X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=drivers%2Fcrypto%2Ftalitos.c;h=b11943dadefd7a23d85d29f5908451859e397497;hb=25377479de7539fdc871a0f0ecaa39da42353bbc;hp=e12331296a001d83de84c0c33bb7a9d89566c8c7;hpb=9c4a79653b35efc9d6790c295e22f79f4b361125;p=linux-2.6

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index e12331296a..b11943dade 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -40,6 +40,7 @@
 
 #include <crypto/algapi.h>
 #include <crypto/aes.h>
+#include <crypto/des.h>
 #include <crypto/sha.h>
 #include <crypto/aead.h>
 #include <crypto/authenc.h>
@@ -640,22 +641,22 @@ static void talitos_unregister_rng(struct device *dev)
  */
 #define TALITOS_CRA_PRIORITY		3000
 #define TALITOS_MAX_KEY_SIZE		64
-#define TALITOS_MAX_AUTH_SIZE		20
-#define TALITOS_AES_MIN_BLOCK_SIZE	16
-#define TALITOS_AES_IV_LENGTH		16
+#define TALITOS_MAX_IV_LENGTH		16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
+
+#define MD5_DIGEST_SIZE   16
 
 struct talitos_ctx {
 	struct device *dev;
 	__be32 desc_hdr_template;
 	u8 key[TALITOS_MAX_KEY_SIZE];
-	u8 iv[TALITOS_AES_IV_LENGTH];
+	u8 iv[TALITOS_MAX_IV_LENGTH];
 	unsigned int keylen;
 	unsigned int enckeylen;
 	unsigned int authkeylen;
 	unsigned int authsize;
 };
 
-static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc,
+static int aead_authenc_setauthsize(struct crypto_aead *authenc,
 						 unsigned int authsize)
 {
 	struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -665,7 +666,7 @@ static int aes_cbc_sha1_hmac_authenc_setauthsize(struct crypto_aead *authenc,
 	return 0;
 }
 
-static int aes_cbc_sha1_hmac_authenc_setkey(struct crypto_aead *authenc,
+static int aead_authenc_setkey(struct crypto_aead *authenc,
 					    const u8 *key, unsigned int keylen)
 {
 	struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -825,10 +826,12 @@ static void ipsec_esp_decrypt_done(struct device *dev,
  * convert scatterlist to SEC h/w link table format
  * stop at cryptlen bytes
  */
-static void sg_to_link_tbl(struct scatterlist *sg, int sg_count,
+static int sg_to_link_tbl(struct scatterlist *sg, int sg_count,
 			   int cryptlen, struct talitos_ptr *link_tbl_ptr)
 {
-	while (cryptlen > 0) {
+	int n_sg = sg_count;
+
+	while (n_sg--) {
 		link_tbl_ptr->ptr = cpu_to_be32(sg_dma_address(sg));
 		link_tbl_ptr->len = cpu_to_be16(sg_dma_len(sg));
 		link_tbl_ptr->j_extent = 0;
@@ -837,13 +840,22 @@ static void sg_to_link_tbl(struct scatterlist *sg, int sg_count,
 		sg = sg_next(sg);
 	}
 
-	/* adjust (decrease) last entry's len to cryptlen */
+	/* adjust (decrease) last one (or two) entry's len to cryptlen */
 	link_tbl_ptr--;
+	while (link_tbl_ptr->len <= (-cryptlen)) {
+		/* Empty this entry, and move to previous one */
+		cryptlen += be16_to_cpu(link_tbl_ptr->len);
+		link_tbl_ptr->len = 0;
+		sg_count--;
+		link_tbl_ptr--;
+	}
 	link_tbl_ptr->len = cpu_to_be16(be16_to_cpu(link_tbl_ptr->len)
 					+ cryptlen);
 
 	/* tag end of link table */
 	link_tbl_ptr->j_extent = DESC_PTR_LNKTBL_RETURN;
+
+	return sg_count;
 }
 
 /*
@@ -900,12 +912,17 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
 	if (sg_count == 1) {
 		desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src));
 	} else {
-		sg_to_link_tbl(areq->src, sg_count, cryptlen,
-			       &edesc->link_tbl[0]);
-		desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP;
-		desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl);
-		dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
-					   edesc->dma_len, DMA_BIDIRECTIONAL);
+		sg_count = sg_to_link_tbl(areq->src, sg_count, cryptlen,
+					  &edesc->link_tbl[0]);
+		if (sg_count > 1) {
+			desc->ptr[4].j_extent |= DESC_PTR_LNKTBL_JUMP;
+			desc->ptr[4].ptr = cpu_to_be32(edesc->dma_link_tbl);
+			dma_sync_single_for_device(ctx->dev, edesc->dma_link_tbl,
+						   edesc->dma_len, DMA_BIDIRECTIONAL);
+		} else {
+			/* Only one segment now, so no link tbl needed */
+			desc->ptr[4].ptr = cpu_to_be32(sg_dma_address(areq->src));
+		}
 	}
 
