Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / e5650321276b467d24d730e53555ac70e723689b / . / feed / kernel / crypto-eip / src / ddk-wrapper.c
blob: ffc0df192433549c0bf16e82419e46064fdbd983 [file] [log] [blame]
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (C) 2023 MediaTek Inc.
4 *
5 * Author: Chris.Chou <chris.chou@mediatek.com>
6 * Ren-Ting Wang <ren-ting.wang@mediatek.com>
7 */
8
9#include <crypto/aes.h>
10#include <crypto/hash.h>
11#include <crypto/hmac.h>
12#include <crypto/md5.h>
13#include <linux/delay.h>
14
15#include <crypto-eip/ddk/slad/api_pcl.h>
16#include <crypto-eip/ddk/slad/api_pcl_dtl.h>
17#include <crypto-eip/ddk/slad/api_pec.h>
18#include <crypto-eip/ddk/slad/api_driver197_init.h>
19
20#include "crypto-eip/crypto-eip.h"
21#include "crypto-eip/ddk-wrapper.h"
22#include "crypto-eip/internal.h"
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]23
24LIST_HEAD(result_list);
25
26void crypto_free_sa(void *sa_pointer)
27{
28 DMABuf_Handle_t SAHandle = {0};
29
30 SAHandle.p = sa_pointer;
31 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
32 DMABuf_NULLHandle);
33 DMABuf_Release(SAHandle);
34}
35
36void crypto_free_token(void *token)
37{
38 DMABuf_Handle_t TokenHandle = {0};
39
40 TokenHandle.p = token;
41 DMABuf_Release(TokenHandle);
42}
43
44/* TODO: to be remove*/
45void crypto_free_pkt(void *pkt)
46{
47 DMABuf_Handle_t PktHandle = {0};
48
49 PktHandle.p = pkt;
50 DMABuf_Release(PktHandle);
51}
52
53void crypto_free_sglist(void *sglist)
54{
55 PEC_Status_t res;
56 unsigned int count;
57 unsigned int size;
58 DMABuf_Handle_t SGListHandle = {0};
59 DMABuf_Handle_t ParticleHandle = {0};
60 int i;
61 uint8_t *Particle_p;
62
63 SGListHandle.p = sglist;
64 res = PEC_SGList_GetCapacity(SGListHandle, &count);
65 if (res != PEC_STATUS_OK)
66 return;
67 for (i = 0; i < count; i++) {
68 PEC_SGList_Read(SGListHandle,
69 i,
70 &ParticleHandle,
71 &size,
72 &Particle_p);
73 DMABuf_Particle_Release(ParticleHandle);
74 }
75
76 PEC_SGList_Destroy(SGListHandle);
77}
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]78
79static bool crypto_iotoken_create(IOToken_Input_Dscr_t * const dscr_p,
80 void * const ext_p, u32 *data_p,
81 PEC_CommandDescriptor_t * const pec_cmd_dscr)
82{
83 int IOTokenRc;
84
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]85 dscr_p->InPacket_ByteCount = pec_cmd_dscr->SrcPkt_ByteCount;
86 dscr_p->Ext_p = ext_p;
87
88 IOTokenRc = IOToken_Create(dscr_p, data_p);
89 if (IOTokenRc < 0) {
90 CRYPTO_ERR("IOToken_Create error %d\n", IOTokenRc);
91 return false;
92 }
93
94 pec_cmd_dscr->InputToken_p = data_p;
95
96 return true;
97}
98
99unsigned int crypto_pe_busy_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
100 u32 *OutTokenData_p,
101 PEC_ResultDescriptor_t *RD_p)
102{
103 int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
104 int IOToken_Rc;
105 PEC_Status_t pecres;
106
107 ZEROINIT(*OutTokenDscr_p);
108 ZEROINIT(*RD_p);
109
110 /* Link data structures */
111 RD_p->OutputToken_p = OutTokenData_p;
112
113 while (LoopCounter > 0) {
114 /* Try to get the processed packet from the driver */
115 unsigned int Counter = 0;
116
117 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
118 if (pecres != PEC_STATUS_OK) {
119 /* IO error */
120 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
121 return 0;
122 }
123
124 if (Counter) {
125 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
126 if (IOToken_Rc < 0) {
127 /* IO error */
128 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
129 return 0;
130 }
131
132 if (OutTokenDscr_p->ErrorCode != 0) {
133 /* Packet process error */
134 CRYPTO_ERR("Result descriptor error 0x%x\n",
135 OutTokenDscr_p->ErrorCode);
136 return 0;
137 }
138
139 /* packet received */
140 return Counter;
141 }
142
143 /* Wait for MTK_EIP197_PKT_GET_TIMEOUT_MS milliseconds */
144 udelay(MTK_EIP197_PKT_GET_TIMEOUT_MS);
145 LoopCounter--;
146 }
147
148 /* IO error (timeout, not result packet received) */
149 return 0;
150}
151
152unsigned int crypto_pe_get_one(IOToken_Output_Dscr_t *const OutTokenDscr_p,
153 u32 *OutTokenData_p,
154 PEC_ResultDescriptor_t *RD_p)
155{
156 int IOToken_Rc;
157 unsigned int Counter = 0;
158 PEC_Status_t pecres;
159
160 ZEROINIT(*OutTokenDscr_p);
161 ZEROINIT(*RD_p);
162
163 RD_p->OutputToken_p = OutTokenData_p;
164
165 /* Try to get the processed packet from the driver */
166 pecres = PEC_Packet_Get(PEC_INTERFACE_ID, RD_p, 1, &Counter);
167 if (pecres != PEC_STATUS_OK) {
168 /* IO error */
169 CRYPTO_ERR("PEC_Packet_Get error %d\n", pecres);
170 return 0;
171 }
172
173 if (Counter) {
174 IOToken_Rc = IOToken_Parse(OutTokenData_p, OutTokenDscr_p);
175 if (IOToken_Rc < 0) {
176 /* IO error */
177 CRYPTO_ERR("IOToken_Parse error %d\n", IOToken_Rc);
178 return 0;
179 }
180 if (OutTokenDscr_p->ErrorCode != 0) {
181 /* Packet process error */
182 CRYPTO_ERR("Result descriptor error 0x%x\n",
183 OutTokenDscr_p->ErrorCode);
184 return 0;
185 }
186 /* packet received */
187 return Counter;
188 }
189
190 /* IO error (timeout, not result packet received) */
191 return 0;
192}
193
194SABuilder_Crypto_Mode_t lookaside_match_alg_mode(enum mtk_crypto_cipher_mode mode)
195{
196 switch (mode) {
197 case MTK_CRYPTO_MODE_CBC:
198 return SAB_CRYPTO_MODE_CBC;
199 case MTK_CRYPTO_MODE_ECB:
200 return SAB_CRYPTO_MODE_ECB;
201 case MTK_CRYPTO_MODE_OFB:
202 return SAB_CRYPTO_MODE_OFB;
203 case MTK_CRYPTO_MODE_CFB:
204 return SAB_CRYPTO_MODE_CFB;
205 case MTK_CRYPTO_MODE_CTR:
206 return SAB_CRYPTO_MODE_CTR;
207 case MTK_CRYPTO_MODE_GCM:
208 return SAB_CRYPTO_MODE_GCM;
209 case MTK_CRYPTO_MODE_GMAC:
210 return SAB_CRYPTO_MODE_GMAC;
211 case MTK_CRYPTO_MODE_CCM:
212 return SAB_CRYPTO_MODE_CCM;
213 default:
214 return SAB_CRYPTO_MODE_BASIC;
215 }
216}
217
218SABuilder_Crypto_t lookaside_match_alg_name(enum mtk_crypto_alg alg)
219{
220 switch (alg) {
221 case MTK_CRYPTO_AES:
222 return SAB_CRYPTO_AES;
223 case MTK_CRYPTO_DES:
224 return SAB_CRYPTO_DES;
225 case MTK_CRYPTO_3DES:
226 return SAB_CRYPTO_3DES;
227 default:
228 return SAB_CRYPTO_NULL;
229 }
230}
231
232SABuilder_Auth_t aead_hash_match(enum mtk_crypto_alg alg)
233{
234 switch (alg) {
235 case MTK_CRYPTO_ALG_SHA1:
236 return SAB_AUTH_HMAC_SHA1;
237 case MTK_CRYPTO_ALG_SHA224:
238 return SAB_AUTH_HMAC_SHA2_224;
239 case MTK_CRYPTO_ALG_SHA256:
240 return SAB_AUTH_HMAC_SHA2_256;
241 case MTK_CRYPTO_ALG_SHA384:
242 return SAB_AUTH_HMAC_SHA2_384;
243 case MTK_CRYPTO_ALG_SHA512:
244 return SAB_AUTH_HMAC_SHA2_512;
245 case MTK_CRYPTO_ALG_MD5:
246 return SAB_AUTH_HMAC_MD5;
247 case MTK_CRYPTO_ALG_GCM:
248 return SAB_AUTH_AES_GCM;
249 case MTK_CRYPTO_ALG_GMAC:
250 return SAB_AUTH_AES_GMAC;
251 case MTK_CRYPTO_ALG_CCM:
252 return SAB_AUTH_AES_CCM;
253 default:
254 return SAB_AUTH_NULL;
255 }
256}
257
258void mtk_crypto_interrupt_handler(void)
259{
260 struct mtk_crypto_result *rd;
261 struct mtk_crypto_context *ctx;
262 IOToken_Output_Dscr_t OutTokenDscr;
263 PEC_ResultDescriptor_t Res;
264 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
265 int ret = 0;
266
267 while (true) {
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]268 spin_lock_bh(&add_lock);
269 if (list_empty(&result_list)) {
270 spin_unlock_bh(&add_lock);
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]271 return;
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]272 }
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]273 rd = list_first_entry(&result_list, struct mtk_crypto_result, list);
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]274 spin_unlock_bh(&add_lock);
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]275
276 if (crypto_pe_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
277 PEC_NotifyFunction_t CBFunc;
278
279 CBFunc = mtk_crypto_interrupt_handler;
280 if (OutTokenDscr.ErrorCode == 0) {
281 PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
282 return;
283 } else if (OutTokenDscr.ErrorCode & BIT(9)) {
284 ret = -EBADMSG;
285 } else if (OutTokenDscr.ErrorCode == 0x4003) {
286 ret = 0;
287 } else
288 ret = 1;
289
290 CRYPTO_ERR("error from crypto_pe_get_one: %d\n", ret);
291 }
292
293 ctx = crypto_tfm_ctx(rd->async->tfm);
294 ret = ctx->handle_result(rd, ret);
295
296 spin_lock_bh(&add_lock);
297 list_del(&rd->list);
298 spin_unlock_bh(&add_lock);
299 kfree(rd);
300 }
301}
302
303int crypto_aead_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
304 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
305 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
306{
307 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
308 struct mtk_crypto_result *result;
309 struct scatterlist *sg;
310 unsigned int totlen_src;
311 unsigned int totlen_dst;
312 unsigned int src_pkt = cryptlen + assoclen;
313 unsigned int pass_assoc = 0;
314 int pass_id;
315 int rc;
316 int i;
317 SABuilder_Params_t params;
318 SABuilder_Params_Basic_t ProtocolParams;
319 unsigned int SAWords = 0;
320
321 DMABuf_Status_t DMAStatus;
322 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
323 DMABuf_HostAddress_t SAHostAddress;
324 DMABuf_HostAddress_t TokenHostAddress;
325 DMABuf_HostAddress_t PktHostAddress;
326
327 DMABuf_Handle_t SAHandle = {0};
328 DMABuf_Handle_t TokenHandle = {0};
329 DMABuf_Handle_t SrcSGListHandle = {0};
330 DMABuf_Handle_t DstSGListHandle = {0};
331
332 unsigned int TCRWords = 0;
333 void *TCRData = 0;
334 unsigned int TokenWords = 0;
335 unsigned int TokenHeaderWord;
336 unsigned int TokenMaxWords = 0;
337
338 TokenBuilder_Params_t TokenParams;
339 PEC_CommandDescriptor_t Cmd;
340 PEC_NotifyFunction_t CBFunc;
341 unsigned int count;
342
343 IOToken_Input_Dscr_t InTokenDscr;
344 IOToken_Output_Dscr_t OutTokenDscr;
345 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
346 void *InTokenDscrExt_p = NULL;
347 uint8_t gcm_iv[16] = {0};
348 uint8_t *aad = NULL;
349
350#ifdef CRYPTO_IOTOKEN_EXT
351 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
352
353 ZEROINIT(InTokenDscrExt);
354 InTokenDscrExt_p = &InTokenDscrExt;
355#endif
356 ZEROINIT(InTokenDscr);
357 ZEROINIT(OutTokenDscr);
358
359 /* Init SA */
360 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT) {
361 totlen_src = cryptlen + assoclen;
362 totlen_dst = totlen_src + digestsize;
363 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
364 } else {
365 totlen_src = cryptlen + assoclen;
366 totlen_dst = totlen_src - digestsize;
367 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
368 }
369 if (rc) {
370 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
371 goto error_exit;
372 }
373
374 /* Build SA */
375 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
376 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
377 params.KeyByteCount = ctx->key_len;
378 params.Key_p = (uint8_t *) ctx->key;
379 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) {
380 params.Nonce_p = (uint8_t *) &ctx->nonce;
381 params.IVSrc = SAB_IV_SRC_TOKEN;
382 params.flags |= SAB_FLAG_COPY_IV;
383 memcpy(gcm_iv, &ctx->nonce, 4);
384 memcpy(gcm_iv + 4, iv, ivsize);
385 gcm_iv[15] = 1;
386 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GMAC) {
387 params.Nonce_p = (uint8_t *) &ctx->nonce;
388 params.IVSrc = SAB_IV_SRC_TOKEN;
389 memcpy(gcm_iv, &ctx->nonce, 4);
390 memcpy(gcm_iv + 4, iv, ivsize);
391 gcm_iv[15] = 1;
392 } else if (params.CryptoMode == SAB_CRYPTO_MODE_GCM) {
393 params.IVSrc = SAB_IV_SRC_TOKEN;
394 memcpy(gcm_iv, iv, ivsize);
395 gcm_iv[15] = 1;
396 } else if (params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
397 params.IVSrc = SAB_IV_SRC_SA;
398 params.Nonce_p = (uint8_t *) &ctx->nonce + 1;
399 params.IV_p = iv;
400 } else {
401 params.IVSrc = SAB_IV_SRC_SA;
402 params.IV_p = iv;
403 }
404
405 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
406 params.Nonce_p = (uint8_t *) &ctx->nonce;
407
408 params.AuthAlgo = aead_hash_match(ctx->hash_alg);
409 params.AuthKey1_p = (uint8_t *) ctx->ipad;
410 params.AuthKey2_p = (uint8_t *) ctx->opad;
411
412 ProtocolParams.ICVByteCount = digestsize;
413
414 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
415 if (rc) {
416 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
417 goto error_remove_sg;
418 }
419
420 DMAProperties.fCached = true;
421 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
422 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
423 DMAProperties.Size = MAX(4*SAWords, 256);
424
425 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
426 if (DMAStatus != DMABUF_STATUS_OK) {
427 rc = 1;
428 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
429 goto error_remove_sg;
430 }
431
432 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
433 if (rc) {
434 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
435 goto error_remove_sg;
436 }
437
438 /* Check dst buffer has enough size */
439 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
440 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
441
442 if (src == dst) {
443 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
444 mtk_req->nr_dst = mtk_req->nr_src;
445 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
446 CRYPTO_ERR("In-place buffer not large enough\n");
447 return -EINVAL;
448 }
449 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
450 } else {
451 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
452 CRYPTO_ERR("Source buffer not large enough\n");
453 return -EINVAL;
454 }
455 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
456
457 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
458 CRYPTO_ERR("Dest buffer not large enough\n");
459 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
460 return -EINVAL;
461 }
462 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
463 }
464
465 if (params.CryptoMode == SAB_CRYPTO_MODE_CCM ||
466 (params.CryptoMode == SAB_CRYPTO_MODE_GCM &&
467 ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP)) {
468
469 aad = kmalloc(assoclen, GFP_KERNEL);
470 if (!aad)
471 goto error_remove_sg;
472 sg_copy_to_buffer(src, mtk_req->nr_src, aad, assoclen);
473 src_pkt -= assoclen;
474 pass_assoc = assoclen;
475 }
476
477 /* Assign sg list */
478 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
479 if (rc != PEC_STATUS_OK) {
480 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
481 goto error_remove_sg;
482 }
483
484 pass_id = 0;
485 DMAProperties.fCached = true;
486 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
487 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
488 for_each_sg(src, sg, mtk_req->nr_src, i) {
