This patch adds support for authenc(hmac(sha1),cbc(des3_ede))
to the talitos crypto driver for the Freescale Security Engine.
Some adjustments were made to the scatterlist to link table conversion
to make 3des work for ping -s 1439..1446.
Signed-off-by: Lee Nipper <[email protected]>
---
This patch applies against cryptodev-2.6 tree at
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git.
drivers/crypto/talitos.c | 93 +++++++++++++++++++++++++++++++++------------
drivers/crypto/talitos.h | 3 +-
2 files changed, 69 insertions(+), 27 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index e123312..e8459e0 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -642,20 +642,24 @@ static void talitos_unregister_rng(struct device *dev)
#define TALITOS_MAX_KEY_SIZE 64
#define TALITOS_MAX_AUTH_SIZE 20
#define TALITOS_AES_MIN_BLOCK_SIZE 16
+#define TALITOS_3DES_MIN_BLOCK_SIZE 24
+
#define TALITOS_AES_IV_LENGTH 16
+#define TALITOS_3DES_IV_LENGTH 8
+#define TALITOS_MAX_IV_LENGTH 16
struct talitos_ctx {
struct device *dev;
__be32 desc_hdr_template;
u8 key[TALITOS_MAX_KEY_SIZE];
- u8 iv[TALITOS_AES_IV_LENGTH];
+ u8 iv[TALITOS_MAX_IV_LENGTH];
unsigned int keylen;
unsigned int enckeylen;
unsigned int authkeylen;
unsigned int authsize;
};
-static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc,
+static int aead_authenc_setauthsize(struct crypto_aead *authenc,
unsigned int authsize)
{
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -665,7 +669,7 @@ static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc,
return 0;
}
-static int aes_cbc_sha1_hmac_authenc_setkey(struct crypto_aead *authenc,
+static int aead_authenc_setkey(struct crypto_aead *authenc,
const u8 *key, unsigned int keylen)
{
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -825,10 +829,12 @@ static void ipsec_esp_decrypt_done(struct device *dev,
* convert scatterlist to SEC h/w link table format
* stop at cryptlen bytes
*/
-static void sg_to_link_tbl(struct scatterlist *sg, int sg_count,
+static int sg_to_link_tbl(struct scatterlist *sg, int sg_count,
int cryptlen, struct talitos_ptr *link_tbl_ptr)
{
- while (cryptlen > 0) {
+ int n_sg = sg_count;
+
+ while (n_sg--) {
link_tbl_ptr->ptr = cpu_to_be32(sg_dma_address(sg));
link_tbl_ptr->len = cpu_to_be16(sg_dma_len(sg));
link_tbl_ptr->j_extent = 0;
@@ -837,13 +843,22 @@ static void sg_to_link_tbl(struct scatterlist *sg, int sg_count,
sg = sg_next(sg);
}
- /* adjust (decrease) last entry's len to cryptlen */
+ /* adjust (decrease) last one (or two) entry's len to cryptlen */
link_tbl_ptr--;
+ while (link_tbl_ptr->len <= (-cryptlen)) {
+ /* Empty this entry, and move to previous one */
+ cryptlen += be16_to_cpu(link_tbl_ptr->len);
+ link_tbl_ptr->len = 0;
+ sg_count--;
+ link_tbl_ptr--;
+ }
link_tbl_ptr->len = cpu_to_be16(be16_to_cpu(link_tbl_ptr->len)
+ cryptlen);
/* tag end of link table */
link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
+
+ return sg_count;
}
/*
@@ -900,12 +915,17 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
if (sg_count == 1) {
desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src));
} else {
- sg_to_link_tbl(areq->src, sg_count, cryptlen,
- &edesc->link_tbl[0]);
- desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP;
- desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl);
- dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