 	/* cipher out */
@@ -931,8 +948,8 @@ static int ipsec_esp(struct ipsec_esp_edesc *edesc, struct aead_request *areq,
 			memcpy(link_tbl_ptr, &edesc->link_tbl[0],
 			       edesc->src_nents * sizeof(struct talitos_ptr));
 		} else {
-			sg_to_link_tbl(areq->dst, sg_count, cryptlen,
-				       link_tbl_ptr);
+			sg_count = sg_to_link_tbl(areq->dst, sg_count, cryptlen,
+						  link_tbl_ptr);
 		}
 		link_tbl_ptr += sg_count - 1;
 
@@ -1038,7 +1055,7 @@ static struct ipsec_esp_edesc *ipsec_esp_edesc_alloc(struct aead_request *areq,
 	return edesc;
 }
 
-static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req)
+static int aead_authenc_encrypt(struct aead_request *req)
 {
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -1050,12 +1067,12 @@ static int aes_cbc_sha1_hmac_authenc_encrypt(struct aead_request *req)
 		return PTR_ERR(edesc);
 
 	/* set encrypt */
-	edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
+	edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
 
 	return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_encrypt_done);
 }
 
-static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req)
+static int aead_authenc_decrypt(struct aead_request *req)
 {
 	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
 	struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
@@ -1089,7 +1106,7 @@ static int aes_cbc_sha1_hmac_authenc_decrypt(struct aead_request *req)
 	return ipsec_esp(edesc, req, NULL, 0, ipsec_esp_decrypt_done);
 }
 
-static int aes_cbc_sha1_hmac_authenc_givencrypt(
+static int aead_authenc_givencrypt(
 	struct aead_givcrypt_request *req)
 {
 	struct aead_request *areq = &req->areq;
@@ -1103,7 +1120,7 @@ static int aes_cbc_sha1_hmac_authenc_givencrypt(
 		return PTR_ERR(edesc);
 
 	/* set encrypt */
-	edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_AESU_ENC;
+	edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
 
 	memcpy(req->giv, ctx->iv, crypto_aead_ivsize(authenc));
 
