHandle);
1204 DMABuf_Release(PktHandle);
1205
1206 if (TCRData != NULL)
1207 kfree(TCRData);
1208
1209 return rc;
1210}
1211
1212int crypto_ahash_aes_cbc(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1213 uint8_t *Input_p, unsigned int InputByteCount)
1214{
1215 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1216 struct mtk_crypto_result *result;
1217 SABuilder_Params_Basic_t ProtocolParams;
1218 SABuilder_Params_t params;
1219 unsigned int SAWords = 0;
1220 int rc;
1221
1222 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1223 DMABuf_HostAddress_t TokenHostAddress;
1224 DMABuf_HostAddress_t PktHostAddress;
1225 DMABuf_HostAddress_t SAHostAddress;
1226 DMABuf_Status_t DMAStatus;
1227
1228 DMABuf_Handle_t TokenHandle = {0};
1229 DMABuf_Handle_t PktHandle = {0};
1230 DMABuf_Handle_t SAHandle = {0};
1231
1232 unsigned int TokenMaxWords = 0;
1233 unsigned int TokenHeaderWord;
1234 unsigned int TokenWords = 0;
1235 unsigned int TCRWords = 0;
1236 void *TCRData = 0;
1237
1238 TokenBuilder_Params_t TokenParams;
1239 PEC_CommandDescriptor_t Cmd;
1240 PEC_NotifyFunction_t CBFunc;
1241
1242 unsigned int count;
1243 int i;
1244
1245 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1246 IOToken_Output_Dscr_t OutTokenDscr;
1247 IOToken_Input_Dscr_t InTokenDscr;
1248 void *InTokenDscrExt_p = NULL;
1249
1250#ifdef CRYPTO_IOTOKEN_EXT
1251 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1252
1253 ZEROINIT(InTokenDscrExt);
1254 InTokenDscrExt_p = &InTokenDscrExt;
1255#endif
1256 ZEROINIT(InTokenDscr);
1257 ZEROINIT(OutTokenDscr);
1258
1259 if (!IS_ALIGNED(InputByteCount, 16)) {
1260 pr_notice("not aligned: %d\n", InputByteCount);
1261 return -EINVAL;
1262 }
1263 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1264 if (rc) {
1265 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1266 goto error_exit;
1267 }
1268
1269 params.CryptoAlgo = SAB_CRYPTO_AES;
1270 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
1271 params.KeyByteCount = ctx->key_sz - 2 * AES_BLOCK_SIZE;
1272 params.Key_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1273 params.IVSrc = SAB_IV_SRC_SA;
1274 params.IV_p = (uint8_t *) mtk_req->state;
1275
1276 if (ctx->alg == MTK_CRYPTO_ALG_XCBC) {
1277 for (i = 0; i < params.KeyByteCount; i = i + 4) {
1278 swap(params.Key_p[i], params.Key_p[i+3]);
1279 swap(params.Key_p[i+1], params.Key_p[i+2]);
1280 }
1281 }
1282
1283 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1284 if (rc) {
1285 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1286 goto error_exit;
1287 }
1288
1289 DMAProperties.fCached = true;
1290 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1291 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1292 DMAProperties.Size = MAX(4*SAWords, 256);
1293
1294 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1295 if (DMAStatus != DMABUF_STATUS_OK) {
1296 rc = 1;
1297 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1298 goto error_exit;
1299 }
1300
1301 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1302 if (rc) {
1303 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1304 goto error_exit;
1305 }
1306
1307 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1308 if (rc) {
1309 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1310 goto error_exit;
1311 }
1312
1313 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1314 if (!TCRData) {
1315 rc = 1;
1316 CRYPTO_ERR("Allocation of TCR failed\n");
1317 goto error_exit;
1318 }
1319
1320 rc = TokenBuilder_BuildContext(&params, TCRData);
1321 if (rc) {
1322 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1323 goto error_exit;
1324 }
1325
1326 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1327 if (rc) {
1328 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1329 goto error_exit;
1330 }
1331
1332 DMAProperties.fCached = true;
1333 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1334 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1335 DMAProperties.Size = 4*TokenMaxWords;
1336
1337 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1338 if (DMAStatus != DMABUF_STATUS_OK) {
1339 rc = 1;
1340 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1341 goto error_exit;
1342 }
1343
1344 DMAProperties.fCached = true;
1345 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1346 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1347 DMAProperties.Size = MAX(InputByteCount, 1);
1348
1349 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1350 if (DMAStatus != DMABUF_STATUS_OK) {
1351 rc = 1;
1352 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n", DMAStatus);
1353 goto error_exit;
1354 }
1355
1356 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1357 DMABuf_NULLHandle);
1358 if (rc != PEC_STATUS_OK) {
1359 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1360 goto error_exit;
1361 }
1362
1363 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1364
1365 ZEROINIT(TokenParams);
1366 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *) PktHostAddress.p, InputByteCount,
1367 &TokenParams, (uint32_t *) TokenHostAddress.p,
1368 &TokenWords, &TokenHeaderWord);
1369 if (rc != TKB_STATUS_OK) {
1370 CRYPTO_ERR("Token builder failed: %d\n", rc);
1371 goto error_exit_unregister;
1372 }
1373
1374 ZEROINIT(Cmd);
1375 Cmd.Token_Handle = TokenHandle;
1376 Cmd.Token_WordCount = TokenWords;
1377 Cmd.SrcPkt_Handle = PktHandle;
1378 Cmd.SrcPkt_ByteCount = InputByteCount;
1379 Cmd.DstPkt_Handle = PktHandle;
1380 Cmd.SA_Handle1 = SAHandle;
1381 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1382
1383#if defined(CRYPTO_IOTOKEN_EXT)
1384 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1385#endif
1386 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1387
1388 if (!crypto_iotoken_create(&InTokenDscr,
1389 InTokenDscrExt_p,
1390 InputToken,
1391 &Cmd)) {
1392 rc = 1;
1393 goto error_exit_unregister;
1394 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1395
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1396 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1397 if (rc != PEC_STATUS_OK && count != 1) {
1398 rc = 1;
1399 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1400 goto error_exit_unregister;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1401 }
1402
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1403 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1404 if (!result) {
1405 rc = 1;
1406 CRYPTO_ERR("No memory for result\n");
1407 goto error_exit_unregister;
1408 }
1409 INIT_LIST_HEAD(&result->list);
1410 result->eip.sa = SAHandle.p;
1411 result->eip.token = TokenHandle.p;
1412 result->eip.token_context = TCRData;
1413 result->eip.pkt_handle = PktHandle.p;
1414 result->async = async;
1415 result->dst = PktHostAddress.p;
1416 result->size = InputByteCount;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1417
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1418 spin_lock_bh(&add_lock);
1419 list_add_tail(&result->list, &result_list);
1420 spin_unlock_bh(&add_lock);
1421
1422 CBFunc = mtk_crypto_interrupt_handler;
1423 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1424 if (rc != PEC_STATUS_OK) {
1425 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1426 goto error_exit_unregister;
1427 }
1428 return 0;
1429
1430error_exit_unregister:
1431 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1432 DMABuf_NULLHandle);
1433
1434error_exit:
1435 DMABuf_Release(SAHandle);
1436 DMABuf_Release(TokenHandle);
1437 DMABuf_Release(PktHandle);
1438
1439 if (TCRData != NULL)
1440 kfree(TCRData);
1441
1442 return rc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1443}
1444
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1445int crypto_first_ahash_req(struct crypto_async_request *async,
1446 struct mtk_crypto_ahash_req *mtk_req, uint8_t *Input_p,
1447 unsigned int InputByteCount, bool finish)
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1448{
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1449 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1450 struct mtk_crypto_result *result;
1451 SABuilder_Params_Basic_t ProtocolParams;
1452 SABuilder_Params_t params;
1453 unsigned int SAWords = 0;
1454 static uint8_t DummyAuthKey[64];
1455 int rc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1456
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1457 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1458 DMABuf_HostAddress_t TokenHostAddress;
1459 DMABuf_HostAddress_t PktHostAddress;
1460 DMABuf_HostAddress_t SAHostAddress;
1461 DMABuf_Status_t DMAStatus;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1462
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1463 DMABuf_Handle_t TokenHandle = {0};
1464 DMABuf_Handle_t PktHandle = {0};
1465 DMABuf_Handle_t SAHandle = {0};
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1466
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1467 unsigned int TokenMaxWords = 0;
1468 unsigned int TokenHeaderWord;
1469 unsigned int TokenWords = 0;
1470 unsigned int TCRWords = 0;
1471 void *TCRData = 0;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1472