489 int len = sg_dma_len(sg);
490 DMABuf_Handle_t sg_handle;
491 DMABuf_HostAddress_t host;
492
493 if (totlen_src < len)
494 len = totlen_src;
495
496 if (pass_assoc) {
497 if (pass_assoc >= len) {
498 pass_assoc -= len;
499 pass_id++;
500 continue;
501 }
502 DMAProperties.Size = MAX(len - pass_assoc, 1);
503 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg) + pass_assoc,
504 &host, &sg_handle);
505 if (rc != DMABUF_STATUS_OK) {
506 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
507 goto error_remove_sg;
508 }
509 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle,
510 len - pass_assoc);
511 if (rc != PEC_STATUS_OK)
512 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
513 pass_assoc = 0;
514 } else {
515 DMAProperties.Size = MAX(len, 1);
516 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg),
517 &host, &sg_handle);
518 if (rc != DMABUF_STATUS_OK) {
519 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
520 goto error_remove_sg;
521 }
522
523 rc = PEC_SGList_Write(SrcSGListHandle, i - pass_id, sg_handle, len);
524 if (rc != PEC_STATUS_OK)
525 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
526 }
527
528 totlen_src -= len;
529 if (!totlen_src)
530 break;
531 }
532
533 /* Alloc sg list for result */
534 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
535 if (rc != PEC_STATUS_OK) {
536 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
537 goto error_remove_sg;
538 }
539
540 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
541 int len = sg_dma_len(sg);
542 DMABuf_Handle_t sg_handle;
543 DMABuf_HostAddress_t host;
544
545 if (len > totlen_dst)
546 len = totlen_dst;
547
548 DMAProperties.Size = MAX(len, 1);
549 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
550 if (rc != DMABUF_STATUS_OK) {
551 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
552 goto error_remove_sg;
553 }
554 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
555 if (rc != PEC_STATUS_OK)
556 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
557
558 if (unlikely(!len))
559 break;
560 totlen_dst -= len;
561 }
562
563 /* Build Token */
564 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
565 if (rc) {
566 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
567 goto error_remove_sg;
568 }
569
570 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
571 if (!TCRData) {
572 rc = 1;
573 CRYPTO_ERR("Allocation of TCR failed\n");
574 goto error_remove_sg;
575 }
576
577 rc = TokenBuilder_BuildContext(&params, TCRData);
578 if (rc) {
579 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
580 goto error_remove_sg;
581 }
582
583 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
584 if (rc) {
585 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
586 goto error_remove_sg;
587 }
588
589 DMAProperties.fCached = true;
590 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
591 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
592 DMAProperties.Size = 4*TokenMaxWords;
593
594 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
595 if (DMAStatus != DMABUF_STATUS_OK) {
596 rc = 1;
597 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
598 goto error_remove_sg;
599 }
600
601 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
602 DMABuf_NULLHandle);
603 if (rc != PEC_STATUS_OK) {
604 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
605 goto error_remove_sg;
606 }
607
608 ZEROINIT(TokenParams);
609
610 if (params.CryptoMode == SAB_CRYPTO_MODE_GCM || params.CryptoMode == SAB_CRYPTO_MODE_GMAC)
611 TokenParams.IV_p = gcm_iv;
612
613 if ((params.CryptoMode == SAB_CRYPTO_MODE_GCM && ctx->aead == EIP197_AEAD_TYPE_IPSEC_ESP) ||
614 params.CryptoMode == SAB_CRYPTO_MODE_CCM) {
615 TokenParams.AdditionalValue = assoclen - ivsize;
616 TokenParams.AAD_p = aad;
617 } else if (params.CryptoMode != SAB_CRYPTO_MODE_GMAC)
618 TokenParams.AdditionalValue = assoclen;
619
620
621 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
622 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, src_pkt,
623 &TokenParams, (uint32_t *)TokenHostAddress.p,
624 &TokenWords, &TokenHeaderWord);
625 kfree(PktHostAddress.p);
626 if (rc != TKB_STATUS_OK) {
627 CRYPTO_ERR("Token builder failed: %d\n", rc);
628 goto error_exit_unregister;
629 }
630
631 ZEROINIT(Cmd);
632 Cmd.Token_Handle = TokenHandle;
633 Cmd.Token_WordCount = TokenWords;
634 Cmd.SrcPkt_Handle = SrcSGListHandle;
635 Cmd.SrcPkt_ByteCount = src_pkt;
636 Cmd.DstPkt_Handle = DstSGListHandle;
637 Cmd.SA_Handle1 = SAHandle;
638 Cmd.SA_Handle2 = DMABuf_NULLHandle;
639
640 #if defined(CRYPTO_IOTOKEN_EXT)
641 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
642#endif
643 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
644
645 if (!crypto_iotoken_create(&InTokenDscr,
646 InTokenDscrExt_p,
647 InputToken,
648 &Cmd)) {
649 rc = 1;
650 goto error_exit_unregister;
651 }
652
653 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
654 if (rc != PEC_STATUS_OK && count != 1)
655 goto error_exit_unregister;
656
657 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
658 if (!result) {
659 rc = 1;
660 CRYPTO_ERR("No memory for result\n");
661 goto error_exit_unregister;
662 }
663 INIT_LIST_HEAD(&result->list);
664 result->eip.sa = SAHandle.p;
665 result->eip.token = TokenHandle.p;
666 result->eip.token_context = TCRData;
667 result->eip.pkt_handle = SrcSGListHandle.p;
668 result->async = async;
669 result->dst = DstSGListHandle.p;
670
671 spin_lock_bh(&add_lock);
672 list_add_tail(&result->list, &result_list);
673 spin_unlock_bh(&add_lock);
674 CBFunc = mtk_crypto_interrupt_handler;
675 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
676 if (rc != PEC_STATUS_OK) {
677 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
678 goto error_exit_unregister;
679 }
680
681 return rc;
682
683error_exit_unregister:
684 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
685 DMABuf_NULLHandle);
686error_remove_sg:
687 if (src == dst) {
688 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
689 } else {
690 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
691 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
692 }
693
694 if (aad != NULL)
695 kfree(aad);
696
697 crypto_free_sglist(SrcSGListHandle.p);
698 crypto_free_sglist(DstSGListHandle.p);
699
700error_exit:
701 DMABuf_Release(SAHandle);
702 DMABuf_Release(TokenHandle);
703
704 if (TCRData != NULL)
705 kfree(TCRData);
706
707 return rc;
708}
709
710int crypto_basic_cipher(struct crypto_async_request *async, struct mtk_crypto_cipher_req *mtk_req,
711 struct scatterlist *src, struct scatterlist *dst, unsigned int cryptlen,
712 unsigned int assoclen, unsigned int digestsize, u8 *iv, unsigned int ivsize)
713{
714 struct mtk_crypto_cipher_ctx *ctx = crypto_tfm_ctx(async->tfm);
715 struct skcipher_request *areq = skcipher_request_cast(async);
716 struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(areq);
717 struct mtk_crypto_result *result;
718 struct scatterlist *sg;
719 unsigned int totlen_src = cryptlen + assoclen;
720 unsigned int totlen_dst = totlen_src;
721 unsigned int blksize = crypto_skcipher_blocksize(skcipher);
722 int rc;
723 int i;
724 SABuilder_Params_t params;
725 SABuilder_Params_Basic_t ProtocolParams;
726 unsigned int SAWords = 0;
727
728 DMABuf_Status_t DMAStatus;
729 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
730 DMABuf_HostAddress_t SAHostAddress;
731 DMABuf_HostAddress_t TokenHostAddress;
732 DMABuf_HostAddress_t PktHostAddress;
733
734 DMABuf_Handle_t SAHandle = {0};
735 DMABuf_Handle_t TokenHandle = {0};
736 DMABuf_Handle_t SrcSGListHandle = {0};
737 DMABuf_Handle_t DstSGListHandle = {0};
738
739 unsigned int TCRWords = 0;
740 void *TCRData = 0;
741 unsigned int TokenWords = 0;
742 unsigned int TokenHeaderWord;
743 unsigned int TokenMaxWords = 0;
744
745 TokenBuilder_Params_t TokenParams;
746 PEC_CommandDescriptor_t Cmd;
747 unsigned int count;
748
749 IOToken_Input_Dscr_t InTokenDscr;
750 IOToken_Output_Dscr_t OutTokenDscr;
751 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
752 void *InTokenDscrExt_p = NULL;
753 PEC_NotifyFunction_t CBFunc;
754
755#ifdef CRYPTO_IOTOKEN_EXT
756 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
757
758 ZEROINIT(InTokenDscrExt);
759 InTokenDscrExt_p = &InTokenDscrExt;
760#endif
761 ZEROINIT(InTokenDscr);
762 ZEROINIT(OutTokenDscr);
763
764 /* If the data is not aligned with block size, return invalid */
765 if (!IS_ALIGNED(cryptlen, blksize))
766 return -EINVAL;
767
768 /* Init SA */
769 if (mtk_req->direction == MTK_CRYPTO_ENCRYPT)
770 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
771 else
772 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_INBOUND);
773 if (rc) {
774 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
775 goto error_exit;
776 }
777
778 /* Build SA */
779 params.CryptoAlgo = lookaside_match_alg_name(ctx->alg);
780 params.CryptoMode = lookaside_match_alg_mode(ctx->mode);
781 params.KeyByteCount = ctx->key_len;
782 params.Key_p = (uint8_t *) ctx->key;
783 params.IVSrc = SAB_IV_SRC_SA;
784 if (params.CryptoMode == SAB_CRYPTO_MODE_CTR)
785 params.Nonce_p = (uint8_t *) &ctx->nonce;
786 params.IV_p = iv;
787
788 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
789 if (rc) {
790 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
791 goto error_exit;
792 }
793
794 DMAProperties.fCached = true;
795 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
796 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
797 DMAProperties.Size = MAX(4*SAWords, 256);
798
799 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
800 if (DMAStatus != DMABUF_STATUS_OK) {
801 rc = 1;
802 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
803 goto error_exit;
804 }
805
806 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
807 if (rc) {
808 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
809 goto error_exit;
810 }
811
812 /* Build Token */
813 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
814 if (rc) {
815 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
816 goto error_exit;
817 }
818
819 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
820 if (!TCRData) {
821 rc = 1;
822 CRYPTO_ERR("Allocation of TCR failed\n");
823 goto error_exit;
824 }
825
826 rc = TokenBuilder_BuildContext(&params, TCRData);
827 if (rc) {
828 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
829 goto error_exit;
830 }
831
832 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
833 if (rc) {
834 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
835 goto error_exit;
836 }
837
838 DMAProperties.fCached = true;
839 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
840 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
841 DMAProperties.Size = 4*TokenMaxWords;
842
843 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
844 if (DMAStatus != DMABUF_STATUS_OK) {
845 rc = 1;
846 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
847 goto error_exit;
848 }
849
850 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
851 DMABuf_NULLHandle);
852 if (rc != PEC_STATUS_OK) {
853 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
854 goto error_exit;
855 }
856
857 /* Check buffer has enough size for output */
858 mtk_req->nr_src = sg_nents_for_len(src, totlen_src);
859 mtk_req->nr_dst = sg_nents_for_len(dst, totlen_dst);
860
861 if (src == dst) {
862 mtk_req->nr_src = max(mtk_req->nr_src, mtk_req->nr_dst);
863 mtk_req->nr_dst = mtk_req->nr_src;
864 if (unlikely((totlen_src || totlen_dst) && (mtk_req->nr_src <= 0))) {
865 CRYPTO_ERR("In-place buffer not large enough\n");
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]866 kfree(TCRData);
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]867 return -EINVAL;
868 }
869 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
870 } else {
871 if (unlikely(totlen_src && (mtk_req->nr_src <= 0))) {
872 CRYPTO_ERR("Source buffer not large enough\n");
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]873 kfree(TCRData);
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]874 return -EINVAL;
875 }
876 dma_map_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
877
878 if (unlikely(totlen_dst && (mtk_req->nr_dst <= 0))) {
879 CRYPTO_ERR("Dest buffer not large enough\n");
880 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
developerd66221d2024-04-01 19:03:52 +0800[diff] [blame]881 kfree(TCRData);
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]882 return -EINVAL;
883 }
884 dma_map_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
885 }
886
887 rc = PEC_SGList_Create(MAX(mtk_req->nr_src, 1), &SrcSGListHandle);
888 if (rc != PEC_STATUS_OK) {
889 CRYPTO_ERR("PEC_SGList_Create src failed with rc = %d\n", rc);
890 goto error_remove_sg;
891 }
892
893 DMAProperties.fCached = true;
894 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
895 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
896 for_each_sg(src, sg, mtk_req->nr_src, i) {
897 int len = sg_dma_len(sg);
898 DMABuf_Handle_t sg_handle;
899 DMABuf_HostAddress_t host;
900
901 if (totlen_src < len)
902 len = totlen_src;
903
904 DMAProperties.Size = MAX(len, 1);
905 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
906 if (rc != DMABUF_STATUS_OK) {
907 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
908 goto error_remove_sg;
909 }
910 rc = PEC_SGList_Write(SrcSGListHandle, i, sg_handle, len);
911 if (rc != PEC_STATUS_OK)
912 pr_notice("PEC_SGList_Write failed rc = %d\n", rc);
913
914 totlen_src -= len;
915 if (!totlen_src)
916 break;
917 }
918
919 rc = PEC_SGList_Create(MAX(mtk_req->nr_dst, 1), &DstSGListHandle);
920 if (rc != PEC_STATUS_OK) {
921 CRYPTO_ERR("PEC_SGList_Create dst failed with rc = %d\n", rc);
922 goto error_remove_sg;
923 }
924
925 for_each_sg(dst, sg, mtk_req->nr_dst, i) {
926 int len = sg_dma_len(sg);
927 DMABuf_Handle_t sg_handle;
928 DMABuf_HostAddress_t host;
929
930 if (len > totlen_dst)
931 len = totlen_dst;
932
933 DMAProperties.Size = MAX(len, 1);
934 rc = DMABuf_Particle_Alloc(DMAProperties, sg_dma_address(sg), &host, &sg_handle);
935 if (rc != DMABUF_STATUS_OK) {
936 CRYPTO_ERR("DMABuf_Particle_Alloc failed rc = %d\n", rc);
937 goto error_remove_sg;
938 }
939 rc = PEC_SGList_Write(DstSGListHandle, i, sg_handle, len);
940
941 if (unlikely(!len))
942 break;
943 totlen_dst -= len;
944 }
945
946 if (params.CryptoMode == SAB_CRYPTO_MODE_CBC &&
947 mtk_req->direction == MTK_CRYPTO_DECRYPT)
948 sg_pcopy_to_buffer(src, mtk_req->nr_src, iv, ivsize, cryptlen - ivsize);