- edesc->dma_len, DMA_BIDIRECTIONAL);
+ sg_count = sg_to_link_tbl(areq->src, sg_count, cryptlen,
+ &edesc->link_tbl[0]);
+ if (sg_count > 1) {
+ desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP;
+ desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl);
+ dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
+ edesc->dma_len, DMA_BIDIRECTIONAL);
+ } else {
+ /* Only one segment now, so no link tbl needed */
+ desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src));
+ }
}
/* cipher out */
@@ -931,8 +951,8 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
memcpy(link_tbl_ptr, &edesc->link_tbl[0],
edesc->src_nents * sizeof(struct talitos_ptr));
} else {
- sg_to_link_tbl(areq->dst, sg_count, cryptlen,
- link_tbl_ptr);
+ sg_count = sg_to_link_tbl(areq->dst, sg_count, cryptlen,
+ link_tbl_ptr);
}
link_tbl_ptr += sg_count - 1;
@@ -1038,7 +1058,7 @@ static struct ipsec_esp_edesc *ipsec_esp_edesc_alloc(struct aead_request *areq,
return edesc;
}
-static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req)
+static int aead_authenc_encrypt(struct aead_request *req)
{
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -1050,12 +1070,12 @@ static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req)
return PTR_ERR(edesc);
/* set encrypt */
- edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
+ edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_encrypt_done);
}
-static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req)
+static int aead_authenc_decrypt(struct aead_request *req)
{
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -1089,7 +1109,7 @@ static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req)
return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_decrypt_done);
}
-static int aes_cbc_sha1_hmac_authenc_givencrypt(
+static int aead_authenc_givencrypt(
struct aead_givcrypt_request *req)
{
struct aead_request *areq = &req->areq;
@@ -1103,7 +1123,7 @@ static int aes_cbc_sha1_hmac_authenc_givencrypt(
return PTR_ERR(edesc);
/* set encrypt */
- edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
+ edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc));
@@ -1127,11 +1147,11 @@ static struct talitos_alg_template driver_algs[] = {
.driver_name = "authenc(hmac(sha1-talitos),cbc(aes-talitos))",
.blocksize = TALITOS_AES_MIN_BLOCK_SIZE,
.aead = {
- .setkey = aes_cbc_sha1_hmac_authenc_setkey,
- .setauthsize = aes_cbc_sha1_hmac_authenc_setauthsize,
- .encrypt = aes_cbc_sha1_hmac_authenc_encrypt,
- .decrypt = aes_cbc_sha1_hmac_authenc_decrypt,
- .givencrypt = aes_cbc_sha1_hmac_authenc_givencrypt,
+ .setkey = aead_authenc_setkey,
+ .setauthsize = aead_authenc_setauthsize,
+ .encrypt = aead_authenc_encrypt,
+ .decrypt = aead_authenc_decrypt,
+ .givencrypt = aead_authenc_givencrypt,
.geniv = "<built-in>",
.ivsize = TALITOS_AES_IV_LENGTH,
.maxauthsize = TALITOS_MAX_AUTH_SIZE,
@@ -1143,6 +1163,29 @@ static struct talitos_alg_template driver_algs[] = {
DESC_HDR_MODE1_MDEU_INIT |
DESC_HDR_MODE1_MDEU_PAD |
DESC_HDR_MODE1_MDEU_SHA1_HMAC,
+ },
+ {
+ .name = "authenc(hmac(sha1),cbc(des3_ede))",
+ .driver_name = "authenc(hmac(sha1-talitos),cbc(3des-talitos))",
+ .blocksize = TALITOS_3DES_MIN_BLOCK_SIZE,
+ .aead = {
+ .setkey = aead_authenc_setkey,
+ .setauthsize = aead_authenc_setauthsize,
+ .encrypt = aead_authenc_encrypt,