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1473 TokenBuilder_Params_t TokenParams;
1474 PEC_CommandDescriptor_t Cmd;
1475 PEC_NotifyFunction_t CBFunc;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1476
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1477 unsigned int count;
1478 int i;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1479
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1480 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1481 IOToken_Output_Dscr_t OutTokenDscr;
1482 IOToken_Input_Dscr_t InTokenDscr;
1483 void *InTokenDscrExt_p = NULL;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1484
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1485#ifdef CRYPTO_IOTOKEN_EXT
1486 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1487
1488 ZEROINIT(InTokenDscrExt);
1489 InTokenDscrExt_p = &InTokenDscrExt;
1490#endif
1491 ZEROINIT(InTokenDscr);
1492 ZEROINIT(OutTokenDscr);
1493
1494 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1495 if (rc) {
1496 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1497 goto error_exit;
1498 }
1499
1500 params.IV_p = (uint8_t *) ctx->ipad;
1501 params.AuthAlgo = lookaside_match_hash(ctx->alg);
1502 params.AuthKey1_p = DummyAuthKey;
1503 if (params.AuthAlgo == SAB_AUTH_AES_XCBC_MAC) {
1504 params.AuthKey1_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1505 params.AuthKey2_p = (uint8_t *) ctx->ipad;
1506 params.AuthKey3_p = (uint8_t *) ctx->ipad + AES_BLOCK_SIZE;
1507
1508 for (i = 0; i < AES_BLOCK_SIZE; i = i + 4) {
1509 swap(params.AuthKey1_p[i], params.AuthKey1_p[i+3]);
1510 swap(params.AuthKey1_p[i+1], params.AuthKey1_p[i+2]);
1511
1512 swap(params.AuthKey2_p[i], params.AuthKey2_p[i+3]);
1513 swap(params.AuthKey2_p[i+1], params.AuthKey2_p[i+2]);
1514
1515 swap(params.AuthKey3_p[i], params.AuthKey3_p[i+3]);
1516 swap(params.AuthKey3_p[i+1], params.AuthKey3_p[i+2]);
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1517 }
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1518 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1519
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1520 if (!finish)
1521 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1522
1523 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1524 ProtocolParams.ICVByteCount = mtk_req->digest_sz;
1525
1526 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1527 if (rc) {
1528 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1529 goto error_exit;
1530 }
1531
1532 DMAProperties.fCached = true;
1533 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1534 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1535 DMAProperties.Size = MAX(4*SAWords, 256);
1536
1537 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1538 if (DMAStatus != DMABUF_STATUS_OK) {
1539 rc = 1;
1540 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1541 goto error_exit;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1542 }
1543
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1544 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1545 if (rc) {
1546 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1547 goto error_exit;
1548 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1549
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1550 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1551 if (rc) {
1552 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1553 goto error_exit;
1554 }
1555
1556 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1557 if (!TCRData) {
1558 rc = 1;
1559 CRYPTO_ERR("Allocation of TCR failed\n");
1560 goto error_exit;
1561 }
1562
1563 rc = TokenBuilder_BuildContext(&params, TCRData);
1564 if (rc) {
1565 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1566 goto error_exit;
1567 }
1568 mtk_req->token_context = TCRData;
1569
1570 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1571 if (rc) {
1572 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1573 goto error_exit;
1574 }
1575
1576 DMAProperties.fCached = true;
1577 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1578 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1579 DMAProperties.Size = 4*TokenMaxWords;
1580
1581 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1582 if (DMAStatus != DMABUF_STATUS_OK) {
1583 rc = 1;
1584 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1585 goto error_exit;
1586 }
1587
1588 DMAProperties.fCached = true;
1589 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1590 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1591 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1592
1593 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1594 if (DMAStatus != DMABUF_STATUS_OK) {
1595 rc = 1;
1596 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1597 DMAStatus);
1598 goto error_exit;
1599 }
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1600
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1601 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1602 DMABuf_NULLHandle);
1603 if (rc != PEC_STATUS_OK) {
1604 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1605 goto error_exit;
1606 }
1607 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1608
1609 ZEROINIT(TokenParams);
1610 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1611 | TKB_PACKET_FLAG_HASHAPPEND);
1612 if (finish)
1613 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1614
1615 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1616 InputByteCount, &TokenParams,
1617 (u32 *) TokenHostAddress.p,
1618 &TokenWords, &TokenHeaderWord);
1619 if (rc != TKB_STATUS_OK) {
1620 CRYPTO_ERR("Token builder failed: %d\n", rc);
1621 goto error_exit_unregister;
1622 }
1623
1624 ZEROINIT(Cmd);
1625 Cmd.Token_Handle = TokenHandle;
1626 Cmd.Token_WordCount = TokenWords;
1627 Cmd.SrcPkt_Handle = PktHandle;
1628 Cmd.SrcPkt_ByteCount = InputByteCount;
1629 Cmd.DstPkt_Handle = PktHandle;
1630 Cmd.SA_Handle1 = SAHandle;
1631 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1632
1633 mtk_req->sa_pointer = SAHandle.p;
1634
1635#if defined(CRYPTO_IOTOKEN_EXT)
1636 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1637#endif
1638 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1639
1640 if (!crypto_iotoken_create(&InTokenDscr,
1641 InTokenDscrExt_p,
1642 InputToken,
1643 &Cmd)) {
1644 rc = 1;
1645 goto error_exit_unregister;
1646 }
1647
1648 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1649 if (rc != PEC_STATUS_OK && count != 1) {
1650 rc = 1;
1651 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1652 goto error_exit_unregister;
1653 }
1654
1655 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1656 if (!result) {
1657 rc = 1;
1658 CRYPTO_ERR("No memory for result\n");
1659 goto error_exit_unregister;
1660 }
1661 INIT_LIST_HEAD(&result->list);
1662 result->eip.token = TokenHandle.p;
1663 result->eip.pkt_handle = PktHandle.p;
1664 result->async = async;
1665 result->dst = PktHostAddress.p;
1666
1667 spin_lock_bh(&add_lock);
1668 list_add_tail(&result->list, &result_list);
1669 spin_unlock_bh(&add_lock);
1670 CBFunc = mtk_crypto_interrupt_handler;
1671 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1672
1673 return rc;
1674
1675error_exit_unregister:
1676 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1677 DMABuf_NULLHandle);
1678
1679error_exit:
1680 DMABuf_Release(SAHandle);
1681 DMABuf_Release(TokenHandle);
1682 DMABuf_Release(PktHandle);
1683
1684 if (TCRData != NULL)
1685 kfree(TCRData);
1686
1687 return rc;
1688}
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1689
1690bool crypto_basic_hash(SABuilder_Auth_t HashAlgo, uint8_t *Input_p,
1691 unsigned int InputByteCount, uint8_t *Output_p,
1692 unsigned int OutputByteCount, bool fFinalize)
1693{
1694 SABuilder_Params_Basic_t ProtocolParams;
1695 SABuilder_Params_t params;
1696 unsigned int SAWords = 0;
1697 static uint8_t DummyAuthKey[64];
1698 int rc;
1699
1700 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1701 DMABuf_HostAddress_t TokenHostAddress;
1702 DMABuf_HostAddress_t PktHostAddress;
1703 DMABuf_HostAddress_t SAHostAddress;
1704 DMABuf_Status_t DMAStatus;
1705
1706 DMABuf_Handle_t TokenHandle = {0};
1707 DMABuf_Handle_t PktHandle = {0};
1708 DMABuf_Handle_t SAHandle = {0};
1709
1710 unsigned int TokenMaxWords = 0;
1711 unsigned int TokenHeaderWord;
1712 unsigned int TokenWords = 0;
1713 unsigned int TCRWords = 0;
1714 void *TCRData = 0;
1715
1716 TokenBuilder_Params_t TokenParams;
1717 PEC_CommandDescriptor_t Cmd;
1718 PEC_ResultDescriptor_t Res;
1719 unsigned int count;
1720
1721 u32 OutputToken[IOTOKEN_IN_WORD_COUNT];
1722 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1723 IOToken_Output_Dscr_t OutTokenDscr;
1724 IOToken_Input_Dscr_t InTokenDscr;
1725 void *InTokenDscrExt_p = NULL;
1726
1727#ifdef CRYPTO_IOTOKEN_EXT
1728 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1729
1730 ZEROINIT(InTokenDscrExt);
1731 InTokenDscrExt_p = &InTokenDscrExt;
1732#endif
1733 ZEROINIT(InTokenDscr);
1734 ZEROINIT(OutTokenDscr);
1735
1736 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1737 if (rc) {