949
950 PktHostAddress.p = kmalloc(sizeof(uint8_t), GFP_KERNEL);
951 ZEROINIT(TokenParams);
952 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *)PktHostAddress.p, cryptlen,
953 &TokenParams, (uint32_t *)TokenHostAddress.p,
954 &TokenWords, &TokenHeaderWord);
955 kfree(PktHostAddress.p);
956 if (rc != TKB_STATUS_OK) {
957 CRYPTO_ERR("Token builder failed: %d\n", rc);
958 goto error_remove_sg;
959 }
960
961 ZEROINIT(Cmd);
962 Cmd.Token_Handle = TokenHandle;
963 Cmd.Token_WordCount = TokenWords;
964 Cmd.SrcPkt_Handle = SrcSGListHandle;
965 Cmd.SrcPkt_ByteCount = cryptlen;
966 Cmd.DstPkt_Handle = DstSGListHandle;
967 Cmd.SA_Handle1 = SAHandle;
968 Cmd.SA_Handle2 = DMABuf_NULLHandle;
969
970#if defined(CRYPTO_IOTOKEN_EXT)
971 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
972#endif
973 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
974
975 if (!crypto_iotoken_create(&InTokenDscr,
976 InTokenDscrExt_p,
977 InputToken,
978 &Cmd)) {
979 rc = 1;
980 goto error_remove_sg;
981 }
982
983 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
984 if (rc != PEC_STATUS_OK && count != 1) {
985 rc = 1;
986 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
987 goto error_remove_sg;
988 }
989
990 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
991 if (!result) {
992 rc = 1;
993 CRYPTO_ERR("No memory for result\n");
994 goto error_remove_sg;
995 }
996 INIT_LIST_HEAD(&result->list);
997 result->eip.sa = SAHandle.p;
998 result->eip.token = TokenHandle.p;
999 result->eip.token_context = TCRData;
1000 result->eip.pkt_handle = SrcSGListHandle.p;
1001 result->async = async;
1002 result->dst = DstSGListHandle.p;
1003
1004 spin_lock_bh(&add_lock);
1005 list_add_tail(&result->list, &result_list);
1006 spin_unlock_bh(&add_lock);
1007 CBFunc = mtk_crypto_interrupt_handler;
1008 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1009 if (rc != PEC_STATUS_OK) {
1010 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1011 goto error_remove_sg;
1012 }
1013 return 0;
1014
1015error_remove_sg:
1016 if (src == dst) {
1017 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_BIDIRECTIONAL);
1018 } else {
1019 dma_unmap_sg(crypto_dev, src, mtk_req->nr_src, DMA_TO_DEVICE);
1020 dma_unmap_sg(crypto_dev, dst, mtk_req->nr_dst, DMA_FROM_DEVICE);
1021 }
1022
1023 crypto_free_sglist(SrcSGListHandle.p);
1024 crypto_free_sglist(DstSGListHandle.p);
1025
1026 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1027 DMABuf_NULLHandle);
1028
1029error_exit:
1030 DMABuf_Release(SAHandle);
1031 DMABuf_Release(TokenHandle);
1032
1033 if (TCRData != NULL)
1034 kfree(TCRData);
1035
1036 return rc;
1037}
1038
1039SABuilder_Auth_t lookaside_match_hash(enum mtk_crypto_alg alg)
1040{
1041 switch (alg) {
1042 case MTK_CRYPTO_ALG_SHA1:
1043 return SAB_AUTH_HASH_SHA1;
1044 case MTK_CRYPTO_ALG_SHA224:
1045 return SAB_AUTH_HASH_SHA2_224;
1046 case MTK_CRYPTO_ALG_SHA256:
1047 return SAB_AUTH_HASH_SHA2_256;
1048 case MTK_CRYPTO_ALG_SHA384:
1049 return SAB_AUTH_HASH_SHA2_384;
1050 case MTK_CRYPTO_ALG_SHA512:
1051 return SAB_AUTH_HASH_SHA2_512;
1052 case MTK_CRYPTO_ALG_MD5:
1053 return SAB_AUTH_HASH_MD5;
1054 case MTK_CRYPTO_ALG_XCBC:
1055 return SAB_AUTH_AES_XCBC_MAC;
1056 case MTK_CRYPTO_ALG_CMAC_128:
1057 return SAB_AUTH_AES_CMAC_128;
1058 case MTK_CRYPTO_ALG_CMAC_192:
1059 return SAB_AUTH_AES_CMAC_192;
1060 case MTK_CRYPTO_ALG_CMAC_256:
1061 return SAB_AUTH_AES_CMAC_256;
1062 default:
1063 return SAB_AUTH_NULL;
1064 }
1065}
1066
1067int crypto_ahash_token_req(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1068 uint8_t *Input_p, unsigned int InputByteCount, bool finish)
1069{
1070 struct mtk_crypto_result *result;
1071
1072 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1073 DMABuf_HostAddress_t TokenHostAddress;
1074 DMABuf_HostAddress_t PktHostAddress;
1075 DMABuf_Status_t DMAStatus;
1076
1077 DMABuf_Handle_t TokenHandle = {0};
1078 DMABuf_Handle_t PktHandle = {0};
1079 DMABuf_Handle_t SAHandle = {0};
1080
1081 unsigned int TokenMaxWords = 0;
1082 unsigned int TokenHeaderWord;
1083 unsigned int TokenWords = 0;
1084 void *TCRData = 0;
1085
1086 TokenBuilder_Params_t TokenParams;
1087 PEC_CommandDescriptor_t Cmd;
1088 PEC_NotifyFunction_t CBFunc;
1089
1090 unsigned int count;
1091 int rc;
1092
1093 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1094 IOToken_Output_Dscr_t OutTokenDscr;
1095 IOToken_Input_Dscr_t InTokenDscr;
1096 void *InTokenDscrExt_p = NULL;
1097
1098#ifdef CRYPTO_IOTOKEN_EXT
1099 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1100
1101 ZEROINIT(InTokenDscrExt);
1102 InTokenDscrExt_p = &InTokenDscrExt;
1103#endif
1104 ZEROINIT(InTokenDscr);
1105 ZEROINIT(OutTokenDscr);
1106
1107 TCRData = mtk_req->token_context;
1108 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1109 if (rc) {
1110 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1111 goto error_exit;
1112 }
1113
1114 DMAProperties.fCached = true;
1115 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1116 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1117 DMAProperties.Size = 4*TokenMaxWords;
1118
1119 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1120 if (DMAStatus != DMABUF_STATUS_OK) {
1121 rc = 1;
1122 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1123 goto error_exit;
1124 }
1125
1126 DMAProperties.fCached = true;
1127 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1128 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1129 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1130
1131 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1132 if (DMAStatus != DMABUF_STATUS_OK) {
1133 rc = 1;
1134 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1135 DMAStatus);
1136 goto error_exit;
1137 }
1138 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1139
1140 ZEROINIT(TokenParams);
1141 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHAPPEND;
1142 if (finish)
1143 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1144
1145 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1146 InputByteCount, &TokenParams,
1147 (u32 *) TokenHostAddress.p,
1148 &TokenWords, &TokenHeaderWord);
1149 if (rc != TKB_STATUS_OK) {
1150 CRYPTO_ERR("Token builder failed: %d\n", rc);
1151 goto error_exit_unregister;
1152 }
1153
1154 SAHandle.p = mtk_req->sa_pointer;
1155 ZEROINIT(Cmd);
1156 Cmd.Token_Handle = TokenHandle;
1157 Cmd.Token_WordCount = TokenWords;
1158 Cmd.SrcPkt_Handle = PktHandle;
1159 Cmd.SrcPkt_ByteCount = InputByteCount;
1160 Cmd.DstPkt_Handle = PktHandle;
1161 Cmd.SA_Handle1 = SAHandle;
1162 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1163
1164#if defined(CRYPTO_IOTOKEN_EXT)
1165 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1166#endif
1167 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1168
1169 if (!crypto_iotoken_create(&InTokenDscr,
1170 InTokenDscrExt_p,
1171 InputToken,
1172 &Cmd)) {
1173 rc = 1;
1174 goto error_exit_unregister;
1175 }
1176
1177 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1178 if (rc != PEC_STATUS_OK && count != 1) {
1179 rc = 1;
1180 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1181 goto error_exit_unregister;
1182 }
1183
1184 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1185 if (!result) {
1186 rc = 1;
1187 CRYPTO_ERR("No memory for result\n");
1188 goto error_exit_unregister;
1189 }
1190 INIT_LIST_HEAD(&result->list);
1191 result->eip.token = TokenHandle.p;
1192 result->eip.pkt_handle = PktHandle.p;
1193 result->async = async;
1194 result->dst = PktHostAddress.p;
1195
1196 spin_lock_bh(&add_lock);
1197 list_add_tail(&result->list, &result_list);
1198 spin_unlock_bh(&add_lock);
1199 CBFunc = mtk_crypto_interrupt_handler;
1200 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1201
1202 return rc;
1203
1204error_exit_unregister:
1205 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1206 DMABuf_NULLHandle);
1207
1208error_exit:
1209 DMABuf_Release(SAHandle);
1210 DMABuf_Release(TokenHandle);
1211 DMABuf_Release(PktHandle);
1212
1213 if (TCRData != NULL)
1214 kfree(TCRData);
1215
1216 return rc;
1217}
1218
1219int crypto_ahash_aes_cbc(struct crypto_async_request *async, struct mtk_crypto_ahash_req *mtk_req,
1220 uint8_t *Input_p, unsigned int InputByteCount)
1221{
1222 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1223 struct mtk_crypto_result *result;
1224 SABuilder_Params_Basic_t ProtocolParams;
1225 SABuilder_Params_t params;
1226 unsigned int SAWords = 0;
1227 int rc;
1228
1229 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1230 DMABuf_HostAddress_t TokenHostAddress;
1231 DMABuf_HostAddress_t PktHostAddress;
1232 DMABuf_HostAddress_t SAHostAddress;
1233 DMABuf_Status_t DMAStatus;
1234
1235 DMABuf_Handle_t TokenHandle = {0};
1236 DMABuf_Handle_t PktHandle = {0};
1237 DMABuf_Handle_t SAHandle = {0};
1238
1239 unsigned int TokenMaxWords = 0;
1240 unsigned int TokenHeaderWord;
1241 unsigned int TokenWords = 0;
1242 unsigned int TCRWords = 0;
1243 void *TCRData = 0;
1244
1245 TokenBuilder_Params_t TokenParams;
1246 PEC_CommandDescriptor_t Cmd;
1247 PEC_NotifyFunction_t CBFunc;
1248
1249 unsigned int count;
1250 int i;
1251
1252 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1253 IOToken_Output_Dscr_t OutTokenDscr;
1254 IOToken_Input_Dscr_t InTokenDscr;
1255 void *InTokenDscrExt_p = NULL;
1256
1257#ifdef CRYPTO_IOTOKEN_EXT
1258 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1259
1260 ZEROINIT(InTokenDscrExt);
1261 InTokenDscrExt_p = &InTokenDscrExt;
1262#endif
1263 ZEROINIT(InTokenDscr);
1264 ZEROINIT(OutTokenDscr);
1265
1266 if (!IS_ALIGNED(InputByteCount, 16)) {
1267 pr_notice("not aligned: %d\n", InputByteCount);
1268 return -EINVAL;
1269 }
1270 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1271 if (rc) {
1272 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1273 goto error_exit;
1274 }
1275
1276 params.CryptoAlgo = SAB_CRYPTO_AES;
1277 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
1278 params.KeyByteCount = ctx->key_sz - 2 * AES_BLOCK_SIZE;
1279 params.Key_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1280 params.IVSrc = SAB_IV_SRC_SA;
1281 params.IV_p = (uint8_t *) mtk_req->state;
1282
1283 if (ctx->alg == MTK_CRYPTO_ALG_XCBC) {
1284 for (i = 0; i < params.KeyByteCount; i = i + 4) {
1285 swap(params.Key_p[i], params.Key_p[i+3]);
1286 swap(params.Key_p[i+1], params.Key_p[i+2]);
1287 }
1288 }
1289
1290 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1291 if (rc) {
1292 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1293 goto error_exit;
1294 }
1295
1296 DMAProperties.fCached = true;
1297 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1298 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1299 DMAProperties.Size = MAX(4*SAWords, 256);
1300
1301 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1302 if (DMAStatus != DMABUF_STATUS_OK) {
1303 rc = 1;
1304 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1305 goto error_exit;
1306 }
1307
1308 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1309 if (rc) {
1310 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1311 goto error_exit;
1312 }
1313
1314 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1315 if (rc) {
1316 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1317 goto error_exit;
1318 }
1319
1320 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1321 if (!TCRData) {
1322 rc = 1;
1323 CRYPTO_ERR("Allocation of TCR failed\n");
1324 goto error_exit;
1325 }
1326
1327 rc = TokenBuilder_BuildContext(&params, TCRData);
1328 if (rc) {
1329 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1330 goto error_exit;
1331 }
1332
1333 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1334 if (rc) {
1335 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1336 goto error_exit;
1337 }
1338
1339 DMAProperties.fCached = true;
1340 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1341 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1342 DMAProperties.Size = 4*TokenMaxWords;
1343
1344 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1345 if (DMAStatus != DMABUF_STATUS_OK) {
1346 rc = 1;
1347 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1348 goto error_exit;
1349 }
1350
1351 DMAProperties.fCached = true;
1352 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1353 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1354 DMAProperties.Size = MAX(InputByteCount, 1);
1355
1356 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1357 if (DMAStatus != DMABUF_STATUS_OK) {
1358 rc = 1;
1359 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n", DMAStatus);
1360 goto error_exit;
1361 }
1362
1363 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1364 DMABuf_NULLHandle);
1365 if (rc != PEC_STATUS_OK) {
1366 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1367 goto error_exit;
1368 }
1369
1370 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1371
1372 ZEROINIT(TokenParams);
1373 rc = TokenBuilder_BuildToken(TCRData, (uint8_t *) PktHostAddress.p, InputByteCount,
1374 &TokenParams, (uint32_t *) TokenHostAddress.p,
1375 &TokenWords, &TokenHeaderWord);
1376 if (rc != TKB_STATUS_OK) {
1377 CRYPTO_ERR("Token builder failed: %d\n", rc);
1378 goto error_exit_unregister;
1379 }
1380
1381 ZEROINIT(Cmd);
1382 Cmd.Token_Handle = TokenHandle;
1383 Cmd.Token_WordCount = TokenWords;
1384 Cmd.SrcPkt_Handle = PktHandle;
1385 Cmd.SrcPkt_ByteCount = InputByteCount;
1386 Cmd.DstPkt_Handle = PktHandle;
1387 Cmd.SA_Handle1 = SAHandle;
1388 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1389
1390#if defined(CRYPTO_IOTOKEN_EXT)
1391 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1392#endif
1393 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1394
1395 if (!crypto_iotoken_create(&InTokenDscr,
1396 InTokenDscrExt_p,
1397 InputToken,
1398 &Cmd)) {
1399 rc = 1;
1400 goto error_exit_unregister;
1401 }
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1402
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1403 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1404 if (rc != PEC_STATUS_OK && count != 1) {
1405 rc = 1;
1406 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1407 goto error_exit_unregister;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1408 }
1409
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1410 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1411 if (!result) {
1412 rc = 1;
1413 CRYPTO_ERR("No memory for result\n");
1414 goto error_exit_unregister;
1415 }