@@ -1124,17 +1141,17 @@ static struct talitos_alg_template driver_algs[] = {
 	/* single-pass ipsec_esp descriptor */
 	{
 		.name = "authenc(hmac(sha1),cbc(aes))",
-		.driver_name = "authenc(hmac(sha1-talitos),cbc(aes-talitos))",
-		.blocksize = TALITOS_AES_MIN_BLOCK_SIZE,
+		.driver_name = "authenc-hmac-sha1-cbc-aes-talitos",
+		.blocksize = AES_BLOCK_SIZE,
 		.aead = {
-			.setkey = aes_cbc_sha1_hmac_authenc_setkey,
-			.setauthsize = aes_cbc_sha1_hmac_authenc_setauthsize,
-			.encrypt = aes_cbc_sha1_hmac_authenc_encrypt,
-			.decrypt = aes_cbc_sha1_hmac_authenc_decrypt,
-			.givencrypt = aes_cbc_sha1_hmac_authenc_givencrypt,
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
 			.geniv = "<built-in>",
-			.ivsize = TALITOS_AES_IV_LENGTH,
-			.maxauthsize = TALITOS_MAX_AUTH_SIZE,
+			.ivsize = AES_BLOCK_SIZE,
+			.maxauthsize = SHA1_DIGEST_SIZE,
 			},
 		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
 			             DESC_HDR_SEL0_AESU |
@@ -1143,6 +1160,119 @@ static struct talitos_alg_template driver_algs[] = {
 		                     DESC_HDR_MODE1_MDEU_INIT |
 		                     DESC_HDR_MODE1_MDEU_PAD |
 		                     DESC_HDR_MODE1_MDEU_SHA1_HMAC,
+	},
+	{
+		.name = "authenc(hmac(sha1),cbc(des3_ede))",
+		.driver_name = "authenc-hmac-sha1-cbc-3des-talitos",
+		.blocksize = DES3_EDE_BLOCK_SIZE,
+		.aead = {
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
+			.geniv = "<built-in>",
+			.ivsize = DES3_EDE_BLOCK_SIZE,
+			.maxauthsize = SHA1_DIGEST_SIZE,
+			},
+		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+			             DESC_HDR_SEL0_DEU |
+		                     DESC_HDR_MODE0_DEU_CBC |
+		                     DESC_HDR_MODE0_DEU_3DES |
+		                     DESC_HDR_SEL1_MDEUA |
+		                     DESC_HDR_MODE1_MDEU_INIT |
+		                     DESC_HDR_MODE1_MDEU_PAD |
+		                     DESC_HDR_MODE1_MDEU_SHA1_HMAC,
+	},
+	{
+		.name = "authenc(hmac(sha256),cbc(aes))",
+		.driver_name = "authenc-hmac-sha256-cbc-aes-talitos",
+		.blocksize = AES_BLOCK_SIZE,
+		.aead = {
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
+			.geniv = "<built-in>",
+			.ivsize = AES_BLOCK_SIZE,
+			.maxauthsize = SHA256_DIGEST_SIZE,
+			},
+		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+			             DESC_HDR_SEL0_AESU |
+		                     DESC_HDR_MODE0_AESU_CBC |
+		                     DESC_HDR_SEL1_MDEUA |
+		                     DESC_HDR_MODE1_MDEU_INIT |
+		                     DESC_HDR_MODE1_MDEU_PAD |
+		                     DESC_HDR_MODE1_MDEU_SHA256_HMAC,
+	},
+	{
+		.name = "authenc(hmac(sha256),cbc(des3_ede))",
+		.driver_name = "authenc-hmac-sha256-cbc-3des-talitos",
+		.blocksize = DES3_EDE_BLOCK_SIZE,
+		.aead = {
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
+			.geniv = "<built-in>",
+			.ivsize = DES3_EDE_BLOCK_SIZE,
+			.maxauthsize = SHA256_DIGEST_SIZE,
+			},
+		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+			             DESC_HDR_SEL0_DEU |
+		                     DESC_HDR_MODE0_DEU_CBC |
+		                     DESC_HDR_MODE0_DEU_3DES |
+		                     DESC_HDR_SEL1_MDEUA |
+		                     DESC_HDR_MODE1_MDEU_INIT |
+		                     DESC_HDR_MODE1_MDEU_PAD |
+		                     DESC_HDR_MODE1_MDEU_SHA256_HMAC,
+	},
+	{
+		.name = "authenc(hmac(md5),cbc(aes))",
+		.driver_name = "authenc-hmac-md5-cbc-aes-talitos",
+		.blocksize = AES_BLOCK_SIZE,
+		.aead = {
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
+			.geniv = "<built-in>",
+			.ivsize = AES_BLOCK_SIZE,
+			.maxauthsize = MD5_DIGEST_SIZE,
+			},
+		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+			             DESC_HDR_SEL0_AESU |
+		                     DESC_HDR_MODE0_AESU_CBC |
+		                     DESC_HDR_SEL1_MDEUA |
+		                     DESC_HDR_MODE1_MDEU_INIT |
+		                     DESC_HDR_MODE1_MDEU_PAD |
+		                     DESC_HDR_MODE1_MDEU_MD5_HMAC,
+	},
+	{
+		.name = "authenc(hmac(md5),cbc(des3_ede))",
+		.driver_name = "authenc-hmac-md5-cbc-3des-talitos",
+		.blocksize = DES3_EDE_BLOCK_SIZE,
+		.aead = {
+			.setkey = aead_authenc_setkey,
+			.setauthsize = aead_authenc_setauthsize,
+			.encrypt = aead_authenc_encrypt,
+			.decrypt = aead_authenc_decrypt,
+			.givencrypt = aead_authenc_givencrypt,
+			.geniv = "<built-in>",
+			.ivsize = DES3_EDE_BLOCK_SIZE,
+			.maxauthsize = MD5_DIGEST_SIZE,
+			},
+		.desc_hdr_template = DESC_HDR_TYPE_IPSEC_ESP |
+			             DESC_HDR_SEL0_DEU |
+		                     DESC_HDR_MODE0_DEU_CBC |
+		                     DESC_HDR_MODE0_DEU_3DES |
+		                     DESC_HDR_SEL1_MDEUA |
+		                     DESC_HDR_MODE1_MDEU_INIT |
+		                     DESC_HDR_MODE1_MDEU_PAD |
+		                     DESC_HDR_MODE1_MDEU_MD5_HMAC,
 	}
 };
 
@@ -1166,7 +1296,7 @@ static int talitos_cra_init(struct crypto_tfm *tfm)
 	ctx->desc_hdr_template = talitos_alg->desc_hdr_template;
 
 	/* random first IV */
-	get_random_bytes(ctx->iv, TALITOS_AES_IV_LENGTH);
+	get_random_bytes(ctx->iv, TALITOS_MAX_IV_LENGTH);
 
 	return 0;
 }