1738 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1739 goto error_exit;
1740 }
1741
1742 params.AuthAlgo = HashAlgo;
1743 params.AuthKey1_p = DummyAuthKey;
1744
1745 if (!fFinalize)
1746 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1747 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1748 ProtocolParams.ICVByteCount = OutputByteCount;
1749
1750 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1751 if (rc) {
1752 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1753 goto error_exit;
1754 }
1755
1756 DMAProperties.fCached = true;
1757 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1758 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1759 DMAProperties.Size = MAX(4*SAWords, 256);
1760
1761 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1762 if (DMAStatus != DMABUF_STATUS_OK) {
1763 rc = 1;
1764 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1765 goto error_exit;
1766 }
1767
1768 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1769 if (rc) {
1770 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1771 goto error_exit;
1772 }
1773
1774 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1775 if (rc) {
1776 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1777 goto error_exit;
1778 }
1779
1780 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1781 if (!TCRData) {
1782 rc = 1;
1783 CRYPTO_ERR("Allocation of TCR failed\n");
1784 goto error_exit;
1785 }
1786
1787 rc = TokenBuilder_BuildContext(&params, TCRData);
1788 if (rc) {
1789 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1790 goto error_exit;
1791 }
1792
1793 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1794 if (rc) {
1795 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1796 goto error_exit;
1797 }
1798
1799 DMAProperties.fCached = true;
1800 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1801 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1802 DMAProperties.Size = 4*TokenMaxWords;
1803
1804 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1805 if (DMAStatus != DMABUF_STATUS_OK) {
1806 rc = 1;
1807 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1808 goto error_exit;
1809 }
1810
1811 DMAProperties.fCached = true;
1812 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1813 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1814 DMAProperties.Size = MAX(InputByteCount, OutputByteCount);
1815
1816 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1817 if (DMAStatus != DMABUF_STATUS_OK) {
1818 rc = 1;
1819 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1820 DMAStatus);
1821 goto error_exit;
1822 }
1823
1824 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1825 DMABuf_NULLHandle);
1826 if (rc != PEC_STATUS_OK) {
1827 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1828 goto error_exit;
1829 }
1830
1831 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1832
1833 ZEROINIT(TokenParams);
1834 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1835 | TKB_PACKET_FLAG_HASHAPPEND);
1836 if (fFinalize)
1837 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1838
1839 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1840 InputByteCount, &TokenParams,
1841 (u32 *) TokenHostAddress.p,
1842 &TokenWords, &TokenHeaderWord);
1843 if (rc != TKB_STATUS_OK) {
1844 CRYPTO_ERR("Token builder failed: %d\n", rc);
1845 goto error_exit_unregister;
1846 }
1847
1848 ZEROINIT(Cmd);
1849 Cmd.Token_Handle = TokenHandle;
1850 Cmd.Token_WordCount = TokenWords;
1851 Cmd.SrcPkt_Handle = PktHandle;
1852 Cmd.SrcPkt_ByteCount = InputByteCount;
1853 Cmd.DstPkt_Handle = PktHandle;
1854 Cmd.SA_Handle1 = SAHandle;
1855 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1856
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1857#if defined(CRYPTO_IOTOKEN_EXT)
1858 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1859#endif
1860 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1861
1862 if (!crypto_iotoken_create(&InTokenDscr,
1863 InTokenDscrExt_p,
1864 InputToken,
1865 &Cmd)) {
1866 rc = 1;
1867 goto error_exit_unregister;
1868 }
1869
1870 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1871 if (rc != PEC_STATUS_OK && count != 1) {
1872 rc = 1;
1873 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1874 goto error_exit_unregister;
1875 }
1876
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1877 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1878 rc = 1;
developerebe38fd2024-03-22 14:36:06 +0800[diff] [blame]1879 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]1880 goto error_exit_unregister;
1881 }
1882 memcpy(Output_p, PktHostAddress.p, OutputByteCount);
1883
1884error_exit_unregister:
1885 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1886 DMABuf_NULLHandle);
1887
1888error_exit:
1889 DMABuf_Release(SAHandle);
1890 DMABuf_Release(TokenHandle);
1891 DMABuf_Release(PktHandle);
1892
1893 if (TCRData != NULL)
1894 kfree(TCRData);
1895
1896 return rc == 0;
1897}
1898
1899bool crypto_hmac_precompute(SABuilder_Auth_t AuthAlgo,
1900 uint8_t *AuthKey_p,
1901 unsigned int AuthKeyByteCount,
1902 uint8_t *Inner_p,
1903 uint8_t *Outer_p)
1904{
1905 SABuilder_Auth_t HashAlgo;
1906 unsigned int blocksize, hashsize, digestsize;
1907 static uint8_t pad_block[128], hashed_key[128];
1908 unsigned int i;
1909
1910 switch (AuthAlgo) {
1911 case SAB_AUTH_HMAC_MD5:
1912 HashAlgo = SAB_AUTH_HASH_MD5;
1913 blocksize = 64;
1914 hashsize = 16;
1915 digestsize = 16;
1916 break;
1917 case SAB_AUTH_HMAC_SHA1:
1918 HashAlgo = SAB_AUTH_HASH_SHA1;
1919 blocksize = 64;
1920 hashsize = 20;
1921 digestsize = 20;
1922 break;
1923 case SAB_AUTH_HMAC_SHA2_224:
1924 HashAlgo = SAB_AUTH_HASH_SHA2_224;
1925 blocksize = 64;
1926 hashsize = 28;
1927 digestsize = 32;
1928 break;
1929 case SAB_AUTH_HMAC_SHA2_256:
1930 HashAlgo = SAB_AUTH_HASH_SHA2_256;
1931 blocksize = 64;
1932 hashsize = 32;
1933 digestsize = 32;
1934 break;
1935 case SAB_AUTH_HMAC_SHA2_384:
1936 HashAlgo = SAB_AUTH_HASH_SHA2_384;
1937 blocksize = 128;
1938 hashsize = 48;
1939 digestsize = 64;
1940 break;
1941 case SAB_AUTH_HMAC_SHA2_512:
1942 HashAlgo = SAB_AUTH_HASH_SHA2_512;
1943 blocksize = 128;
1944 hashsize = 64;
1945 digestsize = 64;
1946 break;
1947 default:
1948 CRYPTO_ERR("Unknown HMAC algorithm\n");
1949 return false;
1950 }
1951
1952 memset(hashed_key, 0, blocksize);
1953 if (AuthKeyByteCount <= blocksize) {
1954 memcpy(hashed_key, AuthKey_p, AuthKeyByteCount);
1955 } else {
1956 if (!crypto_basic_hash(HashAlgo, AuthKey_p, AuthKeyByteCount,
1957 hashed_key, hashsize, true))
1958 return false;
1959 }
1960
1961 for (i = 0; i < blocksize; i++)
1962 pad_block[i] = hashed_key[i] ^ 0x36;
1963
1964 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1965 Inner_p, digestsize, false))
1966 return false;
1967
1968 for (i = 0; i < blocksize; i++)
1969 pad_block[i] = hashed_key[i] ^ 0x5c;
1970
1971 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1972 Outer_p, digestsize, false))
1973 return false;
1974
1975 return true;
1976}
1977
1978static SABuilder_Crypto_t set_crypto_algo(struct xfrm_algo *ealg)
1979{
1980 if (strcmp(ealg->alg_name, "cbc(des)") == 0)
1981 return SAB_CRYPTO_DES;
1982 else if (strcmp(ealg->alg_name, "cbc(aes)") == 0)
1983 return SAB_CRYPTO_AES;
1984 else if (strcmp(ealg->alg_name, "cbc(des3_ede)") == 0)
1985 return SAB_CRYPTO_3DES;
1986
1987 return SAB_CRYPTO_NULL;
1988}
1989
1990static bool set_auth_algo(struct xfrm_algo_auth *aalg, SABuilder_Params_t *params,
1991 uint8_t *inner, uint8_t *outer)
1992{
1993 if (strcmp(aalg->alg_name, "hmac(sha1)") == 0) {
1994 params->AuthAlgo = SAB_AUTH_HMAC_SHA1;
1995 inner = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
1996 outer = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
1997 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA1, &aalg->alg_key[0],
1998 aalg->alg_key_len / 8, inner, outer);
1999
2000 params->AuthKey1_p = inner;
2001 params->AuthKey2_p = outer;
2002 } else if (strcmp(aalg->alg_name, "hmac(sha256)") == 0) {
2003 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2004 inner = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2005 outer = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2006 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_256, &aalg->alg_key[0],
2007 aalg->alg_key_len / 8, inner, outer);
2008 params->AuthKey1_p = inner;
2009 params->AuthKey2_p = outer;
2010 } else if (strcmp(aalg->alg_name, "hmac(sha384)") == 0) {
2011 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_384;
2012 inner = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2013 outer = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2014 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_384, &aalg->alg_key[0],
2015 aalg->alg_key_len / 8, inner, outer);
2016 params->AuthKey1_p = inner;
2017 params->AuthKey2_p = outer;
2018 } else if (strcmp(aalg->alg_name, "hmac(sha512)") == 0) {
2019 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_512;
2020 inner = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2021 outer = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2022 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_512, &aalg->alg_key[0],