1416 INIT_LIST_HEAD(&result->list);
1417 result->eip.sa = SAHandle.p;
1418 result->eip.token = TokenHandle.p;
1419 result->eip.token_context = TCRData;
1420 result->eip.pkt_handle = PktHandle.p;
1421 result->async = async;
1422 result->dst = PktHostAddress.p;
1423 result->size = InputByteCount;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1424
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1425 spin_lock_bh(&add_lock);
1426 list_add_tail(&result->list, &result_list);
1427 spin_unlock_bh(&add_lock);
1428
1429 CBFunc = mtk_crypto_interrupt_handler;
1430 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1431 if (rc != PEC_STATUS_OK) {
1432 CRYPTO_ERR("PEC_ResultNotify_Request failed with rc = %d\n", rc);
1433 goto error_exit_unregister;
1434 }
1435 return 0;
1436
1437error_exit_unregister:
1438 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1439 DMABuf_NULLHandle);
1440
1441error_exit:
1442 DMABuf_Release(SAHandle);
1443 DMABuf_Release(TokenHandle);
1444 DMABuf_Release(PktHandle);
1445
1446 if (TCRData != NULL)
1447 kfree(TCRData);
1448
1449 return rc;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1450}
1451
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1452int crypto_first_ahash_req(struct crypto_async_request *async,
1453 struct mtk_crypto_ahash_req *mtk_req, uint8_t *Input_p,
1454 unsigned int InputByteCount, bool finish)
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1455{
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1456 struct mtk_crypto_ahash_ctx *ctx = crypto_tfm_ctx(async->tfm);
1457 struct mtk_crypto_result *result;
1458 SABuilder_Params_Basic_t ProtocolParams;
1459 SABuilder_Params_t params;
1460 unsigned int SAWords = 0;
1461 static uint8_t DummyAuthKey[64];
1462 int rc;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1463
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1464 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1465 DMABuf_HostAddress_t TokenHostAddress;
1466 DMABuf_HostAddress_t PktHostAddress;
1467 DMABuf_HostAddress_t SAHostAddress;
1468 DMABuf_Status_t DMAStatus;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1469
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1470 DMABuf_Handle_t TokenHandle = {0};
1471 DMABuf_Handle_t PktHandle = {0};
1472 DMABuf_Handle_t SAHandle = {0};
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1473
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1474 unsigned int TokenMaxWords = 0;
1475 unsigned int TokenHeaderWord;
1476 unsigned int TokenWords = 0;
1477 unsigned int TCRWords = 0;
1478 void *TCRData = 0;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1479
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1480 TokenBuilder_Params_t TokenParams;
1481 PEC_CommandDescriptor_t Cmd;
1482 PEC_NotifyFunction_t CBFunc;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1483
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1484 unsigned int count;
1485 int i;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1486
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1487 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1488 IOToken_Output_Dscr_t OutTokenDscr;
1489 IOToken_Input_Dscr_t InTokenDscr;
1490 void *InTokenDscrExt_p = NULL;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1491
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1492#ifdef CRYPTO_IOTOKEN_EXT
1493 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1494
1495 ZEROINIT(InTokenDscrExt);
1496 InTokenDscrExt_p = &InTokenDscrExt;
1497#endif
1498 ZEROINIT(InTokenDscr);
1499 ZEROINIT(OutTokenDscr);
1500
1501 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1502 if (rc) {
1503 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1504 goto error_exit;
1505 }
1506
1507 params.IV_p = (uint8_t *) ctx->ipad;
1508 params.AuthAlgo = lookaside_match_hash(ctx->alg);
1509 params.AuthKey1_p = DummyAuthKey;
1510 if (params.AuthAlgo == SAB_AUTH_AES_XCBC_MAC) {
1511 params.AuthKey1_p = (uint8_t *) ctx->ipad + 2 * AES_BLOCK_SIZE;
1512 params.AuthKey2_p = (uint8_t *) ctx->ipad;
1513 params.AuthKey3_p = (uint8_t *) ctx->ipad + AES_BLOCK_SIZE;
1514
1515 for (i = 0; i < AES_BLOCK_SIZE; i = i + 4) {
1516 swap(params.AuthKey1_p[i], params.AuthKey1_p[i+3]);
1517 swap(params.AuthKey1_p[i+1], params.AuthKey1_p[i+2]);
1518
1519 swap(params.AuthKey2_p[i], params.AuthKey2_p[i+3]);
1520 swap(params.AuthKey2_p[i+1], params.AuthKey2_p[i+2]);
1521
1522 swap(params.AuthKey3_p[i], params.AuthKey3_p[i+3]);
1523 swap(params.AuthKey3_p[i+1], params.AuthKey3_p[i+2]);
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1524 }
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1525 }
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1526
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1527 if (!finish)
1528 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1529
1530 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1531 ProtocolParams.ICVByteCount = mtk_req->digest_sz;
1532
1533 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1534 if (rc) {
1535 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1536 goto error_exit;
1537 }
1538
1539 DMAProperties.fCached = true;
1540 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1541 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1542 DMAProperties.Size = MAX(4*SAWords, 256);
1543
1544 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1545 if (DMAStatus != DMABUF_STATUS_OK) {
1546 rc = 1;
1547 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1548 goto error_exit;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1549 }
1550
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1551 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1552 if (rc) {
1553 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1554 goto error_exit;
1555 }
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1556
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1557 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1558 if (rc) {
1559 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1560 goto error_exit;
1561 }
1562
1563 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1564 if (!TCRData) {
1565 rc = 1;
1566 CRYPTO_ERR("Allocation of TCR failed\n");
1567 goto error_exit;
1568 }
1569
1570 rc = TokenBuilder_BuildContext(&params, TCRData);
1571 if (rc) {
1572 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1573 goto error_exit;
1574 }
1575 mtk_req->token_context = TCRData;
1576
1577 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1578 if (rc) {
1579 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1580 goto error_exit;
1581 }
1582
1583 DMAProperties.fCached = true;
1584 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1585 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1586 DMAProperties.Size = 4*TokenMaxWords;
1587
1588 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1589 if (DMAStatus != DMABUF_STATUS_OK) {
1590 rc = 1;
1591 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1592 goto error_exit;
1593 }
1594
1595 DMAProperties.fCached = true;
1596 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1597 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1598 DMAProperties.Size = MAX(InputByteCount, mtk_req->digest_sz);
1599
1600 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1601 if (DMAStatus != DMABUF_STATUS_OK) {
1602 rc = 1;
1603 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1604 DMAStatus);
1605 goto error_exit;
1606 }
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1607
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1608 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1609 DMABuf_NULLHandle);
1610 if (rc != PEC_STATUS_OK) {
1611 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1612 goto error_exit;
1613 }
1614 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1615
1616 ZEROINIT(TokenParams);
1617 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1618 | TKB_PACKET_FLAG_HASHAPPEND);
1619 if (finish)
1620 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1621
1622 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1623 InputByteCount, &TokenParams,
1624 (u32 *) TokenHostAddress.p,
1625 &TokenWords, &TokenHeaderWord);
1626 if (rc != TKB_STATUS_OK) {
1627 CRYPTO_ERR("Token builder failed: %d\n", rc);
1628 goto error_exit_unregister;
1629 }
1630
1631 ZEROINIT(Cmd);
1632 Cmd.Token_Handle = TokenHandle;
1633 Cmd.Token_WordCount = TokenWords;
1634 Cmd.SrcPkt_Handle = PktHandle;
1635 Cmd.SrcPkt_ByteCount = InputByteCount;
1636 Cmd.DstPkt_Handle = PktHandle;
1637 Cmd.SA_Handle1 = SAHandle;
1638 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1639
1640 mtk_req->sa_pointer = SAHandle.p;
1641
1642#if defined(CRYPTO_IOTOKEN_EXT)
1643 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1644#endif
1645 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1646
1647 if (!crypto_iotoken_create(&InTokenDscr,
1648 InTokenDscrExt_p,
1649 InputToken,
1650 &Cmd)) {
1651 rc = 1;
1652 goto error_exit_unregister;
1653 }
1654
1655 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1656 if (rc != PEC_STATUS_OK && count != 1) {
1657 rc = 1;
1658 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1659 goto error_exit_unregister;
1660 }
1661
1662 result = kmalloc(sizeof(struct mtk_crypto_result), GFP_KERNEL);
1663 if (!result) {
1664 rc = 1;
1665 CRYPTO_ERR("No memory for result\n");
1666 goto error_exit_unregister;
1667 }
1668 INIT_LIST_HEAD(&result->list);
1669 result->eip.token = TokenHandle.p;
1670 result->eip.pkt_handle = PktHandle.p;
1671 result->async = async;
1672 result->dst = PktHostAddress.p;
1673
1674 spin_lock_bh(&add_lock);
1675 list_add_tail(&result->list, &result_list);
1676 spin_unlock_bh(&add_lock);
1677 CBFunc = mtk_crypto_interrupt_handler;
1678 rc = PEC_ResultNotify_Request(PEC_INTERFACE_ID, CBFunc, 1);
1679
1680 return rc;
1681
1682error_exit_unregister:
1683 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1684 DMABuf_NULLHandle);
1685
1686error_exit:
1687 DMABuf_Release(SAHandle);
1688 DMABuf_Release(TokenHandle);
1689 DMABuf_Release(PktHandle);
1690
1691 if (TCRData != NULL)
1692 kfree(TCRData);
1693
1694 return rc;
1695}
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1696
1697bool crypto_basic_hash(SABuilder_Auth_t HashAlgo, uint8_t *Input_p,
1698 unsigned int InputByteCount, uint8_t *Output_p,
1699 unsigned int OutputByteCount, bool fFinalize)
1700{
1701 SABuilder_Params_Basic_t ProtocolParams;
1702 SABuilder_Params_t params;
1703 unsigned int SAWords = 0;
1704 static uint8_t DummyAuthKey[64];
1705 int rc;
1706
1707 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
1708 DMABuf_HostAddress_t TokenHostAddress;
1709 DMABuf_HostAddress_t PktHostAddress;
1710 DMABuf_HostAddress_t SAHostAddress;
1711 DMABuf_Status_t DMAStatus;
1712
1713 DMABuf_Handle_t TokenHandle = {0};
1714 DMABuf_Handle_t PktHandle = {0};
1715 DMABuf_Handle_t SAHandle = {0};
1716
1717 unsigned int TokenMaxWords = 0;
1718 unsigned int TokenHeaderWord;
1719 unsigned int TokenWords = 0;
1720 unsigned int TCRWords = 0;
1721 void *TCRData = 0;
1722
1723 TokenBuilder_Params_t TokenParams;
1724 PEC_CommandDescriptor_t Cmd;
1725 PEC_ResultDescriptor_t Res;
1726 unsigned int count;
1727
1728 u32 OutputToken[IOTOKEN_IN_WORD_COUNT];
1729 u32 InputToken[IOTOKEN_IN_WORD_COUNT];
1730 IOToken_Output_Dscr_t OutTokenDscr;
1731 IOToken_Input_Dscr_t InTokenDscr;
1732 void *InTokenDscrExt_p = NULL;
1733
1734#ifdef CRYPTO_IOTOKEN_EXT
1735 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
1736
1737 ZEROINIT(InTokenDscrExt);
1738 InTokenDscrExt_p = &InTokenDscrExt;
1739#endif
1740 ZEROINIT(InTokenDscr);
1741 ZEROINIT(OutTokenDscr);
1742
1743 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
1744 if (rc) {
1745 CRYPTO_ERR("SABuilder_Init_Basic failed: %d\n", rc);
1746 goto error_exit;
1747 }
1748
1749 params.AuthAlgo = HashAlgo;
1750 params.AuthKey1_p = DummyAuthKey;
1751
1752 if (!fFinalize)
1753 params.flags |= SAB_FLAG_HASH_SAVE | SAB_FLAG_HASH_INTERMEDIATE;
1754 params.flags |= SAB_FLAG_SUPPRESS_PAYLOAD;
1755 ProtocolParams.ICVByteCount = OutputByteCount;
1756
1757 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
1758 if (rc) {
1759 CRYPTO_ERR("SA not created because of size errors: %d\n", rc);
1760 goto error_exit;
1761 }
1762
1763 DMAProperties.fCached = true;
1764 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1765 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
1766 DMAProperties.Size = MAX(4*SAWords, 256);
1767
1768 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
1769 if (DMAStatus != DMABUF_STATUS_OK) {
1770 rc = 1;
1771 CRYPTO_ERR("Allocation of SA failed: %d\n", DMAStatus);
1772 goto error_exit;
1773 }
1774
1775 rc = SABuilder_BuildSA(&params, (u32 *)SAHostAddress.p, NULL, NULL);
1776 if (rc) {
1777 CRYPTO_ERR("SA not created because of errors: %d\n", rc);
1778 goto error_exit;
1779 }
1780
1781 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
1782 if (rc) {
1783 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors: %d\n", rc);
1784 goto error_exit;
1785 }
1786
1787 TCRData = kmalloc(4 * TCRWords, GFP_KERNEL);
1788 if (!TCRData) {
1789 rc = 1;
1790 CRYPTO_ERR("Allocation of TCR failed\n");
1791 goto error_exit;
1792 }
1793
1794 rc = TokenBuilder_BuildContext(&params, TCRData);
1795 if (rc) {
1796 CRYPTO_ERR("TokenBuilder_BuildContext failed: %d\n", rc);
1797 goto error_exit;
1798 }
1799
1800 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
1801 if (rc) {
1802 CRYPTO_ERR("TokenBuilder_GetSize failed: %d\n", rc);
1803 goto error_exit;
1804 }
1805
1806 DMAProperties.fCached = true;
1807 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1808 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TOKEN;
1809 DMAProperties.Size = 4*TokenMaxWords;
1810
1811 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
1812 if (DMAStatus != DMABUF_STATUS_OK) {
1813 rc = 1;
1814 CRYPTO_ERR("Allocation of token builder failed: %d\n", DMAStatus);
1815 goto error_exit;
1816 }
1817
1818 DMAProperties.fCached = true;
1819 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
1820 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
1821 DMAProperties.Size = MAX(InputByteCount, OutputByteCount);
1822
1823 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress, &PktHandle);
1824 if (DMAStatus != DMABUF_STATUS_OK) {
1825 rc = 1;
1826 CRYPTO_ERR("Allocation of source packet buffer failed: %d\n",
1827 DMAStatus);
1828 goto error_exit;
