Re: [PATCH 6/7] crypto: qce: common: Add support for AEAD algorithms

From: Bjorn Andersson
Date: Mon Apr 05 2021 - 18:18:54 EST

Next message: Bjorn Andersson: "Re: [PATCH 2/7] crypto: qce: common: Make result dump optional"
Previous message: Andreas Kemnade: "[PATCH] mfd: rn5t618: fix IRQ trigger by changing it to level mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu 25 Feb 12:27 CST 2021, Thara Gopinath wrote:

> Add register programming sequence for enabling AEAD
> algorithms on the Qualcomm crypto engine.
>
> Signed-off-by: Thara Gopinath <thara.gopinath@xxxxxxxxxx>
> ---
> drivers/crypto/qce/common.c | 155 +++++++++++++++++++++++++++++++++++-
> 1 file changed, 153 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/qce/common.c b/drivers/crypto/qce/common.c
> index 05a71c5ecf61..54d209cb0525 100644
> --- a/drivers/crypto/qce/common.c
> +++ b/drivers/crypto/qce/common.c
> @@ -15,6 +15,16 @@
> #include "core.h"
> #include "regs-v5.h"
> #include "sha.h"
> +#include "aead.h"
> +
> +static const u32 std_iv_sha1[SHA256_DIGEST_SIZE / sizeof(u32)] = {
> + SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4, 0, 0, 0
> +};
> +
> +static const u32 std_iv_sha256[SHA256_DIGEST_SIZE / sizeof(u32)] = {
> + SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
> + SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7
> +};
>
> static inline u32 qce_read(struct qce_device *qce, u32 offset)
> {
> @@ -96,7 +106,7 @@ static inline void qce_crypto_go(struct qce_device *qce, bool result_dump)
> qce_write(qce, REG_GOPROC, BIT(GO_SHIFT));
> }
>
> -#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
> +#if defined(CONFIG_CRYPTO_DEV_QCE_SHA) || defined(CONFIG_CRYPTO_DEV_QCE_AEAD)
> static u32 qce_auth_cfg(unsigned long flags, u32 key_size, u32 auth_size)
> {
> u32 cfg = 0;
> @@ -139,7 +149,9 @@ static u32 qce_auth_cfg(unsigned long flags, u32 key_size, u32 auth_size)
>
> return cfg;
> }
> +#endif
>
> +#ifdef CONFIG_CRYPTO_DEV_QCE_SHA
> static int qce_setup_regs_ahash(struct crypto_async_request *async_req)
> {
> struct ahash_request *req = ahash_request_cast(async_req);
> @@ -225,7 +237,7 @@ static int qce_setup_regs_ahash(struct crypto_async_request *async_req)
> }
> #endif
>
> -#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
> +#if defined(CONFIG_CRYPTO_DEV_QCE_SKCIPHER) || defined(CONFIG_CRYPTO_DEV_QCE_AEAD)
> static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
> {
> u32 cfg = 0;
> @@ -271,7 +283,9 @@ static u32 qce_encr_cfg(unsigned long flags, u32 aes_key_size)
>
> return cfg;
> }
> +#endif
>
> +#ifdef CONFIG_CRYPTO_DEV_QCE_SKCIPHER
> static void qce_xts_swapiv(__be32 *dst, const u8 *src, unsigned int ivsize)
> {
> u8 swap[QCE_AES_IV_LENGTH];
> @@ -386,6 +400,139 @@ static int qce_setup_regs_skcipher(struct crypto_async_request *async_req)
> }
> #endif
>
> +#ifdef CONFIG_CRYPTO_DEV_QCE_AEAD
> +static int qce_setup_regs_aead(struct crypto_async_request *async_req)
> +{
> + struct aead_request *req = aead_request_cast(async_req);
> + struct qce_aead_reqctx *rctx = aead_request_ctx(req);
> + struct qce_aead_ctx *ctx = crypto_tfm_ctx(async_req->tfm);
> + struct qce_alg_template *tmpl = to_aead_tmpl(crypto_aead_reqtfm(req));
> + struct qce_device *qce = tmpl->qce;
> + __be32 enckey[QCE_MAX_CIPHER_KEY_SIZE / sizeof(__be32)] = {0};
> + __be32 enciv[QCE_MAX_IV_SIZE / sizeof(__be32)] = {0};
> + __be32 authkey[QCE_SHA_HMAC_KEY_SIZE / sizeof(__be32)] = {0};
> + __be32 authiv[SHA256_DIGEST_SIZE / sizeof(__be32)] = {0};
> + __be32 authnonce[QCE_MAX_NONCE / sizeof(__be32)] = {0};
> + unsigned int enc_keylen = ctx->enc_keylen;
> + unsigned int auth_keylen = ctx->auth_keylen;
> + unsigned int enc_ivsize = rctx->ivsize;
> + unsigned int auth_ivsize;
> + unsigned int enckey_words, enciv_words;
> + unsigned int authkey_words, authiv_words, authnonce_words;
> + unsigned long flags = rctx->flags;
> + u32 encr_cfg = 0, auth_cfg = 0, config, totallen;