2023 aalg->alg_key_len / 8, inner, outer);
2024 params->AuthKey1_p = inner;
2025 params->AuthKey2_p = outer;
2026 } else if (strcmp(aalg->alg_name, "hmac(md5)") == 0) {
2027 params->AuthAlgo = SAB_AUTH_HMAC_MD5;
2028 inner = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2029 outer = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2030 crypto_hmac_precompute(SAB_AUTH_HMAC_MD5, &aalg->alg_key[0],
2031 aalg->alg_key_len / 8, inner, outer);
2032 params->AuthKey1_p = inner;
2033 params->AuthKey2_p = outer;
2034 } else {
2035 return false;
2036 }
2037
2038 return true;
2039}
2040
2041u32 *mtk_ddk_tr_ipsec_build(struct mtk_xfrm_params *xfrm_params, u32 ipsec_mode)
2042{
2043 struct xfrm_state *xs = xfrm_params->xs;
2044 SABuilder_Params_IPsec_t ipsec_params;
2045 SABuilder_Status_t sa_status;
2046 SABuilder_Params_t params;
2047 bool set_auth_success = false;
2048 unsigned int SAWords = 0;
2049 uint8_t *inner, *outer;
2050
2051 DMABuf_Status_t dma_status;
2052 DMABuf_Properties_t dma_properties = {0, 0, 0, 0};
2053 DMABuf_HostAddress_t sa_host_addr;
2054
2055 DMABuf_Handle_t sa_handle = {0};
2056
2057 sa_status = SABuilder_Init_ESP(&params,
2058 &ipsec_params,
2059 be32_to_cpu(xs->id.spi),
2060 ipsec_mode,
2061 SAB_IPSEC_IPV4,
2062 xfrm_params->dir);
2063
2064 if (sa_status != SAB_STATUS_OK) {
2065 pr_err("SABuilder_Init_ESP failed\n");
2066 sa_handle.p = NULL;
2067 return (u32 *) sa_handle.p;
2068 }
2069
developer584d7e52023-12-13 19:28:49 +0800[diff] [blame]2070 /* No support for aead now */
2071 if (xs->aead) {
2072 CRYPTO_ERR("AEAD not supported\n");
2073 sa_handle.p = NULL;
2074 return (u32 *) sa_handle.p;
2075 }
2076
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2077 /* Add crypto key and parameters */
2078 params.CryptoAlgo = set_crypto_algo(xs->ealg);
2079 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2080 params.KeyByteCount = xs->ealg->alg_key_len / 8;
2081 params.Key_p = xs->ealg->alg_key;
2082
2083 /* Add authentication key and parameters */
2084 set_auth_success = set_auth_algo(xs->aalg, &params, inner, outer);
2085 if (set_auth_success != true) {
2086 CRYPTO_ERR("Set Auth Algo failed\n");
2087 sa_handle.p = NULL;
2088 return (u32 *) sa_handle.p;
2089 }
2090
2091 ipsec_params.IPsecFlags |= (SAB_IPSEC_PROCESS_IP_HEADERS
2092 | SAB_IPSEC_EXT_PROCESSING);
2093 if (ipsec_mode == SAB_IPSEC_TUNNEL) {
2094 ipsec_params.SrcIPAddr_p = (uint8_t *) &xs->props.saddr.a4;
2095 ipsec_params.DestIPAddr_p = (uint8_t *) &xs->id.daddr.a4;
2096 }
2097
2098 sa_status = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2099 if (sa_status != SAB_STATUS_OK) {
2100 CRYPTO_ERR("SA not created because of size errors\n");
2101 sa_handle.p = NULL;
2102 return (u32 *) sa_handle.p;
2103 }
2104
2105 dma_properties.fCached = true;
2106 dma_properties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2107 dma_properties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2108 dma_properties.Size = SAWords * sizeof(u32);
2109
2110 dma_status = DMABuf_Alloc(dma_properties, &sa_host_addr, &sa_handle);
2111 if (dma_status != DMABUF_STATUS_OK) {
2112 CRYPTO_ERR("Allocation of SA failed\n");
2113 /* goto error_exit; */
2114 sa_handle.p = NULL;
2115 return (u32 *) sa_handle.p;
2116 }
2117
2118 sa_status = SABuilder_BuildSA(&params, (u32 *) sa_host_addr.p, NULL, NULL);
2119 if (sa_status != SAB_STATUS_OK) {
2120 CRYPTO_ERR("SA not created because of errors\n");
2121 sa_handle.p = NULL;
2122 return (u32 *) sa_handle.p;
2123 }
2124
2125 kfree(inner);
2126 kfree(outer);
2127 return (u32 *) sa_host_addr.p;
2128}
2129
2130int mtk_ddk_pec_init(void)
2131{
2132 PEC_InitBlock_t pec_init_blk = {0, 0, false};
2133 PEC_Capabilities_t pec_cap;
2134 PEC_Status_t pec_sta;
2135 u32 i = MTK_EIP197_INLINE_NOF_TRIES;
developer49489b82024-03-28 15:18:08 +0800[diff] [blame^]2136#ifdef PEC_PCL_EIP197
2137 PCL_Status_t pcl_sta;
2138#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2139
developer49489b82024-03-28 15:18:08 +0800[diff] [blame^]2140#ifdef PEC_PCL_EIP197
2141 pcl_sta = PCL_Init(PCL_INTERFACE_ID, 1);
2142 if (pcl_sta != PCL_STATUS_OK) {
2143 CRYPTO_ERR("PCL could not be initialized, error=%d\n", pcl_sta);
2144 return 0;
2145 }
2146
2147 pcl_sta = PCL_DTL_Init(PCL_INTERFACE_ID);
2148 if (pcl_sta != PCL_STATUS_OK) {
2149 CRYPTO_ERR("PCL-DTL could not be initialized, error=%d\n", pcl_sta);
2150 return -1;
2151 }
2152#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2153 while (i) {
2154 pec_sta = PEC_Init(PEC_INTERFACE_ID, &pec_init_blk);
2155 if (pec_sta == PEC_STATUS_OK) {
2156 CRYPTO_INFO("PEC_INIT ok!\n");
2157 break;
2158 } else if (pec_sta != PEC_STATUS_OK && pec_sta != PEC_STATUS_BUSY) {
2159 return pec_sta;
2160 }
2161
2162 mdelay(MTK_EIP197_INLINE_RETRY_DELAY_MS);
2163 i--;
2164 }
2165
2166 if (!i) {
2167 CRYPTO_ERR("PEC could not be initialized: %d\n", pec_sta);
2168 return pec_sta;
2169 }
2170
2171 pec_sta = PEC_Capabilities_Get(&pec_cap);
2172 if (pec_sta != PEC_STATUS_OK) {
2173 CRYPTO_ERR("PEC capability could not be obtained: %d\n", pec_sta);
developer49489b82024-03-28 15:18:08 +0800[diff] [blame^]2174#ifdef PEC_PCL_EIP197
2175 PCL_UnInit(PCL_INTERFACE_ID);
2176#endif
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]2177 return pec_sta;
2178 }
2179
2180 CRYPTO_INFO("PEC Capabilities: %s\n", pec_cap.szTextDescription);
2181
2182 return 0;
2183}
2184
2185void mtk_ddk_pec_deinit(void)
2186{
developer49489b82024-03-28 15:18:08 +0800[diff] [blame^]2187 unsigned int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
2188 PEC_Status_t PEC_Status;
2189
2190 while (LoopCounter > 0) {
2191 PEC_Status = PEC_UnInit(PEC_INTERFACE_ID);
2192 if (PEC_Status == PEC_STATUS_OK)
2193 break;
2194 else if (PEC_Status != PEC_STATUS_OK && PEC_Status != PEC_STATUS_BUSY) {
2195 CRYPTO_ERR("PEC could not be un-initialized, error=%d\n", PEC_Status);
2196 return;
2197 }
2198 // Wait for MTK_EIP197_INLINE_RETRY_DELAY_MS milliseconds
2199 udelay(MTK_EIP197_INLINE_RETRY_DELAY_MS * 1000);
2200 LoopCounter--;
2201 }
2202 // Check for timeout
2203 if (LoopCounter == 0) {
2204 CRYPTO_ERR("PEC could not be un-initialized, timeout\n");
2205 return;
2206 }
2207
2208#ifdef PEC_PCL_EIP197
2209 PCL_DTL_UnInit(PCL_INTERFACE_ID);
2210 PCL_UnInit(PCL_INTERFACE_ID);
2211#endif
2212}
2213
2214bool
2215mtk_ddk_aes_block_encrypt(uint8_t *Key_p,
2216 unsigned int KeyByteCount,
2217 uint8_t *InData_p,
2218 uint8_t *OutData_p)
2219{
2220 int rc;
2221 SABuilder_Params_t params;
2222 SABuilder_Params_Basic_t ProtocolParams;
2223 unsigned int SAWords = 0;
2224
2225 DMABuf_Status_t DMAStatus;
2226 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2227 DMABuf_HostAddress_t SAHostAddress;
2228 DMABuf_HostAddress_t TokenHostAddress;
2229 DMABuf_HostAddress_t PktHostAddress;
2230
2231 DMABuf_Handle_t SAHandle = {0};
2232 DMABuf_Handle_t TokenHandle = {0};
2233 DMABuf_Handle_t PktHandle = {0};
2234
2235 unsigned int TCRWords = 0;
2236 void *TCRData = 0;
2237 unsigned int TokenWords = 0;
2238 unsigned int TokenHeaderWord;
2239 unsigned int TokenMaxWords = 0;
2240
2241 TokenBuilder_Params_t TokenParams;
2242 PEC_CommandDescriptor_t Cmd;
2243 PEC_ResultDescriptor_t Res;
2244 unsigned int count;
2245
2246 IOToken_Input_Dscr_t InTokenDscr;
2247 IOToken_Output_Dscr_t OutTokenDscr;
2248 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
2249 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
2250 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2251 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2252
2253 ZEROINIT(InTokenDscrExt);
2254 ZEROINIT(OutTokenDscrExt);
2255
2256 ZEROINIT(InTokenDscr);
2257 ZEROINIT(OutTokenDscr);
2258
2259 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
2260 if (rc != 0) {
2261 CRYPTO_ERR("SABuilder_Init_Basic failed\n");
2262 goto error_exit;
2263 }
2264 // Add crypto key and parameters.
2265 params.CryptoAlgo = SAB_CRYPTO_AES;
2266 params.CryptoMode = SAB_CRYPTO_MODE_ECB;
2267 params.KeyByteCount = KeyByteCount;
2268 params.Key_p = Key_p;
2269
2270 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2271
2272 if (rc != 0) {
2273 CRYPTO_ERR("SA not created because of errors\n");
2274 goto error_exit;
2275 }
2276
2277 DMAProperties.fCached = true;
2278 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2279 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2280 DMAProperties.Size = 4*SAWords;
2281
2282 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
2283 if (DMAStatus != DMABUF_STATUS_OK) {
2284 rc = 1;
2285 CRYPTO_ERR("Allocation of SA failed\n");
2286 goto error_exit;
2287 }
2288
2289 rc = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2290
2291 if (rc != 0) {
2292 LOG_CRIT("SA not created because of errors\n");
2293 goto error_exit;
2294 }
2295
2296 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
2297
2298 if (rc != 0) {
2299 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors\n");
2300 goto error_exit;
2301 }
2302
2303 // The Token Context Record does not need to be allocated
2304 // in a DMA-safe buffer.