1829 }
1830
1831 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1832 DMABuf_NULLHandle);
1833 if (rc != PEC_STATUS_OK) {
1834 CRYPTO_ERR("PEC_SA_Register failed: %d\n", rc);
1835 goto error_exit;
1836 }
1837
1838 memcpy(PktHostAddress.p, Input_p, InputByteCount);
1839
1840 ZEROINIT(TokenParams);
1841 TokenParams.PacketFlags |= (TKB_PACKET_FLAG_HASHFIRST
1842 | TKB_PACKET_FLAG_HASHAPPEND);
1843 if (fFinalize)
1844 TokenParams.PacketFlags |= TKB_PACKET_FLAG_HASHFINAL;
1845
1846 rc = TokenBuilder_BuildToken(TCRData, (u8 *) PktHostAddress.p,
1847 InputByteCount, &TokenParams,
1848 (u32 *) TokenHostAddress.p,
1849 &TokenWords, &TokenHeaderWord);
1850 if (rc != TKB_STATUS_OK) {
1851 CRYPTO_ERR("Token builder failed: %d\n", rc);
1852 goto error_exit_unregister;
1853 }
1854
1855 ZEROINIT(Cmd);
1856 Cmd.Token_Handle = TokenHandle;
1857 Cmd.Token_WordCount = TokenWords;
1858 Cmd.SrcPkt_Handle = PktHandle;
1859 Cmd.SrcPkt_ByteCount = InputByteCount;
1860 Cmd.DstPkt_Handle = PktHandle;
1861 Cmd.SA_Handle1 = SAHandle;
1862 Cmd.SA_Handle2 = DMABuf_NULLHandle;
1863
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1864#if defined(CRYPTO_IOTOKEN_EXT)
1865 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
1866#endif
1867 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
1868
1869 if (!crypto_iotoken_create(&InTokenDscr,
1870 InTokenDscrExt_p,
1871 InputToken,
1872 &Cmd)) {
1873 rc = 1;
1874 goto error_exit_unregister;
1875 }
1876
1877 rc = PEC_Packet_Put(PEC_INTERFACE_ID, &Cmd, 1, &count);
1878 if (rc != PEC_STATUS_OK && count != 1) {
1879 rc = 1;
1880 CRYPTO_ERR("PEC_Packet_Put error: %d\n", rc);
1881 goto error_exit_unregister;
1882 }
1883
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1884 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1885 rc = 1;
developer2df22aa2024-03-22 14:36:06 +0800[diff] [blame]1886 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]1887 goto error_exit_unregister;
1888 }
1889 memcpy(Output_p, PktHostAddress.p, OutputByteCount);
1890
1891error_exit_unregister:
1892 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
1893 DMABuf_NULLHandle);
1894
1895error_exit:
1896 DMABuf_Release(SAHandle);
1897 DMABuf_Release(TokenHandle);
1898 DMABuf_Release(PktHandle);
1899
1900 if (TCRData != NULL)
1901 kfree(TCRData);
1902
1903 return rc == 0;
1904}
1905
1906bool crypto_hmac_precompute(SABuilder_Auth_t AuthAlgo,
1907 uint8_t *AuthKey_p,
1908 unsigned int AuthKeyByteCount,
1909 uint8_t *Inner_p,
1910 uint8_t *Outer_p)
1911{
1912 SABuilder_Auth_t HashAlgo;
1913 unsigned int blocksize, hashsize, digestsize;
1914 static uint8_t pad_block[128], hashed_key[128];
1915 unsigned int i;
1916
1917 switch (AuthAlgo) {
1918 case SAB_AUTH_HMAC_MD5:
1919 HashAlgo = SAB_AUTH_HASH_MD5;
1920 blocksize = 64;
1921 hashsize = 16;
1922 digestsize = 16;
1923 break;
1924 case SAB_AUTH_HMAC_SHA1:
1925 HashAlgo = SAB_AUTH_HASH_SHA1;
1926 blocksize = 64;
1927 hashsize = 20;
1928 digestsize = 20;
1929 break;
1930 case SAB_AUTH_HMAC_SHA2_224:
1931 HashAlgo = SAB_AUTH_HASH_SHA2_224;
1932 blocksize = 64;
1933 hashsize = 28;
1934 digestsize = 32;
1935 break;
1936 case SAB_AUTH_HMAC_SHA2_256:
1937 HashAlgo = SAB_AUTH_HASH_SHA2_256;
1938 blocksize = 64;
1939 hashsize = 32;
1940 digestsize = 32;
1941 break;
1942 case SAB_AUTH_HMAC_SHA2_384:
1943 HashAlgo = SAB_AUTH_HASH_SHA2_384;
1944 blocksize = 128;
1945 hashsize = 48;
1946 digestsize = 64;
1947 break;
1948 case SAB_AUTH_HMAC_SHA2_512:
1949 HashAlgo = SAB_AUTH_HASH_SHA2_512;
1950 blocksize = 128;
1951 hashsize = 64;
1952 digestsize = 64;
1953 break;
1954 default:
1955 CRYPTO_ERR("Unknown HMAC algorithm\n");
1956 return false;
1957 }
1958
1959 memset(hashed_key, 0, blocksize);
1960 if (AuthKeyByteCount <= blocksize) {
1961 memcpy(hashed_key, AuthKey_p, AuthKeyByteCount);
1962 } else {
1963 if (!crypto_basic_hash(HashAlgo, AuthKey_p, AuthKeyByteCount,
1964 hashed_key, hashsize, true))
1965 return false;
1966 }
1967
1968 for (i = 0; i < blocksize; i++)
1969 pad_block[i] = hashed_key[i] ^ 0x36;
1970
1971 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1972 Inner_p, digestsize, false))
1973 return false;
1974
1975 for (i = 0; i < blocksize; i++)
1976 pad_block[i] = hashed_key[i] ^ 0x5c;
1977
1978 if (!crypto_basic_hash(HashAlgo, pad_block, blocksize,
1979 Outer_p, digestsize, false))
1980 return false;
1981
1982 return true;
1983}
1984
1985static SABuilder_Crypto_t set_crypto_algo(struct xfrm_algo *ealg)
1986{
1987 if (strcmp(ealg->alg_name, "cbc(des)") == 0)
1988 return SAB_CRYPTO_DES;
1989 else if (strcmp(ealg->alg_name, "cbc(aes)") == 0)
1990 return SAB_CRYPTO_AES;
1991 else if (strcmp(ealg->alg_name, "cbc(des3_ede)") == 0)
1992 return SAB_CRYPTO_3DES;
1993
1994 return SAB_CRYPTO_NULL;
1995}
1996
1997static bool set_auth_algo(struct xfrm_algo_auth *aalg, SABuilder_Params_t *params,
1998 uint8_t *inner, uint8_t *outer)
1999{
2000 if (strcmp(aalg->alg_name, "hmac(sha1)") == 0) {
2001 params->AuthAlgo = SAB_AUTH_HMAC_SHA1;
2002 inner = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2003 outer = kcalloc(SHA1_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2004 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA1, &aalg->alg_key[0],
2005 aalg->alg_key_len / 8, inner, outer);
2006
2007 params->AuthKey1_p = inner;
2008 params->AuthKey2_p = outer;
2009 } else if (strcmp(aalg->alg_name, "hmac(sha256)") == 0) {
2010 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2011 inner = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2012 outer = kcalloc(SHA256_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2013 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_256, &aalg->alg_key[0],
2014 aalg->alg_key_len / 8, inner, outer);
2015 params->AuthKey1_p = inner;
2016 params->AuthKey2_p = outer;
2017 } else if (strcmp(aalg->alg_name, "hmac(sha384)") == 0) {
2018 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_384;
2019 inner = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2020 outer = kcalloc(SHA384_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2021 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_384, &aalg->alg_key[0],
2022 aalg->alg_key_len / 8, inner, outer);
2023 params->AuthKey1_p = inner;
2024 params->AuthKey2_p = outer;
2025 } else if (strcmp(aalg->alg_name, "hmac(sha512)") == 0) {
2026 params->AuthAlgo = SAB_AUTH_HMAC_SHA2_512;
2027 inner = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2028 outer = kcalloc(SHA512_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2029 crypto_hmac_precompute(SAB_AUTH_HMAC_SHA2_512, &aalg->alg_key[0],
2030 aalg->alg_key_len / 8, inner, outer);
2031 params->AuthKey1_p = inner;
2032 params->AuthKey2_p = outer;
2033 } else if (strcmp(aalg->alg_name, "hmac(md5)") == 0) {
2034 params->AuthAlgo = SAB_AUTH_HMAC_MD5;
2035 inner = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2036 outer = kcalloc(MD5_DIGEST_SIZE, sizeof(uint8_t), GFP_KERNEL);
2037 crypto_hmac_precompute(SAB_AUTH_HMAC_MD5, &aalg->alg_key[0],
2038 aalg->alg_key_len / 8, inner, outer);
2039 params->AuthKey1_p = inner;
2040 params->AuthKey2_p = outer;
2041 } else {
2042 return false;
2043 }
2044
2045 return true;
2046}
2047
2048u32 *mtk_ddk_tr_ipsec_build(struct mtk_xfrm_params *xfrm_params, u32 ipsec_mode)
2049{
2050 struct xfrm_state *xs = xfrm_params->xs;
2051 SABuilder_Params_IPsec_t ipsec_params;
2052 SABuilder_Status_t sa_status;
2053 SABuilder_Params_t params;
2054 bool set_auth_success = false;
2055 unsigned int SAWords = 0;
2056 uint8_t *inner, *outer;
2057
2058 DMABuf_Status_t dma_status;
2059 DMABuf_Properties_t dma_properties = {0, 0, 0, 0};
2060 DMABuf_HostAddress_t sa_host_addr;
2061
2062 DMABuf_Handle_t sa_handle = {0};
2063
2064 sa_status = SABuilder_Init_ESP(&params,
2065 &ipsec_params,
2066 be32_to_cpu(xs->id.spi),
2067 ipsec_mode,
2068 SAB_IPSEC_IPV4,
2069 xfrm_params->dir);
2070
2071 if (sa_status != SAB_STATUS_OK) {
2072 pr_err("SABuilder_Init_ESP failed\n");
2073 sa_handle.p = NULL;
2074 return (u32 *) sa_handle.p;
2075 }
2076
developerc13ea302023-12-13 19:28:49 +0800[diff] [blame]2077 /* No support for aead now */
2078 if (xs->aead) {
2079 CRYPTO_ERR("AEAD not supported\n");
2080 sa_handle.p = NULL;
2081 return (u32 *) sa_handle.p;
2082 }
2083
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]2084 /* Add crypto key and parameters */
2085 params.CryptoAlgo = set_crypto_algo(xs->ealg);
2086 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2087 params.KeyByteCount = xs->ealg->alg_key_len / 8;
2088 params.Key_p = xs->ealg->alg_key;
2089
2090 /* Add authentication key and parameters */
2091 set_auth_success = set_auth_algo(xs->aalg, &params, inner, outer);
2092 if (set_auth_success != true) {
2093 CRYPTO_ERR("Set Auth Algo failed\n");
2094 sa_handle.p = NULL;
2095 return (u32 *) sa_handle.p;
2096 }
2097
2098 ipsec_params.IPsecFlags |= (SAB_IPSEC_PROCESS_IP_HEADERS
2099 | SAB_IPSEC_EXT_PROCESSING);
2100 if (ipsec_mode == SAB_IPSEC_TUNNEL) {
2101 ipsec_params.SrcIPAddr_p = (uint8_t *) &xs->props.saddr.a4;
2102 ipsec_params.DestIPAddr_p = (uint8_t *) &xs->id.daddr.a4;
2103 }
2104
2105 sa_status = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2106 if (sa_status != SAB_STATUS_OK) {
2107 CRYPTO_ERR("SA not created because of size errors\n");
2108 sa_handle.p = NULL;
2109 return (u32 *) sa_handle.p;
2110 }
2111
2112 dma_properties.fCached = true;
2113 dma_properties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2114 dma_properties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2115 dma_properties.Size = SAWords * sizeof(u32);
2116
2117 dma_status = DMABuf_Alloc(dma_properties, &sa_host_addr, &sa_handle);
2118 if (dma_status != DMABUF_STATUS_OK) {
2119 CRYPTO_ERR("Allocation of SA failed\n");
2120 /* goto error_exit; */
2121 sa_handle.p = NULL;
2122 return (u32 *) sa_handle.p;
2123 }
2124
2125 sa_status = SABuilder_BuildSA(&params, (u32 *) sa_host_addr.p, NULL, NULL);
2126 if (sa_status != SAB_STATUS_OK) {
2127 CRYPTO_ERR("SA not created because of errors\n");
2128 sa_handle.p = NULL;
2129 return (u32 *) sa_handle.p;
2130 }
2131
2132 kfree(inner);
2133 kfree(outer);
2134 return (u32 *) sa_host_addr.p;
2135}
2136
2137int mtk_ddk_pec_init(void)
2138{
2139 PEC_InitBlock_t pec_init_blk = {0, 0, false};
2140 PEC_Capabilities_t pec_cap;
2141 PEC_Status_t pec_sta;
2142 u32 i = MTK_EIP197_INLINE_NOF_TRIES;
developer12ea7142024-03-28 15:18:08 +0800[diff] [blame]2143#ifdef PEC_PCL_EIP197
2144 PCL_Status_t pcl_sta;
2145#endif
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]2146
developer12ea7142024-03-28 15:18:08 +0800[diff] [blame]2147#ifdef PEC_PCL_EIP197
2148 pcl_sta = PCL_Init(PCL_INTERFACE_ID, 1);
2149 if (pcl_sta != PCL_STATUS_OK) {
2150 CRYPTO_ERR("PCL could not be initialized, error=%d\n", pcl_sta);
2151 return 0;
2152 }
2153
2154 pcl_sta = PCL_DTL_Init(PCL_INTERFACE_ID);
2155 if (pcl_sta != PCL_STATUS_OK) {
2156 CRYPTO_ERR("PCL-DTL could not be initialized, error=%d\n", pcl_sta);
2157 return -1;
2158 }
2159#endif
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]2160 while (i) {
2161 pec_sta = PEC_Init(PEC_INTERFACE_ID, &pec_init_blk);
2162 if (pec_sta == PEC_STATUS_OK) {
2163 CRYPTO_INFO("PEC_INIT ok!\n");
2164 break;
2165 } else if (pec_sta != PEC_STATUS_OK && pec_sta != PEC_STATUS_BUSY) {
2166 return pec_sta;
2167 }
2168
2169 mdelay(MTK_EIP197_INLINE_RETRY_DELAY_MS);
2170 i--;
2171 }
2172
2173 if (!i) {
2174 CRYPTO_ERR("PEC could not be initialized: %d\n", pec_sta);
2175 return pec_sta;
2176 }
2177
2178 pec_sta = PEC_Capabilities_Get(&pec_cap);
2179 if (pec_sta != PEC_STATUS_OK) {
2180 CRYPTO_ERR("PEC capability could not be obtained: %d\n", pec_sta);
developer12ea7142024-03-28 15:18:08 +0800[diff] [blame]2181#ifdef PEC_PCL_EIP197
2182 PCL_UnInit(PCL_INTERFACE_ID);
2183#endif
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]2184 return pec_sta;
2185 }
2186
2187 CRYPTO_INFO("PEC Capabilities: %s\n", pec_cap.szTextDescription);
2188
2189 return 0;
2190}
2191
2192void mtk_ddk_pec_deinit(void)
2193{
developer12ea7142024-03-28 15:18:08 +0800[diff] [blame]2194 unsigned int LoopCounter = MTK_EIP197_INLINE_NOF_TRIES;
2195 PEC_Status_t PEC_Status;
2196
2197 while (LoopCounter > 0) {
2198 PEC_Status = PEC_UnInit(PEC_INTERFACE_ID);
2199 if (PEC_Status == PEC_STATUS_OK)
2200 break;
2201 else if (PEC_Status != PEC_STATUS_OK && PEC_Status != PEC_STATUS_BUSY) {
2202 CRYPTO_ERR("PEC could not be un-initialized, error=%d\n", PEC_Status);
2203 return;
2204 }
2205 // Wait for MTK_EIP197_INLINE_RETRY_DELAY_MS milliseconds
2206 udelay(MTK_EIP197_INLINE_RETRY_DELAY_MS * 1000);
2207 LoopCounter--;
2208 }
2209 // Check for timeout
2210 if (LoopCounter == 0) {
2211 CRYPTO_ERR("PEC could not be un-initialized, timeout\n");
2212 return;
2213 }
2214
2215#ifdef PEC_PCL_EIP197
2216 PCL_DTL_UnInit(PCL_INTERFACE_ID);
2217 PCL_UnInit(PCL_INTERFACE_ID);
2218#endif
2219}
2220
2221bool
2222mtk_ddk_aes_block_encrypt(uint8_t *Key_p,
2223 unsigned int KeyByteCount,
2224 uint8_t *InData_p,
2225 uint8_t *OutData_p)
2226{
2227 int rc;
2228 SABuilder_Params_t params;
2229 SABuilder_Params_Basic_t ProtocolParams;
2230 unsigned int SAWords = 0;
2231
2232 DMABuf_Status_t DMAStatus;
2233 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2234 DMABuf_HostAddress_t SAHostAddress;
2235 DMABuf_HostAddress_t TokenHostAddress;
2236 DMABuf_HostAddress_t PktHostAddress;
2237
2238 DMABuf_Handle_t SAHandle = {0};
2239 DMABuf_Handle_t TokenHandle = {0};
2240 DMABuf_Handle_t PktHandle = {0};
2241
2242 unsigned int TCRWords = 0;
2243 void *TCRData = 0;
2244 unsigned int TokenWords = 0;
2245 unsigned int TokenHeaderWord;
2246 unsigned int TokenMaxWords = 0;
2247
2248 TokenBuilder_Params_t TokenParams;
2249 PEC_CommandDescriptor_t Cmd;
2250 PEC_ResultDescriptor_t Res;
2251 unsigned int count;
2252
2253 IOToken_Input_Dscr_t InTokenDscr;
2254 IOToken_Output_Dscr_t OutTokenDscr;
2255 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT];
2256 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT];
2257 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2258 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2259
2260 ZEROINIT(InTokenDscrExt);
2261 ZEROINIT(OutTokenDscrExt);
2262
2263 ZEROINIT(InTokenDscr);
2264 ZEROINIT(OutTokenDscr);
2265
2266 rc = SABuilder_Init_Basic(&params, &ProtocolParams, SAB_DIRECTION_OUTBOUND);
2267 if (rc != 0) {
2268 CRYPTO_ERR("SABuilder_Init_Basic failed\n");
2269 goto error_exit;
2270 }
2271 // Add crypto key and parameters.
2272 params.CryptoAlgo = SAB_CRYPTO_AES;
2273 params.CryptoMode = SAB_CRYPTO_MODE_ECB;
2274 params.KeyByteCount = KeyByteCount;
2275 params.Key_p = Key_p;
2276
2277 rc = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2278
2279 if (rc != 0) {
2280 CRYPTO_ERR("SA not created because of errors\n");
2281 goto error_exit;
2282 }
2283
2284 DMAProperties.fCached = true;
2285 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2286 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2287 DMAProperties.Size = 4*SAWords;
2288
2289 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress, &SAHandle);
2290 if (DMAStatus != DMABUF_STATUS_OK) {
2291 rc = 1;
2292 CRYPTO_ERR("Allocation of SA failed\n");
2293 goto error_exit;
2294 }
2295
2296 rc = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2297
2298 if (rc != 0) {
2299 LOG_CRIT("SA not created because of errors\n");
2300 goto error_exit;
2301 }
2302
2303 rc = TokenBuilder_GetContextSize(&params, &TCRWords);
2304
2305 if (rc != 0) {
2306 CRYPTO_ERR("TokenBuilder_GetContextSize returned errors\n");
2307 goto error_exit;
2308 }
2309
2310 // The Token Context Record does not need to be allocated
2311 // in a DMA-safe buffer.
2312 TCRData = kcalloc(4*TCRWords, sizeof(uint8_t), GFP_KERNEL);
2313 if (!TCRData) {
2314 rc = 1;
2315 CRYPTO_ERR("Allocation of TCR failed\n");
2316 goto error_exit;
2317 }
2318
2319 rc = TokenBuilder_BuildContext(&params, TCRData);
2320
2321 if (rc != 0) {
2322 CRYPTO_ERR("TokenBuilder_BuildContext failed\n");
2323 goto error_exit;
2324 }
2325
2326 rc = TokenBuilder_GetSize(TCRData, &TokenMaxWords);
2327 if (rc != 0) {
2328 CRYPTO_ERR("TokenBuilder_GetSize failed\n");
2329 goto error_exit;
2330 }
2331
2332 // Allocate one buffer for the token and two packet buffers.
2333
2334 DMAProperties.fCached = true;
2335 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2336 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2337 DMAProperties.Size = 4*TokenMaxWords;
2338
2339 DMAStatus = DMABuf_Alloc(DMAProperties, &TokenHostAddress, &TokenHandle);
2340 if (DMAStatus != DMABUF_STATUS_OK) {
2341 rc = 1;
2342 CRYPTO_ERR("Allocation of token buffer failed.\n");
2343 goto error_exit;
2344 }
2345
2346 DMAProperties.fCached = true;
2347 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2348 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_PACKET;
2349 DMAProperties.Size = 16;
2350
2351 DMAStatus = DMABuf_Alloc(DMAProperties, &PktHostAddress,
2352 &PktHandle);
2353 if (DMAStatus != DMABUF_STATUS_OK) {
2354 rc = 1;
2355 CRYPTO_ERR("Allocation of source packet buffer failed.\n");
2356 goto error_exit;
2357 }
2358
2359 // Register the SA
2360 rc = PEC_SA_Register(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2361 DMABuf_NULLHandle);
2362 if (rc != PEC_STATUS_OK) {
2363 CRYPTO_ERR("PEC_SA_Register failed\n");
2364 goto error_exit;
2365 }
2366
2367 // Copy input packet into source packet buffer.
2368 memcpy(PktHostAddress.p, InData_p, 16);
2369
2370 // Set Token Parameters if specified in test vector.
2371 ZEROINIT(TokenParams);
2372
2373
2374 // Prepare a token to process the packet.
2375 rc = TokenBuilder_BuildToken(TCRData,
2376 (uint8_t *)PktHostAddress.p,
2377 16,
2378 &TokenParams,
2379 (uint32_t *)TokenHostAddress.p,
2380 &TokenWords,
2381 &TokenHeaderWord);
2382 if (rc != TKB_STATUS_OK) {
2383 if (rc == TKB_BAD_PACKET)
2384 CRYPTO_ERR("Token not created because packet size is invalid\n");
2385 else
2386 CRYPTO_ERR("Token builder failed\n");
2387 goto error_exit_unregister;
2388 }
2389
2390 ZEROINIT(Cmd);
2391 Cmd.Token_Handle = TokenHandle;
2392 Cmd.Token_WordCount = TokenWords;
2393 Cmd.SrcPkt_Handle = PktHandle;
2394 Cmd.SrcPkt_ByteCount = 16;
2395 Cmd.DstPkt_Handle = PktHandle;
2396 Cmd.SA_Handle1 = SAHandle;
2397 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2398
2399 InTokenDscrExt.HW_Services = IOTOKEN_CMD_PKT_LAC;
2400 InTokenDscr.TknHdrWordInit = TokenHeaderWord;
2401
2402 if (!crypto_iotoken_create(&InTokenDscr,
2403 &InTokenDscrExt,
2404 InputToken,
2405 &Cmd)) {
2406 rc = 1;
2407 goto error_exit_unregister;
2408 }
2409
2410 rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2411 &Cmd,
2412 1,
2413 &count);
2414 if (rc != PEC_STATUS_OK && count != 1) {
2415 rc = 1;
2416 CRYPTO_ERR("PEC_Packet_Put error\n");
2417 goto error_exit_unregister;
2418 }
2419
2420 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2421 rc = 1;
2422 CRYPTO_ERR("error from crypto_pe_busy_get_one\n");
2423 goto error_exit_unregister;
2424 }
2425 memcpy(OutData_p, PktHostAddress.p, 16);
2426
2427
2428error_exit_unregister:
2429 PEC_SA_UnRegister(PEC_INTERFACE_ID, SAHandle, DMABuf_NULLHandle,
2430 DMABuf_NULLHandle);
2431
2432error_exit:
2433 DMABuf_Release(SAHandle);
2434 DMABuf_Release(TokenHandle);
2435 DMABuf_Release(PktHandle);
2436
2437 if (TCRData != NULL)
2438 kfree(TCRData);
2439
2440 return rc == 0;
2441
2442}
2443
2444bool
2445mtk_ddk_invalidate_rec(
2446 const DMABuf_Handle_t Rec_p,
2447 const bool IsTransform)
2448{
2449 PEC_Status_t PEC_Rc;
2450 PEC_CommandDescriptor_t Cmd;
2451 PEC_ResultDescriptor_t Res;
2452 unsigned int count;
2453 IOToken_Input_Dscr_t InTokenDscr;
2454 IOToken_Output_Dscr_t OutTokenDscr;
2455 uint32_t InputToken[IOTOKEN_IN_WORD_COUNT_IL];
2456 uint32_t OutputToken[IOTOKEN_OUT_WORD_COUNT_IL];
2457 void *InTokenDscrExt_p = NULL;
2458 void *OutTokenDscrExt_p = NULL;
2459 IOToken_Input_Dscr_Ext_t InTokenDscrExt;
2460 IOToken_Output_Dscr_Ext_t OutTokenDscrExt;
2461
2462 ZEROINIT(InTokenDscrExt);
2463 InTokenDscrExt_p = &InTokenDscrExt;
2464 OutTokenDscrExt_p = &OutTokenDscrExt;
2465
2466 ZEROINIT(InTokenDscr);
2467
2468 // Fill in the command descriptor for the Invalidate command
2469 ZEROINIT(Cmd);
2470
2471 Cmd.SrcPkt_Handle = DMABuf_NULLHandle;
2472 Cmd.DstPkt_Handle = DMABuf_NULLHandle;
2473 Cmd.SA_Handle1 = Rec_p;
2474 Cmd.SA_Handle2 = DMABuf_NULLHandle;
2475 Cmd.Token_Handle = DMABuf_NULLHandle;
2476 Cmd.SrcPkt_ByteCount = 0;
2477
2478#if defined(IOTOKEN_USE_HW_SERVICE)
2479 if (IsTransform)
2480 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_TR;
2481 else
2482 InTokenDscrExt.HW_Services = IOTOKEN_CMD_INV_FR;
2483#endif
2484
2485 if (!crypto_iotoken_create(&InTokenDscr, InTokenDscrExt_p, InputToken, &Cmd))
2486 return false;
2487
2488 // Issue command
2489 PEC_Rc = PEC_Packet_Put(PEC_INTERFACE_ID,
2490 &Cmd,
2491 1,
2492 &count);
2493 if (PEC_Rc != PEC_STATUS_OK || count != 1) {
2494 CRYPTO_ERR("%s: PEC_Packet_Put() error %d, count %d\n",
2495 __func__,
2496 PEC_Rc,
2497 count);
2498 return false;
2499 }
2500
2501 // Receive the result packet ... do we care about contents ?
2502 if (crypto_pe_busy_get_one(&OutTokenDscr, OutputToken, &Res) < 1) {
2503 CRYPTO_ERR("%s: crypto_pe_busy_get_one() failed\n", __func__);
2504 return false;
2505 }
2506
2507 return true;
2508}
2509
2510bool mtk_capwap_dtls_offload(
2511 const bool fVerbose,
2512 const bool fCAPWAP,
2513 const bool fPktCfy,
2514 const bool fInline,
2515 const bool fContinuousScatter,
2516 struct DTLS_param *DTLSParam_p,
2517 struct DTLSResourceMgmt **DTLSResource)
2518{
2519 bool success = false;
2520 SABuilder_Status_t SAStatus;
2521 SABuilder_Params_t params;
2522 SABuilder_Params_SSLTLS_t SSLTLSParams;
2523 uint8_t Offset;
2524 uint16_t DTLSVersion;
2525 uint32_t SAWords = 0;
2526 bool fInlinePlain, fInlineCipher;
2527
2528 DMABuf_Status_t DMAStatus;
2529 DMABuf_Properties_t DMAProperties = {0, 0, 0, 0};
2530 DMABuf_HostAddress_t SAHostAddress;
2531
2532 static uint8_t Zero[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
2533 uint8_t *InboundHKey = NULL;
2534 uint8_t *OutboundHKey = NULL;
2535 uint8_t *InnerDigest = NULL;
2536 uint8_t *OuterDigest = NULL;
2537
2538 PCL_Status_t PCL_Status;
2539 PCL_SelectorParams_t SelectorParams;
2540 PCL_DTL_TransformParams_t DTLTransformParams;
2541 PCL_TransformParams_t TransformParams;
2542 PCL_DTL_Hash_Handle_t SAHashHandle;
2543
2544
2545 struct DTLSResourceMgmt *DTLSResourceEntity_p = NULL;
2546
2547 DTLSResourceEntity_p = kmalloc(sizeof(struct DTLSResourceMgmt), GFP_KERNEL);
2548 if (DTLSResourceEntity_p == NULL) {
2549 CRYPTO_ERR("%s: kmalloc for DTLSResourceEntity failed\n", __func__);
2550 goto error_exit;
2551 }
2552 memset(DTLSResourceEntity_p, 0, sizeof(struct DTLSResourceMgmt));
2553
2554 if (fCAPWAP)
2555 CRYPTO_INFO("Preparing Transforms and DTL for DTLS-CAPWAP\n");
2556 else
2557 CRYPTO_INFO("Preparing Transforms and DTL for DTLS\n");
2558
2559 if (fVerbose)
2560 CRYPTO_INFO("*** fVerbose Preparing Transforms and DTL ***\n\n");
2561
2562 Offset = 14;
2563
2564 if (fInline) {
2565 if (fContinuousScatter) {
2566 /* inline + continuous scatter:
2567 Redirect outbound packets ring->inline
2568 Redirect inbound packets inline->ring
2569 */
2570 fInlinePlain = false;
2571 fInlineCipher = true;
2572 } else {
2573 fInlinePlain = true;
2574 fInlineCipher = true;
2575 }
2576 } else {
2577 fInlinePlain = false;
2578 fInlineCipher = false;
2579 }
2580
2581 // Prepare the Outbound SA
2582 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2583 DTLSVersion = SAB_DTLS_VERSION_1_0;
2584 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2585 DTLSVersion = SAB_DTLS_VERSION_1_2;
2586 else {
2587 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2588 DTLSParam_p->dtls_version);
2589 goto error_exit;
2590 }
2591
2592 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2593 // will initialize many parameters, next fill in more parameters, such
2594 // as cryptographic keys.
2595 SAStatus = SABuilder_Init_SSLTLS(&params,
2596 &SSLTLSParams,
2597 DTLSVersion,
2598 SAB_DIRECTION_OUTBOUND);
2599 if (SAStatus != SAB_STATUS_OK) {
2600 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2601 goto error_exit;
2602 }
2603
2604 /* Set DTLS-CAPWAP param from cmd handler */
2605 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2606 params.CryptoAlgo = SAB_CRYPTO_AES;
2607 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2608 params.KeyByteCount = 16;
2609 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2610 params.AuthKeyByteCount = 20;
2611 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2612 params.CryptoAlgo = SAB_CRYPTO_AES;
2613 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2614 params.KeyByteCount = 16;
2615 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2616 params.AuthKeyByteCount = 32;
2617 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2618 params.CryptoAlgo = SAB_CRYPTO_AES;
2619 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2620 params.KeyByteCount = 32;
2621 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2622 params.AuthKeyByteCount = 20;
2623 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2624 params.CryptoAlgo = SAB_CRYPTO_AES;
2625 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2626 params.KeyByteCount = 32;
2627 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2628 params.AuthKeyByteCount = 32;
2629 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2630 params.CryptoAlgo = SAB_CRYPTO_AES;
2631 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2632 params.AuthAlgo = SAB_AUTH_AES_GCM;
2633 if (DTLSParam_p->sec_mode == AES128_GCM)
2634 params.KeyByteCount = 16;
2635 else if (DTLSParam_p->sec_mode == AES256_GCM)
2636 params.KeyByteCount = 32;
2637
2638 params.Nonce_p = DTLSParam_p->dtls_encrypt_nonce;
2639
2640 OutboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2641 if (OutboundHKey == NULL) {
2642 CRYPTO_ERR("%s: kmalloc for OutboundHKey failed\n", __func__);
2643 goto error_exit;
2644 }
2645
2646 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_encrypt, 16, Zero, OutboundHKey);
2647 if (fVerbose)
2648 Log_HexDump("OutboundHKey", 0, OutboundHKey, 16);
2649 // Byte-swap the HKEY
2650 {
2651 uint8_t t;
2652 unsigned int i;
2653
2654 for (i = 0; i < 4; i++) {
2655 t = OutboundHKey[4*i+3];
2656 OutboundHKey[4*i+3] = OutboundHKey[4*i];
2657 OutboundHKey[4*i] = t;
2658 t = OutboundHKey[4*i+2];
2659 OutboundHKey[4*i+2] = OutboundHKey[4*i+1];
2660 OutboundHKey[4*i+1] = t;
2661 }
2662 }
2663 if (fVerbose)
2664 Log_HexDump("OutboundHKey (swapped)", 0, OutboundHKey, 16);
2665 params.AuthKey1_p = OutboundHKey;
2666 DTLSResourceEntity_p->HKeyOutbound = OutboundHKey;
2667 } else {
2668 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2669 DTLSParam_p->sec_mode);
2670 goto error_exit;
2671 }
2672 // Add crypto key and parameters.
2673 params.Key_p = DTLSParam_p->key_encrypt;
2674 // Add authentication key and paramters.
2675 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2676#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2677 params.AuthKey1_p = DTLSParam_p->key_auth_encrypt_1; // inner digest directly
2678 params.AuthKey2_p = DTLSParam_p->key_auth_encrypt_2; // outer digest directly
2679#else
2680 // No hardware precompute support, so preform HMAC precompute in
2681 // the traditional way.
2682 InnerDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2683 if (InnerDigest == NULL) {
2684 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2685 goto error_exit;
2686 }
2687 memset(InnerDigest, 0, params.AuthKeyByteCount);
2688 DTLSResourceEntity_p->InnerDigestOutbound = InnerDigest;
2689 OuterDigest = kcalloc((size_t)params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2690 if (OuterDigest == NULL) {
2691 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2692 goto error_exit;
2693 }
2694 memset(OuterDigest, 0, params.AuthKeyByteCount);
2695 DTLSResourceEntity_p->OuterDigestOutbound = OuterDigest;
2696 crypto_hmac_precompute(params.AuthAlgo,
2697 DTLSParam_p->key_auth_encrypt_1,
2698 params.AuthKeyByteCount,
2699 InnerDigest,
2700 OuterDigest);
2701 if (fVerbose) {
2702 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2703 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2704 }
2705 params.AuthKey1_p = InnerDigest;
2706 params.AuthKey2_p = OuterDigest;
developer12ea7142024-03-28 15:18:08 +0800[diff] [blame]2707#endif
2708 }
2709
2710 // Create a reference to the header processor context.
2711 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2712
2713 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
2714 SAB_DTLS_EXT_PROCESSING | SAB_DTLS_IPV4;
2715 if (fCAPWAP)
2716 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2717
2718 // Now the SA parameters are completely filled in.
2719
2720 // We are ready to probe the size required for the transform
2721 // record (SA).
2722 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2723
2724 if (fVerbose)
2725 CRYPTO_INFO(
2726 "%s: SABuilder_GetSizes returned %d SA size=%u words for outbound\n",
2727 __func__,
2728 SAStatus,
2729 SAWords);
2730 if (SAStatus != SAB_STATUS_OK) {
2731 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2732 goto error_exit;
2733 }
2734
2735 // Allocate a DMA-safe buffer for the SA.
2736 DMAProperties.fCached = true;
2737 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2738 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2739 DMAProperties.Size = SAWords * sizeof(uint32_t);
2740
2741 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2742 &DTLSResourceEntity_p->DTLSHandleSAOutbound);
2743 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAOutbound.p == NULL) {
2744 CRYPTO_ERR("%s Allocation of outbound SA failed\n", __func__);
2745 goto error_exit;
2746 }
2747
2748 // Now we can actually build the SA in the DMA-safe buffer.
2749 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2750
2751 if (SAStatus != SAB_STATUS_OK) {
2752 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2753 goto error_exit;
2754 }
2755 if (fVerbose) {
2756 CRYPTO_INFO("Outbound transform record created\n");
2757
2758 Log_HexDump("Outbound transform record",
2759 0,
2760 SAHostAddress.p,
2761 SAWords * sizeof(uint32_t));
2762 }
2763
2764 // Prepare the Inbound SA
2765 if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_0)
2766 DTLSVersion = SAB_DTLS_VERSION_1_0;
2767 else if (DTLSParam_p->dtls_version == MTK_DTLS_VERSION_1_2)
2768 DTLSVersion = SAB_DTLS_VERSION_1_2;
2769 else {
2770 CRYPTO_ERR("%s: Unknown DTLSParam_p->dtls_version: %u\n", __func__,
2771 DTLSParam_p->dtls_version);
2772 goto error_exit;
2773 }
2774
2775 // Initialize the SA parameters for ESP.The call to SABuilder_Init_ESP
2776 // will initialize many parameters, next fill in more parameters, such
2777 // as cryptographic keys.
2778 SAStatus = SABuilder_Init_SSLTLS(&params,
2779 &SSLTLSParams,
2780 DTLSVersion,
2781 SAB_DIRECTION_INBOUND);
2782 if (SAStatus != SAB_STATUS_OK) {
2783 CRYPTO_ERR("%s: SABuilder_Init_ESP failed\n", __func__);
2784 goto error_exit;
2785 }
2786
2787 /* Set DTLS-CAPWAP param from cmd handler */
2788 if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA1) {
2789 params.CryptoAlgo = SAB_CRYPTO_AES;
2790 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2791 params.KeyByteCount = 16;
2792 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2793 params.AuthKeyByteCount = 20;
2794 } else if (DTLSParam_p->sec_mode == AES128_CBC_HMAC_SHA2_256) {
2795 params.CryptoAlgo = SAB_CRYPTO_AES;
2796 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2797 params.KeyByteCount = 16;
2798 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2799 params.AuthKeyByteCount = 32;
2800 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA1) {
2801 params.CryptoAlgo = SAB_CRYPTO_AES;
2802 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2803 params.KeyByteCount = 32;
2804 params.AuthAlgo = SAB_AUTH_HMAC_SHA1;
2805 params.AuthKeyByteCount = 20;
2806 } else if (DTLSParam_p->sec_mode == AES256_CBC_HMAC_SHA2_256) {
2807 params.CryptoAlgo = SAB_CRYPTO_AES;
2808 params.CryptoMode = SAB_CRYPTO_MODE_CBC;
2809 params.KeyByteCount = 32;
2810 params.AuthAlgo = SAB_AUTH_HMAC_SHA2_256;
2811 params.AuthKeyByteCount = 32;
2812 } else if (DTLSParam_p->sec_mode == AES128_GCM || DTLSParam_p->sec_mode == AES256_GCM) {
2813 params.CryptoAlgo = SAB_CRYPTO_AES;
2814 params.CryptoMode = SAB_CRYPTO_MODE_GCM;
2815 params.AuthAlgo = SAB_AUTH_AES_GCM;
2816 if (DTLSParam_p->sec_mode == AES128_GCM)
2817 params.KeyByteCount = 16;
2818 else if (DTLSParam_p->sec_mode == AES256_GCM)
2819 params.KeyByteCount = 32;
2820
2821 params.Nonce_p = DTLSParam_p->dtls_decrypt_nonce;
2822
2823 InboundHKey = kcalloc(16, sizeof(uint8_t), GFP_KERNEL);
2824 if (InboundHKey == NULL) {
2825 CRYPTO_ERR("%s: kmalloc for InboundHKey failed\n", __func__);
2826 goto error_exit;
2827 }
2828
2829 mtk_ddk_aes_block_encrypt(DTLSParam_p->key_decrypt, 16, Zero, InboundHKey);
2830 if (fVerbose)
2831 Log_HexDump("InboundHKey", 0, InboundHKey, 16);
2832 // Byte-swap the HKEY
2833 {
2834 uint8_t t;
2835 unsigned int i;
2836
2837 for (i = 0; i < 4; i++) {
2838 t = InboundHKey[4*i+3];
2839 InboundHKey[4*i+3] = InboundHKey[4*i];
2840 InboundHKey[4*i] = t;
2841 t = InboundHKey[4*i+2];
2842 InboundHKey[4*i+2] = InboundHKey[4*i+1];
2843 InboundHKey[4*i+1] = t;
2844 }
2845 }
2846 if (fVerbose)
2847 Log_HexDump("InboundHKey (swapped)", 0, InboundHKey, 16);
2848 params.AuthKey1_p = InboundHKey;
2849 DTLSResourceEntity_p->HKeyInbound = InboundHKey;
2850 } else {
2851 CRYPTO_ERR("%s: Unknown DTLSParam_p->sec_mode: %u\n", __func__,
2852 DTLSParam_p->sec_mode);
2853 goto error_exit;
2854 }
2855
2856 // Add crypto key and parameters.
2857 params.Key_p = DTLSParam_p->key_decrypt;
2858 // Add authentication key and paramters.
2859 if (params.AuthAlgo == SAB_AUTH_HMAC_SHA1 || params.AuthAlgo == SAB_AUTH_HMAC_SHA2_256) {
2860#ifdef EIP197_INLINE_HMAC_DIGEST_PRECOMPUTE
2861 params.AuthKey1_p = DTLSParam_p->key_auth_decrypt_1;
2862 params.AuthKey2_p = DTLSParam_p->key_auth_decrypt_2;
2863#else
2864 // No hardware precompute support, so preform HMAC precompute in
2865 // the traditional way.
2866 InnerDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2867 if (InnerDigest == NULL) {
2868 CRYPTO_ERR("%s: kmalloc for InnerDigest failed\n", __func__);
2869 goto error_exit;
2870 }
2871 memset(InnerDigest, 0, params.AuthKeyByteCount);
2872 DTLSResourceEntity_p->InnerDigestInbound = InnerDigest;
2873 OuterDigest = kcalloc(params.AuthKeyByteCount, sizeof(uint8_t), GFP_KERNEL);
2874 if (OuterDigest == NULL) {
2875 CRYPTO_ERR("%s: kmalloc for OuterDigest failed\n", __func__);
2876 goto error_exit;
2877 }
2878 memset(OuterDigest, 0, params.AuthKeyByteCount);
2879 DTLSResourceEntity_p->OuterDigestInbound = OuterDigest;
2880 crypto_hmac_precompute(params.AuthAlgo,
2881 DTLSParam_p->key_auth_decrypt_1,
2882 params.AuthKeyByteCount,
2883 InnerDigest,
2884 OuterDigest);
2885 if (fVerbose) {
2886 Log_HexDump("Inner Digest", 0, InnerDigest, params.AuthKeyByteCount);
2887 Log_HexDump("Outer Digest", 0, OuterDigest, params.AuthKeyByteCount);
2888 }
2889 params.AuthKey1_p = InnerDigest;
2890 params.AuthKey2_p = OuterDigest;
2891 InnerDigest = NULL;
2892 OuterDigest = NULL;
2893 }
2894#endif
2895
2896 if (fInlinePlain != fInlineCipher) {
2897 params.flags |= SAB_FLAG_REDIRECT;
2898 params.RedirectInterface = PEC_INTERFACE_ID; /*redirect to ring */
2899 }
2900
2901 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_PROCESS_IP_HEADERS |
2902 SAB_DTLS_EXT_PROCESSING | SAB_DTLS_IPV4;
2903
2904 // Create a reference to the header processor context.
2905 SSLTLSParams.epoch = DTLSParam_p->dtls_epoch;
2906
2907 if (fCAPWAP)
2908 SSLTLSParams.SSLTLSFlags |= SAB_DTLS_CAPWAP;
2909
2910 // Now the SA parameters are completely filled in.
2911
2912 // We are ready to probe the size required for the transform
2913 // record (SA).
2914 SAStatus = SABuilder_GetSizes(&params, &SAWords, NULL, NULL);
2915
2916 if (fVerbose)
2917 CRYPTO_INFO("%s: SABuilder_GetSizes returned %d SA size=%u words for inbound\n",
2918 __func__,
2919 SAStatus,
2920 SAWords);
2921
2922 if (SAStatus != SAB_STATUS_OK) {
2923 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2924 goto error_exit;
2925 }
2926
2927 // Allocate a DMA-safe buffer for the SA.
2928 DMAProperties.fCached = true;
2929 DMAProperties.Alignment = MTK_EIP197_INLINE_DMA_ALIGNMENT_BYTE_COUNT;
2930 DMAProperties.Bank = MTK_EIP197_INLINE_BANK_TRANSFORM;
2931 DMAProperties.Size = SAWords * sizeof(uint32_t);
2932
2933 DMAStatus = DMABuf_Alloc(DMAProperties, &SAHostAddress,
2934 &DTLSResourceEntity_p->DTLSHandleSAInbound);
2935 if (DMAStatus != DMABUF_STATUS_OK || DTLSResourceEntity_p->DTLSHandleSAInbound.p == NULL) {
2936 CRYPTO_ERR("%s: Allocation of inbound SA failed\n", __func__);
2937 goto error_exit;
2938 }
2939
2940 // Now we can actually build the SA in the DMA-safe buffer.
2941 SAStatus = SABuilder_BuildSA(&params, (uint32_t *)SAHostAddress.p, NULL, NULL);
2942 if (SAStatus != SAB_STATUS_OK) {
2943 CRYPTO_ERR("%s: SA not created because of errors\n", __func__);
2944 goto error_exit;
2945 }
2946 if (fVerbose) {
2947 CRYPTO_INFO("Inbound transform record created\n");
2948
2949 Log_HexDump("Inbound transform record",
2950 0,
2951 SAHostAddress.p,
2952 SAWords * sizeof(uint32_t));
2953 }
2954
2955 // Register the SAs with the PCL API. DMA buffers for hardware transforms
2956 // (SAs) are allocated and filled in external to the PCL API.
2957 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2958 if (PCL_Status != PCL_STATUS_OK) {
2959 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2960 goto error_exit;
2961 }
2962 if (fVerbose)
2963 CRYPTO_INFO("%s: Outbound transform registered\n", __func__);
2964
2965 PCL_Status = PCL_Transform_Register(DTLSResourceEntity_p->DTLSHandleSAInbound);
2966 if (PCL_Status != PCL_STATUS_OK) {
2967 CRYPTO_ERR("%s: PCL_Transform_Register failed\n", __func__);
2968 PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
2969 goto error_exit;
2970 }
2971 if (fVerbose)
2972 CRYPTO_INFO("%s: Inbound transform registered\n", __func__);
2973
2974
2975
2976 /* Create the DTL entries. */
2977 if (fPktCfy) {
2978 ZEROINIT(SelectorParams);
2979 ZEROINIT(DTLTransformParams);
2980
2981 SelectorParams.flags = PCL_SELECT_IPV4;
2982 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->sip)));
2983 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->dip)));
2984 SelectorParams.IpProto = 17; //UDP
2985 SelectorParams.SrcPort = DTLSParam_p->sport;
2986 SelectorParams.DstPort = DTLSParam_p->dport;
2987 SelectorParams.spi = 0;
2988 SelectorParams.epoch = 0; // No epoch, not present in outbound packet
2989
2990 /* Compute the hash for the inbound DTL */
2991 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
2992 if (PCL_Status != PCL_STATUS_OK) {
2993 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
2994 goto error_exit_unregister;
2995 }
2996 if (fVerbose)
2997 CRYPTO_INFO("%s: Inbound flow hashed\n", __func__);
2998
2999 /* Add the inbound DTL entry. */
3000 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
3001 &DTLTransformParams,
3002 DTLSResourceEntity_p->DTLSHandleSAOutbound,
3003 &SAHashHandle);
3004 if (PCL_Status != PCL_STATUS_OK) {
3005 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3006 goto error_exit_unregister;
3007 }
3008 if (fVerbose)
3009 CRYPTO_INFO("%s: Outbound DTL added\n", __func__);
3010
3011 ZEROINIT(SelectorParams);
3012 ZEROINIT(DTLTransformParams);
3013
3014 SelectorParams.flags = PCL_SELECT_IPV4;
3015 SelectorParams.DstIp = ((unsigned char *)(&(DTLSParam_p->sip)));
3016 SelectorParams.SrcIp = ((unsigned char *)(&(DTLSParam_p->dip)));
3017 SelectorParams.SrcPort = DTLSParam_p->dport;
3018 SelectorParams.DstPort = DTLSParam_p->sport;
3019 SelectorParams.IpProto = 17; //UDP
3020 SelectorParams.epoch = DTLSParam_p->dtls_epoch;
3021
3022 /* Compute the hash for the inbound DTL */
3023 PCL_Status = PCL_Flow_Hash(&SelectorParams, DTLTransformParams.HashID);
3024 if (PCL_Status != PCL_STATUS_OK) {
3025 CRYPTO_ERR("%s: PEC_Flow_Hash failed\n", __func__);
3026 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3027 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3028 goto error_exit_unregister;
3029 }
3030 if (fVerbose)
3031 CRYPTO_INFO("%s: Inbound lookup hashed\n", __func__);
3032
3033 /* Add the inbound DTL entry. */
3034 PCL_Status = PCL_DTL_Transform_Add(PCL_INTERFACE_ID, 0,
3035 &DTLTransformParams,
3036 DTLSResourceEntity_p->DTLSHandleSAInbound,
3037 &SAHashHandle);
3038 if (PCL_Status != PCL_STATUS_OK) {
3039 CRYPTO_ERR("%s: PEC_DTL_Transform_Add failed\n", __func__);
3040 PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3041 DTLSResourceEntity_p->DTLSHandleSAOutbound);
3042 goto error_exit_unregister;
3043 }
3044 if (fVerbose)
3045 CRYPTO_INFO("%s: Inbound DTL added\n", __func__);
3046 }
3047
3048 /* At this point, both outbound and inbound transforms have been
3049 * registered and both outbound and inbound DTL entries are added to the
3050 * lookup table. The Packet Engine is ready to accept packets and
3051 * perform classification and processing autonomously.*/
3052
3053 if (fVerbose)
3054 CRYPTO_INFO("*** Finished update DTLS-CAPWAP SA ***\n\n");
3055
3056 // If we made it to here, consider this run a success. Any jump
3057 // to one of the error labels below will skip "success = true"
3058 success = true;
3059 DTLSParam_p->SA_encrypt = DTLSResourceEntity_p->DTLSHandleSAOutbound.p;
3060 DTLSParam_p->SA_decrypt = DTLSResourceEntity_p->DTLSHandleSAInbound.p;
3061 DTLSResourceEntity_p->DTLSParam = DTLSParam_p;
3062 *DTLSResource = DTLSResourceEntity_p;
3063
3064 return success;
3065
3066
3067error_exit_unregister:
3068 /* At this point, all flows have been removed, so we can start
3069 * removing the transform records. Note: all flows that use the
3070 * transform must be removed before removing the transform.
3071 *
3072 * When any flow creation error occurs, return to this point. The
3073 * flow records have not been created, but the transform records
3074 * are registered at this point.
3075 */
3076
3077 /* Obtain statistics of the outbound transform. We do this at the
3078 * end of the lifetime of the transform, but it can be done at any
3079 * time when the transform is registered.*/
3080 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAOutbound,
3081 &TransformParams);
3082 if (PCL_Status != PCL_STATUS_OK)
3083 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3084 else
3085 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3086 TransformParams.PacketsCounterLo,
3087 TransformParams.OctetsCounterLo);
3088
3089 /* Obtain statistics of the inbound transform. */
3090 PCL_Status = PCL_Transform_Get_ReadOnly(DTLSResourceEntity_p->DTLSHandleSAInbound,
3091 &TransformParams);
3092 if (PCL_Status != PCL_STATUS_OK)
3093 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3094 else
3095 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3096 TransformParams.PacketsCounterLo,
3097 TransformParams.OctetsCounterLo);
3098
3099
3100 /* Unregister both transforms. Report, but do not handle the
3101 * results of these calls. If they fail, there is nothing sensible
3102 * that we can do to recover.
3103 */
3104 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAOutbound, true))
3105 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3106 else if (fVerbose)
3107 CRYPTO_INFO("transform invalidate succeeded\n");
3108
3109
3110 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3111 if (PCL_Status != PCL_STATUS_OK)
3112 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3113 else if (fVerbose)
3114 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3115
3116
3117 if (!mtk_ddk_invalidate_rec(DTLSResourceEntity_p->DTLSHandleSAInbound, true))
3118 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3119 else if (fVerbose)
3120 CRYPTO_INFO("transform invalidate succeeded\n");
3121
3122
3123 PCL_Status = PCL_Transform_UnRegister(DTLSResourceEntity_p->DTLSHandleSAInbound);
3124 if (PCL_Status != PCL_STATUS_OK)
3125 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3126 else if (fVerbose)
3127 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3128
3129
3130error_exit:
3131 /* Remove the buffers occupied by the transforms, the packets and the
3132 * header processor contexts.
3133 *
3134 * Return here if any error occurs before the transforms are registered.
3135 * When we return here with an error, not all buffers may have been
3136 * allocated.
3137 * Note: DMABuf_Release can be called when no buffer was allocated.
3138 */
3139 if (DTLSResourceEntity_p != NULL) {
3140 if (DTLSResourceEntity_p->DTLSHandleSAOutbound.p != NULL) {
3141 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAOutbound);
3142 DTLSResourceEntity_p->DTLSHandleSAOutbound.p = NULL;
3143 DTLSResourceEntity_p->DTLSParam->SA_encrypt = (void *) NULL;
3144 }
3145 if (DTLSResourceEntity_p->DTLSHandleSAInbound.p != NULL) {
3146 DMABuf_Release(DTLSResourceEntity_p->DTLSHandleSAInbound);
3147 DTLSResourceEntity_p->DTLSHandleSAInbound.p = NULL;
3148 DTLSResourceEntity_p->DTLSParam->SA_decrypt = (void *) NULL;
3149 }
3150 if (DTLSResourceEntity_p->HKeyOutbound != NULL) {
3151 kfree(DTLSResourceEntity_p->HKeyOutbound);
3152 DTLSResourceEntity_p->HKeyOutbound = NULL;
3153 }
3154 if (DTLSResourceEntity_p->HKeyInbound != NULL) {
3155 kfree(DTLSResourceEntity_p->HKeyInbound);
3156 DTLSResourceEntity_p->HKeyInbound = NULL;
3157 }
3158 if (DTLSResourceEntity_p->InnerDigestInbound != NULL) {
3159 kfree(DTLSResourceEntity_p->InnerDigestInbound);
3160 DTLSResourceEntity_p->InnerDigestInbound = NULL;
3161 }
3162 if (DTLSResourceEntity_p->OuterDigestInbound != NULL) {
3163 kfree(DTLSResourceEntity_p->OuterDigestInbound);
3164 DTLSResourceEntity_p->OuterDigestInbound = NULL;
3165 }
3166 if (DTLSResourceEntity_p->InnerDigestOutbound != NULL) {
3167 kfree(DTLSResourceEntity_p->InnerDigestOutbound);
3168 DTLSResourceEntity_p->InnerDigestOutbound = NULL;
3169 }
3170 if (DTLSResourceEntity_p->OuterDigestOutbound != NULL) {
3171 kfree(DTLSResourceEntity_p->OuterDigestOutbound);
3172 DTLSResourceEntity_p->OuterDigestOutbound = NULL;
3173 }
3174 if (DTLSResourceEntity_p != NULL) {
3175 kfree(DTLSResourceEntity_p);
3176 DTLSResourceEntity_p = NULL;
3177 }
3178 *DTLSResource = NULL;
3179 }
3180 return success;
3181}
3182
3183void mtk_ddk_remove_dtls_param(struct DTLSResourceMgmt **DTLSResource)
3184{
3185 bool fVerbose = false;
3186 bool fPktCfy = true;
3187 PCL_Status_t PCL_Status;
3188 PCL_TransformParams_t TransformParams;
3189
3190 if (*DTLSResource == NULL) {
3191 if (fVerbose)
3192 CRYPTO_ERR("%s: DTLSResource is NULL\n", __func__);
3193 return;
3194 }
3195
3196 // unregister_flows
3197 if (fPktCfy) {
3198 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3199 (*DTLSResource)->DTLSHandleSAInbound);
3200 if (PCL_Status != PCL_STATUS_OK)
3201 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Inbound failed\n", __func__);
3202 else
3203 if (fVerbose)
3204 CRYPTO_INFO("PCL_DTL_Transform_Remove Inbound succeeded\n");
3205
3206 PCL_Status = PCL_DTL_Transform_Remove(PCL_INTERFACE_ID, 0,
3207 (*DTLSResource)->DTLSHandleSAOutbound);
3208 if (PCL_Status != PCL_STATUS_OK)
3209 CRYPTO_ERR("%s: PCL_DLT_Tansform_Remove Outbound failed\n", __func__);
3210 else
3211 if (fVerbose)
3212 CRYPTO_INFO("PCL_DTL_Transform_Remove Outbound succeeded\n");
3213 }
3214
3215 /* At this point, all flows have been removed, so we can start
3216 * removing the transform records. Note: all flows that use the
3217 * transform must be removed before removing the transform.
3218 *
3219 * When any flow creation error occurs, return to this point. The
3220 * flow records have not been created, but the transform records
3221 * are registered at this point.
3222 */
3223
3224 /* Obtain statistics of the outbound transform. We do this at the
3225 * end of the lifetime of the transform, but it can be done at any
3226 * time when the transform is registered.*/
3227 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAOutbound,
3228 &TransformParams);
3229 if (PCL_Status != PCL_STATUS_OK)
3230 CRYPTO_ERR("%s: Could not obtain statistics for outbound transform\n", __func__);
3231 else
3232 CRYPTO_INFO("Statistics of outbound transform: %u packets %u octets\n",
3233 TransformParams.PacketsCounterLo,
3234 TransformParams.OctetsCounterLo);
3235
3236 /* Obtain statistics of the inbound transform. */
3237 PCL_Status = PCL_Transform_Get_ReadOnly((*DTLSResource)->DTLSHandleSAInbound,
3238 &TransformParams);
3239 if (PCL_Status != PCL_STATUS_OK)
3240 CRYPTO_ERR("%s: Could not obtain statistics for inbound transform\n", __func__);
3241 else
3242 CRYPTO_INFO("Statistics of inbound transform: %u packets %u octets\n",
3243 TransformParams.PacketsCounterLo,
3244 TransformParams.OctetsCounterLo);
3245
3246
3247 /* Unregister both transforms. Report, but do not handle the
3248 * results of these calls. If they fail, there is nothing sensible
3249 * that we can do to recover.
3250 */
3251 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAOutbound, true))
3252 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3253 else
3254 if (fVerbose)
3255 CRYPTO_INFO("transform invalidate succeeded\n");
3256#ifdef PEC_PCL_EIP197
3257 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAOutbound);
3258 if (PCL_Status != PCL_STATUS_OK)
3259 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3260 else
3261 if (fVerbose)
3262 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3263#else
3264 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAOutbound,
3265 DMABuf_NULLHandle, DMABuf_NULLHandle);
3266#endif
3267
3268 if (!mtk_ddk_invalidate_rec((*DTLSResource)->DTLSHandleSAInbound, true))
3269 CRYPTO_ERR("%s: transform invalidate failed\n", __func__);
3270 else
3271 if (fVerbose)
3272 CRYPTO_INFO("transform invalidate succeeded\n");
3273#ifdef PEC_PCL_EIP197
3274 PCL_Status = PCL_Transform_UnRegister((*DTLSResource)->DTLSHandleSAInbound);
3275 if (PCL_Status != PCL_STATUS_OK)
3276 CRYPTO_ERR("%s: PCL_Transform_UnRegister failed\n", __func__);
3277 else
3278 if (fVerbose)
3279 CRYPTO_INFO("PCL_Transform_UnRegister succeeded\n");
3280#else
3281 PEC_SA_UnRegister(PCL_INTERFACE_ID, (*DTLSResource)->DTLSHandleSAInbound,
3282 DMABuf_NULLHandle, DMABuf_NULLHandle);
3283#endif
3284
3285 /* Remove the buffers occupied by the transforms, the packets and the
3286 * header processor contexts.
3287 *
3288 * Return here if any error occurs before the transforms are registered.
3289 * When we return here with an error, not all buffers may have been
3290 * allocated.
3291 * Note: DMABuf_Release can be called when no buffer was allocated.
3292 */
3293 if ((*DTLSResource)->DTLSHandleSAOutbound.p != NULL) {
3294 DMABuf_Release((*DTLSResource)->DTLSHandleSAOutbound);
3295 (*DTLSResource)->DTLSHandleSAOutbound.p = NULL;
3296 (*DTLSResource)->DTLSParam->SA_encrypt = (void *) NULL;
3297 }
3298 if ((*DTLSResource)->DTLSHandleSAInbound.p != NULL) {
3299 DMABuf_Release((*DTLSResource)->DTLSHandleSAInbound);
3300 (*DTLSResource)->DTLSHandleSAInbound.p = NULL;
3301 (*DTLSResource)->DTLSParam->SA_decrypt = (void *) NULL;
3302 }
3303 if ((*DTLSResource)->HKeyOutbound != NULL) {
3304 kfree((*DTLSResource)->HKeyOutbound);
3305 (*DTLSResource)->HKeyOutbound = NULL;
3306 }
3307 if ((*DTLSResource)->HKeyInbound != NULL) {
3308 kfree((*DTLSResource)->HKeyInbound);
3309 (*DTLSResource)->HKeyInbound = NULL;
3310 }
3311 if ((*DTLSResource)->InnerDigestInbound != NULL) {
3312 kfree((*DTLSResource)->InnerDigestInbound);
3313 (*DTLSResource)->InnerDigestInbound = NULL;
3314 }
3315 if ((*DTLSResource)->OuterDigestInbound != NULL) {
3316 kfree((*DTLSResource)->OuterDigestInbound);
3317 (*DTLSResource)->OuterDigestInbound = NULL;
3318 }
3319 if ((*DTLSResource)->InnerDigestOutbound != NULL) {
3320 kfree((*DTLSResource)->InnerDigestOutbound);
3321 (*DTLSResource)->InnerDigestOutbound = NULL;
3322 }
3323 if ((*DTLSResource)->OuterDigestOutbound != NULL) {
3324 kfree((*DTLSResource)->OuterDigestOutbound);
3325 (*DTLSResource)->OuterDigestOutbound = NULL;
3326 }
3327 if (*DTLSResource != NULL) {
3328 kfree(*DTLSResource);
3329 *DTLSResource = NULL;
3330 }
3331 *DTLSResource = NULL;
developer4f0d2ba2023-08-21 17:33:25 +0800[diff] [blame]3332}