I don't see any reason to initialize encr_cfg or auth_cfg.

> + u32 *iv_last_word;
> +
> + qce_setup_config(qce);
> +
> + /* Write encryption key */
> + qce_cpu_to_be32p_array(enckey, ctx->enc_key, enc_keylen);
> + enckey_words = enc_keylen / sizeof(u32);
> + qce_write_array(qce, REG_ENCR_KEY0, (u32 *)enckey, enckey_words);

Afaict all "array registers" in this function are affected by the
CRYPTO_SETUP little endian bit, but you set this bit before launching
the operation dependent on IS_CCM(). So is this really working for the
!IS_CCM() case?

> +
> + /* Write encryption iv */
> + qce_cpu_to_be32p_array(enciv, rctx->iv, enc_ivsize);
> + enciv_words = enc_ivsize / sizeof(u32);
> + qce_write_array(qce, REG_CNTR0_IV0, (u32 *)enciv, enciv_words);

It would be nice if this snippet was extracted to a helper function.

> +
> + if (IS_CCM(rctx->flags)) {
> + iv_last_word = (u32 *)&enciv[enciv_words - 1];
> +// qce_write(qce, REG_CNTR3_IV3, enciv[enciv_words - 1] + 1);

I believe this is a remnant of the two surrounding lines.

> + qce_write(qce, REG_CNTR3_IV3, (*iv_last_word) + 1);

enciv is an array of big endian 32-bit integers, which you tell the
compiler to treat as cpu-native endian, and then you do math on it.
Afaict from the documentation the value of REG_CNTR3_IVn should be set
to rctx->iv + 1, but if the hardware expects these in big endian then I
think you added 16777216.

Perhaps I'm missing something here though?

PS. Based on how the documentation is written, shouldn't you write out
REG_CNTR_IV[012] as well?

> + qce_write_array(qce, REG_ENCR_CCM_INT_CNTR0, (u32 *)enciv, enciv_words);
> + qce_write(qce, REG_CNTR_MASK, ~0);
> + qce_write(qce, REG_CNTR_MASK0, ~0);
> + qce_write(qce, REG_CNTR_MASK1, ~0);
> + qce_write(qce, REG_CNTR_MASK2, ~0);
> + }
> +
> + /* Clear authentication IV and KEY registers of previous values */
> + qce_clear_array(qce, REG_AUTH_IV0, 16);
> + qce_clear_array(qce, REG_AUTH_KEY0, 16);
> +
> + /* Clear byte count */
> + qce_clear_array(qce, REG_AUTH_BYTECNT0, 4);
> +
> + /* Write authentication key */
> + qce_cpu_to_be32p_array(authkey, ctx->auth_key, auth_keylen);
> + authkey_words = DIV_ROUND_UP(auth_keylen, sizeof(u32));
> + qce_write_array(qce, REG_AUTH_KEY0, (u32 *)authkey, authkey_words);
> +
> + if (IS_SHA_HMAC(rctx->flags)) {
> + /* Write default authentication iv */
> + if (IS_SHA1_HMAC(rctx->flags)) {
> + auth_ivsize = SHA1_DIGEST_SIZE;
> + memcpy(authiv, std_iv_sha1, auth_ivsize);
> + } else if (IS_SHA256_HMAC(rctx->flags)) {
> + auth_ivsize = SHA256_DIGEST_SIZE;
> + memcpy(authiv, std_iv_sha256, auth_ivsize);
> + }
> + authiv_words = auth_ivsize / sizeof(u32);
> + qce_write_array(qce, REG_AUTH_IV0, (u32 *)authiv, authiv_words);

AUTH_IV0 is affected by the little endian configuration, does this imply
that IS_SHA_HMAC() and IS_CCM() are exclusive bits of rctx->flags? If so
I think it would be nice if you grouped the conditionals in a way that
made that obvious when reading the function.