2305 TCRData = kcalloc(4*TCRWords, sizeof(uint8_t), GFP_KERNEL);
2306 if (!TCRData) {
2307 rc = 1;
2308 CRYPTO_ERR("Allocation of TCR failed\n");
2309 goto error_exit;
2310 }
2311
2312 rc = TokenBuilder_BuildContext(&params, TCRData);
2313
2314 if (rc != 0) {
2315 CRYPTO_ERR("TokenBuilder_BuildContext failed\n");
2316 goto error_exit;
2317 }
2318
2319 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
2320 if (rc != 0) {
2321 CRYPTO_ERR("TokenBuilder_GetSize failed\n");
2322 goto error_exit;
2323 }
2324
2325 // Allocate one buffer for the token and two packet buffers.
2326
2327 DMAProperties.fCached = true;
2328 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2329 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2330 DMAProperties.Size = 4*TokenMaxWords;
2331
2332 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
2333 if (DMAStatus != DMABUF_STATUS_OK) {
2334 rc = 1;
2335 CRYPTO_ERR("Allocation of token buffer failed.\n");
2336 goto error_exit;
2337 }
2338
2339 DMAProperties.fCached = true;
2340 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2341 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2342 DMAProperties.Size = 16;
2343
2344 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress,
2345 &PktHandle);
2346 if (DMAStatus != DMABUF_STATUS_OK) {
2347 rc = 1;
2348 CRYPTO_ERR("Allocation of source packet buffer failed.\n");
2349 goto error_exit;
2350 }
2351
2352 // Register the SA
2353 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2354 DMABuf_NULLHandle);
2355 if (rc != PEC_STATUS_OK) {
2356 CRYPTO_ERR("PEC_SA_Register failed\n");
2357 goto error_exit;
2358 }
2359
2360 // Copy input packet into source packet buffer.
2361 memcpy(PktHostAddress.p, InData_p, 16);
2362
2363 // Set Token Parameters if specified in test vector.
2364 ZEROINIT(TokenParams);
2365
2366
2367 // Prepare a token to process the packet.
2368 rc = TokenBuilder_BuildToken(TCRData,
2369 (uint8_t *)PktHostAddress.p,
2370 16,
2371 &TokenParams,
2372 (uint32_t *)TokenHostAddress.p,
2373 &TokenWords,
2374 &TokenHeaderWord);
2375 if (rc != TKB_STATUS_OK) {
2376 if (rc == TKB_BAD_PACKET)
2377 CRYPTO_ERR("Token not created because packet size is invalid\n");
2378 else
2379 CRYPTO_ERR("Token builder failed\n");
2380 goto error_exit_unregister;
2381 }
2382
2383 ZEROINIT(Cmd);
2384 Cmd.Token_Handle = TokenHandle;
2385 Cmd.Token_WordCount = TokenWords;
2386 Cmd.SrcPkt_Handle = PktHandle;
2387 Cmd.SrcPkt_ByteCount = 16;
2388 Cmd.DstPkt_Handle = PktHandle;
2389 Cmd.SA_Handle1 = SAHandle;
2390 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2391
2392 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
2393 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
2394
2395 if (!crypto_iotoken_create(&InTokenDscr,
2396 &InTokenDscrExt,
2397 InputToken,
2398 &Cmd)) {
2399 rc = 1;
2400 goto error_exit_unregister;
2401 }
2402
2403 rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2404 &Cmd,
2405 1,
2406 &count);
2407 if (rc != PEC_STATUS_OK && count != 1) {
2408 rc = 1;
2409 CRYPTO_ERR("PEC_Packet_Put error\n");
2410 goto error_exit_unregister;
2411 }
2412
2413 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2414 rc = 1;
2415 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
2416 goto error_exit_unregister;
2417 }
2418 memcpy(OutData_p, PktHostAddress.p, 16);
2419
2420
2421error_exit_unregister:
2422 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2423 DMABuf_NULLHandle);
2424
2425error_exit:
2426 DMABuf_Release(SAHandle);
2427 DMABuf_Release(TokenHandle);
2428 DMABuf_Release(PktHandle);
2429
2430 if (TCRData != NULL)
2431 kfree(TCRData);
2432
2433 return rc == 0;
2434
2435}
2436
2437bool
2438mtk_ddk_invalidate_rec(
2439 const DMABuf_Handle_t Rec_p,
2440 const bool IsTransform)
2441{
2442 PEC_Status_t PEC_Rc;
2443 PEC_CommandDescriptor_t Cmd;
2444 PEC_ResultDescriptor_t Res;
2445 unsigned int count;
2446 IOToken_Input_Dscr_t InTokenDscr;
2447 IOToken_Output_Dscr_t OutTokenDscr;
2448 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT_IL];
2449 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT_IL];
2450 void *InTokenDscrExt_p = NULL;
2451 void *OutTokenDscrExt_p = NULL;
2452 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2453 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2454
2455 ZEROINIT(InTokenDscrExt);
2456 InTokenDscrExt_p = &InTokenDscrExt;
2457 OutTokenDscrExt_p = &OutTokenDscrExt;
2458
2459 ZEROINIT(InTokenDscr);
2460
2461 // Fill in the command descriptor for the Invalidate command
2462 ZEROINIT(Cmd);
2463
2464 Cmd.SrcPkt_Handle = DMABuf_NULLHandle;
2465 Cmd.DstPkt_Handle = DMABuf_NULLHandle;
2466 Cmd.SA_Handle1 = Rec_p;
2467 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2468 Cmd.Token_Handle = DMABuf_NULLHandle;
2469 Cmd.SrcPkt_ByteCount = 0;
2470
2471#if defined(IOTOKEN_USE_HW_SERVICE)
2472 if (IsTransform)
2473 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_TR;
2474 else
2475 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_FR;
2476#endif
2477
2478 if (!crypto_iotoken_create(&InTokenDscr, InTokenDscrExt_p, InputToken, &Cmd))
2479 return false;
2480
2481 // Issue command
2482 PEC_Rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2483 &Cmd,
2484 1,
2485 &count);
2486 if (PEC_Rc != PEC_STATUS_OK || count != 1) {
2487 CRYPTO_ERR("%s: PEC_Packet_Put() error %d, count %d\n",
2488 __func__,
2489 PEC_Rc,
2490 count);
2491 return false;
2492 }
2493
2494 // Receive the result packet ... do we care about contents ?
2495 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2496 CRYPTO_ERR("%s: crypto_pe_busy_get_one() failed\n", __func__);
2497 return false;
2498 }
2499
2500 return true;
2501}
2502
2503bool mtk_capwap_dtls_offload(
2504 const bool fVerbose,
2505 const bool fCAPWAP,
2506 const bool fPktCfy,
2507 const bool fInline,
2508 const bool fContinuousScatter,
2509 struct DTLS_param *DTLSParam_p,
2510 struct DTLSResourceMgmt **DTLSResource)
2511{
2512 bool success = false;
2513 SABuilder_Status_t SAStatus;
2514 SABuilder_Params_t params;
2515 SABuilder_Params_SSLTLS_t SSLTLSParams;
2516 uint8_t Offset;
2517 uint16_t DTLSVersion;
2518 uint32_t SAWords = 0;
2519 bool fInlinePlain, fInlineCipher;
2520
2521 DMABuf_Status_t DMAStatus;
2522 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2523 DMABuf_HostAddress_t SAHostAddress;
2524
2525 static uint8_t Zero[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2526 uint8_t *InboundHKey = NULL;
2527 uint8_t *OutboundHKey = NULL;
2528 uint8_t *InnerDigest = NULL;
2529 uint8_t *OuterDigest = NULL;
2530
2531 PCL_Status_t PCL_Status;
2532 PCL_SelectorParams_t SelectorParams;
2533 PCL_DTL_TransformParams_t DTLTransformParams;
2534 PCL_TransformParams_t TransformParams;
2535 PCL_DTL_Hash_Handle_t SAHashHandle;
2536
2537
2538 struct DTLSResourceMgmt *DTLSResourceEntity_p = NULL;
2539
2540 DTLSResourceEntity_p = kmalloc(sizeof(struct DTLSResourceMgmt), GFP_KERNEL);
2541 if (DTLSResourceEntity_p == NULL) {
2542 CRYPTO_ERR("%s: kmalloc for DTLSResourceEntity failed\n", __func__);
2543 goto error_exit;
2544 }
2545 memset(DTLSResourceEntity_p, 0, sizeof(struct DTLSResourceMgmt));
2546
2547 if (fCAPWAP)
2548 CRYPTO_INFO("Preparing Transforms and DTL for DTLS-CAPWAP\n");
2549 else
2550 CRYPTO_INFO("Preparing Transforms and DTL for DTLS\n");
2551
2552 if (fVerbose)
2553 CRYPTO_INFO("*** fVerbose Preparing Transforms and DTL ***\n\n");
2554
2555 Offset = 14;
2556
2557 if (fInline) {
2558 if (fContinuousScatter) {
2559 /* inline + continuous scatter:
2560 Redirect outbound packets ring->inline
2561 Redirect inbound packets inline->ring
2562 */
2563 fInlinePlain = false;
2564 fInlineCipher = true;
2565 } else {
2566 fInlinePlain = true;
2567 fInlineCipher = true;
2568 }
2569 } else {
2570 fInlinePlain = false;
2571 fInlineCipher = false;
2572 }
2573
2574 // Prepare the Outbound SA
2575 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2576 DTLSVersion = SAB_DTLS_VERSION_1_0;
2577 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2578 DTLSVersion = SAB_DTLS_VERSION_1_2;
2579 else {
2580 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2581 DTLSParam_p->dtls_version);
2582 goto error_exit;
2583 }
2584
2585 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2586 // will initialize many parameters, next fill in more parameters, such
2587 // as cryptographic keys.