+ .decrypt = aead_authenc_decrypt,
+ .givencrypt = aead_authenc_givencrypt,
+ .geniv = "<built-in>",
+ .ivsize = TALITOS_3DES_IV_LENGTH,
+ .maxauthsize = TALITOS_MAX_AUTH_SIZE,
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+ DESC_HDR_SEL0_DEU |
+ DESC_HDR_MODE0_DEU_CBC |
+ DESC_HDR_MODE0_DEU_3DES |
+ DESC_HDR_SEL1_MDEUA |
+ DESC_HDR_MODE1_MDEU_INIT |
+ DESC_HDR_MODE1_MDEU_PAD |
+ DESC_HDR_MODE1_MDEU_SHA1_HMAC,
}
};
@@ -1166,7 +1209,7 @@ static int talitos_cra_init(struct crypto_tfm *tfm)
ctx->desc_hdr_template = talitos_alg->desc_hdr_template;
/* random first IV */
- get_random_bytes(ctx->iv, TALITOS_AES_IV_LENGTH);
+ get_random_bytes(ctx->iv, TALITOS_MAX_IV_LENGTH);
return 0;
}
diff --git a/drivers/crypto/talitos.h b/drivers/crypto/talitos.h
index de0e377..c48a405 100644
--- a/drivers/crypto/talitos.h
+++ b/drivers/crypto/talitos.h
@@ -144,11 +144,10 @@
#define DESC_HDR_SEL0_CRCU __constant_cpu_to_be32(0x80000000)
/* primary execution unit mode (MODE0) and derivatives */
+#define DESC_HDR_MODE0_ENCRYPT __constant_cpu_to_be32(0x00100000)
#define DESC_HDR_MODE0_AESU_CBC __constant_cpu_to_be32(0x00200000)
-#define DESC_HDR_MODE0_AESU_ENC __constant_cpu_to_be32(0x00100000)
#define DESC_HDR_MODE0_DEU_CBC __constant_cpu_to_be32(0x00400000)
#define DESC_HDR_MODE0_DEU_3DES __constant_cpu_to_be32(0x00200000)
-#define DESC_HDR_MODE0_DEU_ENC __constant_cpu_to_be32(0x00100000)
#define DESC_HDR_MODE0_MDEU_INIT __constant_cpu_to_be32(0x01000000)
#define DESC_HDR_MODE0_MDEU_HMAC __constant_cpu_to_be32(0x00800000)
#define DESC_HDR_MODE0_MDEU_PAD __constant_cpu_to_be32(0x00400000)
--
1.5.6.1
On Wed, Jul 02, 2008 at 10:48:43PM +0000, Lee Nipper wrote:
> This patch adds support for authenc(hmac(sha1),cbc(des3_ede))
> to the talitos crypto driver for the Freescale Security Engine.
> Some adjustments were made to the scatterlist to link table conversion
> to make 3des work for ping -s 1439..1446.
>
> Signed-off-by: Lee Nipper <[email protected]>
Applied to cryptodev-2.6.
While looking at this I noticed that the driver names are ambiguous,
I've fixed it up with this patch:
crypto: talitos - Use proper form for algorithm driver names
The name authenc(hmac(sha1-talitos),cbc(aes-talitos)) is potentially
ambiguous since it could also mean using the generic authenc template
on hmac(sha1-talitos) and cbc(aes-talitos). In general, parentheses
should be reserved for templates that spawn algorithms.
This patches changes it to the form authenc-hmac-sha1-cbc-aes-talitos.
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index e8459e0..8c270cd 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1144,7 +1144,7 @@ static struct talitos_alg_template driver_algs[] = {
/* single-pass ipsec_esp descriptor */
{
.name = "authenc(hmac(sha1),cbc(aes))",
- .driver_name = "authenc(hmac(sha1-talitos),cbc(aes-talitos))",
+ .driver_name = "authenc-hmac-sha1-cbc-aes-talitos",
.blocksize = TALITOS_AES_MIN_BLOCK_SIZE,
.aead = {
.setkey = aead_authenc_setkey,
@@ -1166,7 +1166,7 @@ static struct talitos_alg_template driver_algs[] = {
},
{
.name = "authenc(hmac(sha1),cbc(des3_ede))",
- .driver_name = "authenc(hmac(sha1-talitos),cbc(3des-talitos))",
+ .driver_name = "authenc-hmac-sha1-cbc-3des-talitos",
.blocksize = TALITOS_3DES_MIN_BLOCK_SIZE,
.aead = {
.setkey = aead_authenc_setkey,
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt