marvell/linux/drivers/crypto/asr/te200/asr-cipher.c

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/err.h>
#include <linux/clk-provider.h>
#include <linux/clk.h>
#include <linux/io.h>
#include <linux/hw_random.h>
#include <linux/platform_device.h>
#include <linux/bitops.h>
#include <linux/device.h>
#include <linux/init.h>
#include <linux/errno.h>
#include <linux/interrupt.h>
#include <linux/irq.h>
#include <linux/scatterlist.h>
#include <linux/dma-mapping.h>
#include <linux/dmaengine.h>
#include <linux/of_device.h>
#include <linux/of_address.h>
#include <linux/delay.h>
#include <linux/crypto.h>
#include <linux/cputype.h>
#include <crypto/scatterwalk.h>
#include <crypto/algapi.h>
#include <linux/jiffies.h>
#include <crypto/aes.h>
#include <crypto/sm4.h>
#include <crypto/internal/skcipher.h>
#include "asr-te200.h"
#include "asr-cipher.h"

#define CIPHER_BLOCK_SIZE AES_BLOCK_SIZE
#define CIPHER_MIN_KEY_SIZE AES_MIN_KEY_SIZE
#define CIPHER_MAX_KEY_SIZE AES_MAX_KEY_SIZE

static struct asr_te200_cipher *asr_cipher_local = NULL;

static inline u32 asr_cipher_read(struct asr_te200_cipher *dd, u32 offset)
{
	u32 value = readl_relaxed(dd->io_base + offset);

	return value;
}

static inline void asr_cipher_write(struct asr_te200_cipher *dd,
					u32 offset, u32 value)
{
	writel_relaxed(value, dd->io_base + offset);
}

static int sca_clock_switch(struct asr_te200_cipher *dd, int enable)
{
	uint32_t value;
	value = asr_cipher_read(dd, TE200_CLOCK_CTRL);
	if (enable) {
		value |= SCA_CLK_EN;
	} else {
		value &= ~SCA_CLK_EN;
	}
	asr_cipher_write(dd, TE200_CLOCK_CTRL, value);
	return 0;
}

static int sca_start_run(struct asr_te200_cipher *dd)
{
	uint32_t value;
	value = asr_cipher_read(dd, TE200_SSCA_CTRL);
	value |= SCA_RUN;
	asr_cipher_write(dd, TE200_SSCA_CTRL, value);
	return 0; 
}

static int sca_set_alg(int alg_type, uint32_t *value)
{
	switch (alg_type) {
	case NORMAL_AES:
		*value &= SCA_NORMAL_AES;
		break;
	case SM4:
		*value |= SCA_SM4;
		break;
	default:
		return -1;
	}
	return 0; 
}

static int sca_set_cipher_mode(int mode, uint32_t *value)
{
	switch (mode) {
	case ECB:
		*value &= SCA_MODE_ECB;
		break;
	case CTR:
		*value |= SCA_MODE_CTR;
		break;
	case CBC:
		*value |= SCA_MODE_CBC;
		break;
	default:
		return -1;
	}
	return 0; 
}

static int sca_set_iv(const uint8_t *iv, uint32_t *value)
{
	if (iv) {
		*value |= SCA_SET_IV | SCA_SET_IV_ADDR;
	} else {
		*value &= (~(SCA_SET_IV | SCA_SET_IV_ADDR));
	}
	return 0;
}

static int sca_set_key(const uint8_t *key, uint32_t key_len, uint32_t *value)
{
	switch (key_len) {
	case 16:
		*value &= SCA_KEY_128_BITS;
		break;
	case 24:
		*value |= SCA_KEY_192_BITS;
		break;
	case 32:
		*value |= SCA_KEY_256_BITS;
		break;  
	default:
		return -1;
	}

	if (key) {
		*value |= SCA_EXTERNAL_KEY | SCA_KEY_IS_ADDR;
	} else {
		*value |= SCA_DEVICE_ROOT_KEY | SCA_KEY_IS_ADDR;
	}

	return 0;
}

static int sca_wait_intr(struct asr_te200_cipher *dd)
{
	int ret = 0;
	uint32_t value;
	uint32_t time_start;
	time_start = jiffies;
	value = asr_cipher_read(dd, TE200_SSCA_INTR_STAT);

	while (1) {
		value = asr_cipher_read(dd, TE200_SSCA_INTR_STAT);

		if (value & SCA_INVALID_CMD) {
			dev_err(dd->dev, "invallid cmd\n");
			ret = -1;
			break;
		}

		if (value & SCA_INVALID_KEY) {
			dev_err(dd->dev, "invallid key\n");
			ret = -1;
			break;
		}

		if (value & SCA_BUS_ERROR) {
			dev_err(dd->dev, "bus err\n");
			ret = -1;
			break;
		}

		if ((jiffies - time_start) > 500) {
			dev_err(dd->dev, "wait intr timeout !\n");
			ret = -1;
			break;
		}

		if (value & SCA_CMD_INTR) {
			break;
		}
	}

	value = asr_cipher_read(dd, TE200_SSCA_INTR_STAT);
	value |= SCA_CMD_INTR;
	asr_cipher_write(dd, TE200_SSCA_INTR_STAT, value);
	return ret;
}

static inline void cipher_cache_operation(void *addr, int size)
{
	__cpuc_flush_dcache_area(addr, size);
}

/* sync the same key ladder in /tos/uboot/kernel te200 driver */
static const struct {
	__attribute__ ((aligned (16))) uint8_t ek3[16];
	__attribute__ ((aligned (16))) uint8_t ek2[16];
	__attribute__ ((aligned (16))) uint8_t ek1[16];
} key_ladder = {
	{ 0x50,0xCF,0x0F,0x29,0xD1,0xCF,0x32,0x41,0xC5,0x64,0xAC,0xDB,0xDD,0x9A,0xFC,0xF4 },
	{ 0x9C,0xAB,0x04,0x57,0xB7,0x17,0xD9,0x4A,0x34,0x74,0x28,0x30,0x34,0x16,0x3B,0x52 },
	{ 0xF5,0xA0,0x33,0x7B,0x4B,0xE8,0x18,0x84,0x51,0x4E,0x38,0x86,0x6D,0x08,0xBB,0x6E },
};

static int rkek_cfg_init(struct asr_te200_cipher *dd)
{
#define SYS_SEC_CTRL0           (0x0C)

    uint32_t value;
	struct device_node *np;
	struct resource res;
	void __iomem *io_base;

    value = asr_cipher_read(dd, TE200_CLOCK_CTRL);
    value &= ~OTP_CLK_EN;
    asr_cipher_write(dd, TE200_CLOCK_CTRL, value);

    value = asr_cipher_read(dd, TE200_CLOCK_CTRL);
    value |= OTP_CLK_EN;
    asr_cipher_read(dd, TE200_CLOCK_CTRL);

	/* set opt key sel */
	np = of_find_compatible_node(NULL, NULL, "marvell,mmp-ciu");
	if (!np) {
		dev_err(dd->dev, "can't find ciu node for set opt key sel");
		return -1;
	}

	if (of_address_to_resource(np, 0, &res)) {
		return -1;
	}

	io_base = ioremap(res.start, res.end - res.start);
	if (!io_base) {
		dev_err(dd->dev, "geu regs can't remap");
		return 0;
	}

	value = readl_relaxed(io_base + SYS_SEC_CTRL0);
	value |= (1 << 24);
	writel_relaxed(value, io_base + SYS_SEC_CTRL0);

	/* enable lock */
	value = asr_cipher_read(dd, TE200_OTP_DUMMY_CFG);
	value |= 0x10;
    asr_cipher_write(dd, TE200_OTP_DUMMY_CFG, value);

	iounmap(io_base);
	return 0;
}

static int sca_cipher_init(struct asr_te200_cipher *dd, int alg_type, int mode, 
						const uint8_t *iv, const uint8_t *key, uint32_t key_len)
{
	int ret;
	uint32_t cmd = 0;
	uint32_t param;
	uint32_t key_phys;
	uint32_t iv_phys;

	sca_start_run(dd);

	ret = sca_set_alg(alg_type, &cmd);
	if (ret) {
		return -1;
	}
	ret = sca_set_cipher_mode(mode, &cmd);
	if (ret) {
		return -1;
	}

	ret = sca_set_key(key, key_len, &cmd);
	if (ret) {
		return -1;
	}

	if (iv && ((mode == CBC) || (mode == CTR))) {
		ret = sca_set_iv(iv, &cmd);
		if (ret) {
			return -1;
		}
	}

	cmd |= SCA_INTER_TRIGGERD;
	cmd |= SCA_INIT_CMD;

	asr_cipher_write(dd, TE200_SSCA_QUEUE, cmd);

	/* set key params */
	if (key) {
		key_phys = virt_to_phys((void *)key);
		cipher_cache_operation((void*)key, key_len);
		param = (uint32_t)key_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);
	} else {		/* use rkek */
		key_phys = virt_to_phys((void *)key_ladder.ek3);
		cipher_cache_operation((void*)key_ladder.ek3, key_len);
		param = (uint32_t)key_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);

		key_phys = virt_to_phys((void *)key_ladder.ek2);
		cipher_cache_operation((void*)key_ladder.ek2, key_len);
		param = (uint32_t)key_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);

		key_phys = virt_to_phys((void *)key_ladder.ek1);
		cipher_cache_operation((void*)key_ladder.ek1, key_len);
		param = (uint32_t)key_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);
	}