2588 SAStatus = SABuilder_Init_SSLTLS(&params,
2589 &SSLTLSParams,
2590 DTLSVersion,
2591 SAB_DIRECTION_OUTBOUND);
2592 if (SAStatus != SAB_STATUS_OK) {
2593 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2594 goto error_exit;
2595 }
2596
2597 /* Set DTLS-CAPWAP param from cmd handler */
2598 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2599 params.CryptoAlgo = SAB_CRYPTO_AES;
2600 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2601 params.KeyByteCount = 16;
2602 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2603 params.AuthKeyByteCount = 20;
2604 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2605 params.CryptoAlgo = SAB_CRYPTO_AES;
2606 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2607 params.KeyByteCount = 16;
2608 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2609 params.AuthKeyByteCount = 32;
2610 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2611 params.CryptoAlgo = SAB_CRYPTO_AES;
2612 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2613 params.KeyByteCount = 32;
2614 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2615 params.AuthKeyByteCount = 20;
2616 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2617 params.CryptoAlgo = SAB_CRYPTO_AES;
2618 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2619 params.KeyByteCount = 32;
2620 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2621 params.AuthKeyByteCount = 32;
2622 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2623 params.CryptoAlgo = SAB_CRYPTO_AES;
2624 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2625 params.AuthAlgo = SAB_AUTH_AES_GCM;
2626 if (DTLSParam_p->sec_mode == AES128_GCM)
2627 params.KeyByteCount = 16;
2628 else if (DTLSParam_p->sec_mode == AES256_GCM)
2629 params.KeyByteCount = 32;
2630
2631 params.Nonce_p = DTLSParam_p->dtls_encrypt_nonce;
2632
2633 OutboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2634 if (OutboundHKey == NULL) {
2635 CRYPTO_ERR("%s: kmalloc for OutboundHKey failed\n", __func__);
2636 goto error_exit;
2637 }
2638
2639 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_encrypt, 16, Zero, OutboundHKey);
2640 if (fVerbose)
2641 Log_HexDump("OutboundHKey", 0, OutboundHKey, 16);
2642 // Byte-swap the HKEY
2643 {
2644 uint8_t t;
2645 unsigned int i;
2646
2647 for (i = 0; i < 4; i++) {
2648 t = OutboundHKey[4*i+3];
2649 OutboundHKey[4*i+3] = OutboundHKey[4*i];
2650 OutboundHKey[4*i] = t;
2651 t = OutboundHKey[4*i+2];
2652 OutboundHKey[4*i+2] = OutboundHKey[4*i+1];
2653 OutboundHKey[4*i+1] = t;
2654 }
2655 }
2656 if (fVerbose)
2657 Log_HexDump("OutboundHKey (swapped)", 0, OutboundHKey, 16);
2658 params.AuthKey1_p = OutboundHKey;
2659 DTLSResourceEntity_p->HKeyOutbound = OutboundHKey;
2660 } else {
2661 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2662 DTLSParam_p->sec_mode);
2663 goto error_exit;
2664 }
2665 // Add crypto key and parameters.
2666 params.Key_p = DTLSParam_p->key_encrypt;
2667 // Add authentication key and paramters.
2668 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2669#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2670 params.AuthKey1_p = DTLSParam_p->key_auth_encrypt_1; // inner digest directly
2671 params.AuthKey2_p = DTLSParam_p->key_auth_encrypt_2; // outer digest directly
2672#else
2673 // No hardware precompute support, so preform HMAC precompute in
2674 // the traditional way.
2675 InnerDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2676 if (InnerDigest == NULL) {
2677 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2678 goto error_exit;
2679 }
2680 memset(InnerDigest, 0, params.AuthKeyByteCount);
2681 DTLSResourceEntity_p->InnerDigestOutbound = InnerDigest;
2682 OuterDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2683 if (OuterDigest == NULL) {
2684 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2685 goto error_exit;
2686 }
2687 memset(OuterDigest, 0, params.AuthKeyByteCount);
2688 DTLSResourceEntity_p->OuterDigestOutbound = OuterDigest;
2689 crypto_hmac_precompute(params.AuthAlgo,
2690 DTLSParam_p->key_auth_encrypt_1,
2691 params.AuthKeyByteCount,
2692 InnerDigest,
2693 OuterDigest);
2694 if (fVerbose) {
2695 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2696 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2697 }
2698 params.AuthKey1_p = InnerDigest;
2699 params.AuthKey2_p = OuterDigest;
2700 InnerDigest = NULL;
2701 OuterDigest = NULL;
2702#endif
2703 }
2704
2705 // Create a reference to the header processor context.
2706 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2707
2708 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
2709 SAB_DTLS_EXT_PROCESSING | SAB_DTLS_IPV4;
2710 if (fCAPWAP)
2711 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2712
2713 // Now the SA parameters are completely filled in.
2714
2715 // We are ready to probe the size required for the transform
2716 // record (SA).
2717 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2718
2719 if (fVerbose)
2720 CRYPTO_INFO(
2721 "%s: SABuilder_GetSizes returned %d SA size=%u words for outbound\n",
2722 __func__,
2723 SAStatus,
2724 SAWords);
2725 if (SAStatus != SAB_STATUS_OK) {
2726 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2727 goto error_exit;
2728 }
2729
2730 // Allocate a DMA-safe buffer for the SA.
2731 DMAProperties.fCached = true;
2732 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2733 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2734 DMAProperties.Size = SAWords * sizeof(uint32_t);
2735
2736 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2737 &DTLSResourceEntity_p->DTLSHandleSAOutbound);
2738 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAOutbound.p == NULL) {
2739 CRYPTO_ERR("%s Allocation of outbound SA failed\n", __func__);
2740 goto error_exit;
2741 }
2742
2743 // Now we can actually build the SA in the DMA-safe buffer.
2744 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2745
2746 if (SAStatus != SAB_STATUS_OK) {
2747 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2748 goto error_exit;
2749 }
2750 if (fVerbose) {
2751 CRYPTO_INFO("Outbound transform record created\n");
2752
2753 Log_HexDump("Outbound transform record",
2754 0,
2755 SAHostAddress.p,
2756 SAWords * sizeof(uint32_t));
2757 }
2758
2759 // Prepare the Inbound SA
2760 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2761 DTLSVersion = SAB_DTLS_VERSION_1_0;
2762 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2763 DTLSVersion = SAB_DTLS_VERSION_1_2;
2764 else {
2765 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2766 DTLSParam_p->dtls_version);
2767 goto error_exit;
2768 }
2769
2770 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2771 // will initialize many parameters, next fill in more parameters, such
2772 // as cryptographic keys.
2773 SAStatus = SABuilder_Init_SSLTLS(&params,
2774 &SSLTLSParams,
2775 DTLSVersion,
2776 SAB_DIRECTION_INBOUND);
2777 if (SAStatus != SAB_STATUS_OK) {
2778 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2779 goto error_exit;
2780 }
2781
2782 /* Set DTLS-CAPWAP param from cmd handler */
2783 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2784 params.CryptoAlgo = SAB_CRYPTO_AES;
2785 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2786 params.KeyByteCount = 16;
2787 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2788 params.AuthKeyByteCount = 20;
2789 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2790 params.CryptoAlgo = SAB_CRYPTO_AES;
2791 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2792 params.KeyByteCount = 16;
2793 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2794 params.AuthKeyByteCount = 32;
2795 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2796 params.CryptoAlgo = SAB_CRYPTO_AES;
2797 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2798 params.KeyByteCount = 32;
2799 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2800 params.AuthKeyByteCount = 20;
2801 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2802 params.CryptoAlgo = SAB_CRYPTO_AES;
2803 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2804 params.KeyByteCount = 32;
2805 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2806 params.AuthKeyByteCount = 32;
2807 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2808 params.CryptoAlgo = SAB_CRYPTO_AES;
2809 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2810 params.AuthAlgo = SAB_AUTH_AES_GCM;
2811 if (DTLSParam_p->sec_mode == AES128_GCM)
2812 params.KeyByteCount = 16;
2813 else if (DTLSParam_p->sec_mode == AES256_GCM)
2814 params.KeyByteCount = 32;
2815
2816 params.Nonce_p = DTLSParam_p->dtls_decrypt_nonce;
2817
2818 InboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2819 if (InboundHKey == NULL) {
2820 CRYPTO_ERR("%s: kmalloc for InboundHKey failed\n", __func__);
2821 goto error_exit;
2822 }
2823
2824 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_decrypt, 16, Zero, InboundHKey);
2825 if (fVerbose)
2826 Log_HexDump("InboundHKey", 0, InboundHKey, 16);
2827 // Byte-swap the HKEY
2828 {
2829 uint8_t t;
2830 unsigned int i;
2831
2832 for (i = 0; i < 4; i++) {
2833 t = InboundHKey[4*i+3];
2834 InboundHKey[4*i+3] = InboundHKey[4*i];
2835 InboundHKey[4*i] = t;
2836 t = InboundHKey[4*i+2];
2837 InboundHKey[4*i+2] = InboundHKey[4*i+1];
2838 InboundHKey[4*i+1] = t;
2839 }
2840 }
2841 if (fVerbose)
2842 Log_HexDump("InboundHKey (swapped)", 0, InboundHKey, 16);
2843 params.AuthKey1_p = InboundHKey;
2844 DTLSResourceEntity_p->HKeyInbound = InboundHKey;
2845 } else {
2846 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2847 DTLSParam_p->sec_mode);
2848 goto error_exit;
2849 }
2850
2851 // Add crypto key and parameters.