> + }
> +
> + if (IS_CCM(rctx->flags)) {
> + qce_cpu_to_be32p_array(authnonce, rctx->ccm_nonce, QCE_MAX_NONCE);
> + authnonce_words = QCE_MAX_NONCE / sizeof(u32);
> + qce_write_array(qce, REG_AUTH_INFO_NONCE0, (u32 *)authnonce, authnonce_words);
> + }
> +
> + /* Set up ENCR_SEG_CFG */
> + encr_cfg = qce_encr_cfg(flags, enc_keylen);
> + if (IS_ENCRYPT(flags))
> + encr_cfg |= BIT(ENCODE_SHIFT);
> + qce_write(qce, REG_ENCR_SEG_CFG, encr_cfg);
> +
> + /* Set up AUTH_SEG_CFG */
> + auth_cfg = qce_auth_cfg(rctx->flags, auth_keylen, ctx->authsize);
> + auth_cfg |= BIT(AUTH_LAST_SHIFT);
> + auth_cfg |= BIT(AUTH_FIRST_SHIFT);
> + if (IS_ENCRYPT(flags)) {
> + if (IS_CCM(rctx->flags))
> + auth_cfg |= AUTH_POS_BEFORE << AUTH_POS_SHIFT;
> + else
> + auth_cfg |= AUTH_POS_AFTER << AUTH_POS_SHIFT;
> + } else {
> + if (IS_CCM(rctx->flags))
> + auth_cfg |= AUTH_POS_AFTER << AUTH_POS_SHIFT;
> + else
> + auth_cfg |= AUTH_POS_BEFORE << AUTH_POS_SHIFT;
> + }
> + qce_write(qce, REG_AUTH_SEG_CFG, auth_cfg);
> +
> + totallen = rctx->cryptlen + rctx->assoclen;
> +
> + /* Set the encryption size and start offset */
> + if (IS_CCM(rctx->flags) && IS_DECRYPT(rctx->flags))
> + qce_write(qce, REG_ENCR_SEG_SIZE, rctx->cryptlen + ctx->authsize);
> + else
> + qce_write(qce, REG_ENCR_SEG_SIZE, rctx->cryptlen);
> + qce_write(qce, REG_ENCR_SEG_START, rctx->assoclen & 0xffff);
> +
> + /* Set the authentication size and start offset */
> + qce_write(qce, REG_AUTH_SEG_SIZE, totallen);
> + qce_write(qce, REG_AUTH_SEG_START, 0);
> +
> + /* Write total length */
> + if (IS_CCM(rctx->flags) && IS_DECRYPT(rctx->flags))
> + qce_write(qce, REG_SEG_SIZE, totallen + ctx->authsize);
> + else
> + qce_write(qce, REG_SEG_SIZE, totallen);
> +
> + /* get little endianness */
> + config = qce_config_reg(qce, 1);
> + qce_write(qce, REG_CONFIG, config);
> +
> + /* Start the process */
> + if (IS_CCM(flags))
> + qce_crypto_go(qce, 0);

Second parameter is defined as "bool", please use "false" here (and true
below). Or

qce_crypto_go(qce, !IS_CCM(flags));

Regards,
Bjorn

> + else
> + qce_crypto_go(qce, 1);
> +
> + return 0;
> +}
> +#endif
> +
> int qce_start(struct crypto_async_request *async_req, u32 type)
> {
> switch (type) {
> @@ -396,6 +543,10 @@ int qce_start(struct crypto_async_request *async_req, u32 type)
> #ifdef CONFIG_CRYPTO_DEV_QCE_SHA
> case CRYPTO_ALG_TYPE_AHASH:
> return qce_setup_regs_ahash(async_req);
> +#endif
> +#ifdef CONFIG_CRYPTO_DEV_QCE_AEAD
> + case CRYPTO_ALG_TYPE_AEAD:
> + return qce_setup_regs_aead(async_req);
> #endif
> default:
> return -EINVAL;
> --
> 2.25.1
>

Next message: Bjorn Andersson: "Re: [PATCH 2/7] crypto: qce: common: Make result dump optional"
Previous message: Andreas Kemnade: "[PATCH] mfd: rn5t618: fix IRQ trigger by changing it to level mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]