2852 params.Key_p = DTLSParam_p->key_decrypt;
2853 // Add authentication key and paramters.
2854 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2855#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2856 params.AuthKey1_p = DTLSParam_p->key_auth_decrypt_1;
2857 params.AuthKey2_p = DTLSParam_p->key_auth_decrypt_2;
2858#else
2859 // No hardware precompute support, so preform HMAC precompute in
2860 // the traditional way.
2861 InnerDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2862 if (InnerDigest == NULL) {
2863 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2864 goto error_exit;
2865 }
2866 memset(InnerDigest, 0, params.AuthKeyByteCount);
2867 DTLSResourceEntity_p->InnerDigestInbound = InnerDigest;
2868 OuterDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2869 if (OuterDigest == NULL) {
2870 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2871 goto error_exit;
2872 }
2873 memset(OuterDigest, 0, params.AuthKeyByteCount);
2874 DTLSResourceEntity_p->OuterDigestInbound = OuterDigest;
2875 crypto_hmac_precompute(params.AuthAlgo,
2876 DTLSParam_p->key_auth_decrypt_1,
2877 params.AuthKeyByteCount,
2878 InnerDigest,
2879 OuterDigest);
2880 if (fVerbose) {
2881 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2882 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2883 }
2884 params.AuthKey1_p = InnerDigest;
2885 params.AuthKey2_p = OuterDigest;
2886 InnerDigest = NULL;
2887 OuterDigest = NULL;
2888 }
2889#endif
2890
2891 if (fInlinePlain != fInlineCipher) {
2892 params.flags |= SAB_FLAG_REDIRECT;
2893 params.RedirectInterface = PEC_INTERFACE_ID; /*redirect to ring */
2894 }
2895
2896 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
2897 SAB_DTLS_EXT_PROCESSING | SAB_DTLS_IPV4;
2898
2899 // Create a reference to the header processor context.
2900 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2901
2902 if (fCAPWAP)
2903 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2904
2905 // Now the SA parameters are completely filled in.
2906
2907 // We are ready to probe the size required for the transform
2908 // record (SA).
2909 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2910
2911 if (fVerbose)
2912 CRYPTO_INFO("%s: SABuilder_GetSizes returned %d SA size=%u words for inbound\n",
2913 __func__,
2914 SAStatus,
2915 SAWords);
2916
2917 if (SAStatus != SAB_STATUS_OK) {
2918 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2919 goto error_exit;
2920 }
2921
2922 // Allocate a DMA-safe buffer for the SA.
2923 DMAProperties.fCached = true;
2924 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2925 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2926 DMAProperties.Size = SAWords * sizeof(uint32_t);
2927
2928 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2929 &DTLSResourceEntity_p->DTLSHandleSAInbound);
2930 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAInbound.p == NULL) {
2931 CRYPTO_ERR("%s: Allocation of inbound SA failed\n", __func__);
2932 goto error_exit;
2933 }
2934
2935 // Now we can actually build the SA in the DMA-safe buffer.
2936 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2937 if (SAStatus != SAB_STATUS_OK) {
2938 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2939 goto error_exit;
2940 }
2941 if (fVerbose) {
2942 CRYPTO_INFO("Inbound transform record created\n");
2943
2944 Log_HexDump("Inbound transform record",
2945 0,
2946 SAHostAddress.p,
2947 SAWords * sizeof(uint32_t));
2948 }
2949
2950 // Register the SAs with the PCL API. DMA buffers for hardware transforms
2951 // (SAs) are allocated and filled in external to the PCL API.
2952 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2953 if (PCL_Status != PCL_STATUS_OK) {
2954 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2955 goto error_exit;
2956 }
2957 if (fVerbose)
2958 CRYPTO_INFO("%s: Outbound transform registered\n", __func__);
2959
2960 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAInbound);
2961 if (PCL_Status != PCL_STATUS_OK) {
2962 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2963 PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2964 goto error_exit;
2965 }
2966 if (fVerbose)
2967 CRYPTO_INFO("%s: Inbound transform registered\n", __func__);
2968
2969
2970
2971 /* Create the DTL entries. */
2972 if (fPktCfy) {
2973 ZEROINIT(SelectorParams);
2974 ZEROINIT(DTLTransformParams);
2975
2976 SelectorParams.flags = PCL_SELECT_IPV4;
2977 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->sip)));
2978 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->dip)));
2979 SelectorParams.IpProto = 17; //UDP
2980 SelectorParams.SrcPort = DTLSParam_p->sport;
2981 SelectorParams.DstPort = DTLSParam_p->dport;
2982 SelectorParams.spi = 0;
2983 SelectorParams.epoch = 0; // No epoch, not present in outbound packet
2984
2985 /* Compute the hash for the inbound DTL */
2986 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
2987 if (PCL_Status != PCL_STATUS_OK) {
2988 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
2989 goto error_exit_unregister;
2990 }
2991 if (fVerbose)
2992 CRYPTO_INFO("%s: Inbound flow hashed\n", __func__);
2993
2994 /* Add the inbound DTL entry. */
2995 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
2996 &DTLTransformParams,
2997 DTLSResourceEntity_p->DTLSHandleSAOutbound,
2998 &SAHashHandle);
2999 if (PCL_Status != PCL_STATUS_OK) {
3000 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3001 goto error_exit_unregister;
3002 }
3003 if (fVerbose)
3004 CRYPTO_INFO("%s: Outbound DTL added\n", __func__);
3005
3006 ZEROINIT(SelectorParams);
3007 ZEROINIT(DTLTransformParams);
3008
3009 SelectorParams.flags = PCL_SELECT_IPV4;
3010 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->sip)));
3011 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->dip)));
3012 SelectorParams.SrcPort = DTLSParam_p->dport;
3013 SelectorParams.DstPort = DTLSParam_p->sport;
3014 SelectorParams.IpProto = 17; //UDP
3015 SelectorParams.epoch = DTLSParam_p->dtls_epoch;
3016
3017 /* Compute the hash for the inbound DTL */
3018 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
3019 if (PCL_Status != PCL_STATUS_OK) {
3020 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
3021 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3022 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3023 goto error_exit_unregister;
3024 }
3025 if (fVerbose)
3026 CRYPTO_INFO("%s: Inbound lookup hashed\n", __func__);
3027
3028 /* Add the inbound DTL entry. */
3029 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
3030 &DTLTransformParams,
3031 DTLSResourceEntity_p->DTLSHandleSAInbound,
3032 &SAHashHandle);
3033 if (PCL_Status != PCL_STATUS_OK) {
3034 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3035 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3036 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3037 goto error_exit_unregister;
3038 }
3039 if (fVerbose)
3040 CRYPTO_INFO("%s: Inbound DTL added\n", __func__);
3041 }
3042
3043 /* At this point, both outbound and inbound transforms have been
3044 * registered and both outbound and inbound DTL entries are added to the
3045 * lookup table. The Packet Engine is ready to accept packets and
3046 * perform classification and processing autonomously.*/
3047
3048 if (fVerbose)
3049 CRYPTO_INFO("*** Finished update DTLS-CAPWAP SA ***\n\n");
3050
3051 // If we made it to here, consider this run a success. Any jump
3052 // to one of the error labels below will skip "success = true"
3053 success = true;
3054 DTLSParam_p->SA_encrypt = DTLSResourceEntity_p->DTLSHandleSAOutbound.p;
3055 DTLSParam_p->SA_decrypt = DTLSResourceEntity_p->DTLSHandleSAInbound.p;
3056 DTLSResourceEntity_p->DTLSParam = DTLSParam_p;
3057 *DTLSResource = DTLSResourceEntity_p;
3058
3059 return success;
3060
3061
3062error_exit_unregister:
3063 /* At this point, all flows have been removed, so we can start
3064 * removing the transform records. Note: all flows that use the
3065 * transform must be removed before removing the transform.
3066 *
3067 * When any flow creation error occurs, return to this point. The
3068 * flow records have not been created, but the transform records
3069 * are registered at this point.
3070 */
3071
3072 /* Obtain statistics of the outbound transform. We do this at the
3073 * end of the lifetime of the transform, but it can be done at any
3074 * time when the transform is registered.*/
3075 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAOutbound,
3076 &TransformParams);
3077 if (PCL_Status != PCL_STATUS_OK)
3078 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3079 else
3080 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3081 TransformParams.PacketsCounterLo,
3082 TransformParams.OctetsCounterLo);
3083
3084 /* Obtain statistics of the inbound transform. */
3085 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAInbound,
3086 &TransformParams);
3087 if (PCL_Status != PCL_STATUS_OK)
3088 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3089 else
3090 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3091 TransformParams.PacketsCounterLo,
3092 TransformParams.OctetsCounterLo);
3093
3094
3095 /* Unregister both transforms. Report, but do not handle the
3096 * results of these calls. If they fail, there is nothing sensible
3097 * that we can do to recover.
3098 */
3099 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAOutbound, true))
3100 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3101 else if (fVerbose)
3102 CRYPTO_INFO("transform invalidate succeeded\n");
3103
3104
3105 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3106 if (PCL_Status != PCL_STATUS_OK)
3107 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3108 else if (fVerbose)
3109 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3110
3111
3112 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAInbound, true))
3113 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3114 else if (fVerbose)
3115 CRYPTO_INFO("transform invalidate succeeded\n");
3116
3117
3118 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAInbound);
3119 if (PCL_Status != PCL_STATUS_OK)
3120 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3121 else if (fVerbose)
3122 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3123
3124
3125error_exit:
3126 /* Remove the buffers occupied by the transforms, the packets and the
3127 * header processor contexts.
3128 *
3129 * Return here if any error occurs before the transforms are registered.
3130 * When we return here with an error, not all buffers may have been
3131 * allocated.
3132 * Note: DMABuf_Release can be called when no buffer was allocated.
3133 */
3134 if (DTLSResourceEntity_p != NULL) {
3135 if (DTLSResourceEntity_p->DTLSHandleSAOutbound.p != NULL) {
3136 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3137 DTLSResourceEntity_p->DTLSHandleSAOutbound.p = NULL;
3138 DTLSResourceEntity_p->DTLSParam->SA_encrypt = (void *) NULL;
3139 }
3140 if (DTLSResourceEntity_p->DTLSHandleSAInbound.p != NULL) {
3141 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAInbound);
3142 DTLSResourceEntity_p->DTLSHandleSAInbound.p = NULL;
3143 DTLSResourceEntity_p->DTLSParam->SA_decrypt = (void *) NULL;
3144 }
3145 if (DTLSResourceEntity_p->HKeyOutbound != NULL) {
3146 kfree(DTLSResourceEntity_p->HKeyOutbound);
3147 DTLSResourceEntity_p->HKeyOutbound = NULL;
3148 }
3149 if (DTLSResourceEntity_p->HKeyInbound != NULL) {
3150 kfree(DTLSResourceEntity_p->HKeyInbound);
3151 DTLSResourceEntity_p->HKeyInbound = NULL;
3152 }
3153 if (DTLSResourceEntity_p->InnerDigestInbound != NULL) {
3154 kfree(DTLSResourceEntity_p->InnerDigestInbound);
3155 DTLSResourceEntity_p->InnerDigestInbound = NULL;
3156 }
3157 if (DTLSResourceEntity_p->OuterDigestInbound != NULL) {
3158 kfree(DTLSResourceEntity_p->OuterDigestInbound);
3159 DTLSResourceEntity_p->OuterDigestInbound = NULL;
3160 }
3161 if (DTLSResourceEntity_p->InnerDigestOutbound != NULL) {
3162 kfree(DTLSResourceEntity_p->InnerDigestOutbound);
3163 DTLSResourceEntity_p->InnerDigestOutbound = NULL;
3164 }
3165 if (DTLSResourceEntity_p->OuterDigestOutbound != NULL) {
3166 kfree(DTLSResourceEntity_p->OuterDigestOutbound);
3167 DTLSResourceEntity_p->OuterDigestOutbound = NULL;
3168 }
3169 if (DTLSResourceEntity_p != NULL) {
3170 kfree(DTLSResourceEntity_p);
3171 DTLSResourceEntity_p = NULL;
3172 }
3173 *DTLSResource = NULL;
3174 }
3175 return success;
3176}
3177
3178void mtk_ddk_remove_dtls_param(struct DTLSResourceMgmt **DTLSResource)
3179{
3180 bool fVerbose = false;
3181 bool fPktCfy = true;
3182 PCL_Status_t PCL_Status;
3183 PCL_TransformParams_t TransformParams;
3184
3185 if (*DTLSResource == NULL) {
3186 if (fVerbose)
3187 CRYPTO_ERR("%s: DTLSResource is NULL\n", __func__);
3188 return;
3189 }
3190
3191 // unregister_flows
3192 if (fPktCfy) {
3193 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3194 (*DTLSResource)->DTLSHandleSAInbound);
3195 if (PCL_Status != PCL_STATUS_OK)
3196 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Inbound failed\n", __func__);
3197 else
3198 if (fVerbose)
3199 CRYPTO_INFO("PCL_DTL_Transform_Remove Inbound succeeded\n");
3200
3201 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3202 (*DTLSResource)->DTLSHandleSAOutbound);
3203 if (PCL_Status != PCL_STATUS_OK)
3204 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Outbound failed\n", __func__);
3205 else
3206 if (fVerbose)
3207 CRYPTO_INFO("PCL_DTL_Transform_Remove Outbound succeeded\n");
3208 }
3209
3210 /* At this point, all flows have been removed, so we can start
3211 * removing the transform records. Note: all flows that use the
3212 * transform must be removed before removing the transform.
3213 *
3214 * When any flow creation error occurs, return to this point. The
3215 * flow records have not been created, but the transform records
3216 * are registered at this point.
3217 */
3218
3219 /* Obtain statistics of the outbound transform. We do this at the
3220 * end of the lifetime of the transform, but it can be done at any
3221 * time when the transform is registered.*/
3222 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAOutbound,
3223 &TransformParams);
3224 if (PCL_Status != PCL_STATUS_OK)
3225 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3226 else
3227 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3228 TransformParams.PacketsCounterLo,
3229 TransformParams.OctetsCounterLo);
3230
3231 /* Obtain statistics of the inbound transform. */
3232 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAInbound,
3233 &TransformParams);
3234 if (PCL_Status != PCL_STATUS_OK)
3235 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3236 else
3237 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3238 TransformParams.PacketsCounterLo,
3239 TransformParams.OctetsCounterLo);
3240
3241
3242 /* Unregister both transforms. Report, but do not handle the
3243 * results of these calls. If they fail, there is nothing sensible
3244 * that we can do to recover.
3245 */
3246 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAOutbound, true))
3247 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3248 else
3249 if (fVerbose)
3250 CRYPTO_INFO("transform invalidate succeeded\n");
3251#ifdef PEC_PCL_EIP197
3252 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAOutbound);
3253 if (PCL_Status != PCL_STATUS_OK)
3254 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3255 else
3256 if (fVerbose)
3257 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3258#else
3259 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAOutbound,
3260 DMABuf_NULLHandle, DMABuf_NULLHandle);
3261#endif
3262
3263 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAInbound, true))
3264 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3265 else
3266 if (fVerbose)
3267 CRYPTO_INFO("transform invalidate succeeded\n");
3268#ifdef PEC_PCL_EIP197
3269 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAInbound);
3270 if (PCL_Status != PCL_STATUS_OK)
3271 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3272 else
3273 if (fVerbose)
3274 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3275#else
3276 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAInbound,
3277 DMABuf_NULLHandle, DMABuf_NULLHandle);
3278#endif
3279
3280 /* Remove the buffers occupied by the transforms, the packets and the
3281 * header processor contexts.
3282 *
3283 * Return here if any error occurs before the transforms are registered.
3284 * When we return here with an error, not all buffers may have been
3285 * allocated.
3286 * Note: DMABuf_Release can be called when no buffer was allocated.
3287 */
3288 if ((*DTLSResource)->DTLSHandleSAOutbound.p != NULL) {
3289 DMABuf_Release((*DTLSResource)->DTLSHandleSAOutbound);
3290 (*DTLSResource)->DTLSHandleSAOutbound.p = NULL;
3291 (*DTLSResource)->DTLSParam->SA_encrypt = (void *) NULL;
3292 }
3293 if ((*DTLSResource)->DTLSHandleSAInbound.p != NULL) {
3294 DMABuf_Release((*DTLSResource)->DTLSHandleSAInbound);
3295 (*DTLSResource)->DTLSHandleSAInbound.p = NULL;
3296 (*DTLSResource)->DTLSParam->SA_decrypt = (void *) NULL;
3297 }
3298 if ((*DTLSResource)->HKeyOutbound != NULL) {
3299 kfree((*DTLSResource)->HKeyOutbound);
3300 (*DTLSResource)->HKeyOutbound = NULL;
3301 }
3302 if ((*DTLSResource)->HKeyInbound != NULL) {
3303 kfree((*DTLSResource)->HKeyInbound);
3304 (*DTLSResource)->HKeyInbound = NULL;
3305 }
3306 if ((*DTLSResource)->InnerDigestInbound != NULL) {
3307 kfree((*DTLSResource)->InnerDigestInbound);
3308 (*DTLSResource)->InnerDigestInbound = NULL;
3309 }
3310 if ((*DTLSResource)->OuterDigestInbound != NULL) {
3311 kfree((*DTLSResource)->OuterDigestInbound);
3312 (*DTLSResource)->OuterDigestInbound = NULL;
3313 }
3314 if ((*DTLSResource)->InnerDigestOutbound != NULL) {
3315 kfree((*DTLSResource)->InnerDigestOutbound);
3316 (*DTLSResource)->InnerDigestOutbound = NULL;
3317 }
3318 if ((*DTLSResource)->OuterDigestOutbound != NULL) {
3319 kfree((*DTLSResource)->OuterDigestOutbound);
3320 (*DTLSResource)->OuterDigestOutbound = NULL;
3321 }
3322 if (*DTLSResource != NULL) {
3323 kfree(*DTLSResource);
3324 *DTLSResource = NULL;
3325 }
3326 *DTLSResource = NULL;
developer94c513e2023-08-21 17:33:25 +0800[diff] [blame]3327}