	/* set iv params */
	if (iv && ((mode == CBC) || (mode == CTR))) {
		/* set iv addr */
		iv_phys = virt_to_phys((void *)iv);
		cipher_cache_operation((void*)iv, 16);
		param = (uint32_t)iv_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);
	}

	return sca_wait_intr(dd);
}

static int sca_cipher_process(struct asr_te200_cipher *dd, int encrypt, 
							int last_one, const void *in, uint32_t size, void *out)
{
	uint32_t cmd = 0;
	uint32_t param;
	uint8_t *psrc = (uint8_t *)in;
	uint8_t *pdst = (uint8_t *)out;
	uint32_t in_phys, out_phys;
	uint32_t len;

	len = (size + 0xf) & (~0xf);

	/* set big endain */
	if (encrypt) {
		cmd |= SCA_ENCRYPTION;
	} else {
		cmd &= (~SCA_ENCRYPTION);
	}

	cmd |= SCA_INTER_TRIGGERD;
	cmd |= SCA_PROCESS_CMD;
	if (last_one) {
		cmd |= SCA_LAST_ONE_SESSION;
	} else {
		cmd &= ~SCA_LAST_ONE_SESSION;
	}
	asr_cipher_write(dd, TE200_SSCA_QUEUE, cmd);

	in_phys = (uint32_t)virt_to_phys((void *)psrc);
	out_phys = (uint32_t)virt_to_phys((void *)pdst);
	cipher_cache_operation((void*)psrc, len);
	cipher_cache_operation((void*)pdst, len);

	/* set src addr */
	param = (uint32_t)in_phys;
	asr_cipher_write(dd, TE200_SSCA_QUEUE, param);

	/* set data length */
	param = (uint32_t)size;
	asr_cipher_write(dd, TE200_SSCA_QUEUE, param);

	/* set dst addr */
	if (out_phys) {
		param = (uint32_t)out_phys;
		asr_cipher_write(dd, TE200_SSCA_QUEUE, param);
	}

	sca_start_run(dd);
	return sca_wait_intr(dd);
}

static int sca_cipher_finish(struct asr_te200_cipher *dd)
{
	uint32_t cmd = 0;
	/* set cmd*/
	cmd |= SCA_INTER_TRIGGERD;
	cmd |= SCA_FINISH_CMD;
	asr_cipher_write(dd, TE200_SSCA_QUEUE, cmd);

	sca_start_run(dd);
	return sca_wait_intr(dd);
}

static int asr_cipher_hw_init(struct asr_te200_cipher *dd)
{
	asr_cipher_write(dd, TE200_SSCA_INTR_MSK, 0x1f);
	return 0;
}

static int sca_cipher_handle(struct asr_te200_cipher *dd, struct sca_data *psca_data, const uint8_t *iv, 
			const uint8_t *key, uint32_t key_len, const void *in, uint32_t size, void *out)
{
	int ret = 0;

	sca_clock_switch(dd, 0);
	sca_clock_switch(dd, 1);

	ret = asr_cipher_hw_init(dd);
	if (ret) {
		goto exit;
	}

	if (psca_data->use_rkek) {
		ret = rkek_cfg_init(dd);
		if (ret) {
			goto exit;
		}
		ret = sca_cipher_init(dd, psca_data->alg_type, psca_data->mode, iv, NULL, key_len);
	} else {
		ret = sca_cipher_init(dd, psca_data->alg_type, psca_data->mode, iv, key, key_len);
	}
	if (ret) {
		goto exit;
	}

	ret = sca_cipher_process(dd, psca_data->encrypt, 1, in, size, out);
	if (ret) {
		goto exit;
	}        

	ret = sca_cipher_finish(dd);
	if (ret) {
		goto exit;
	}

exit:
	sca_clock_switch(dd, 0);
	return ret;
}

static void asr_cipher_set_iv_as_last_ciphertext_block(struct asr_te200_cipher*dd)
{
	struct skcipher_request *req = skcipher_request_cast(dd->areq);
	struct asr_cipher_reqctx *rctx = skcipher_request_ctx(req);
	struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
	unsigned int ivsize = crypto_skcipher_ivsize(cipher);

	if (req->cryptlen < ivsize)
		return;

	if (rctx->mode & FLAGS_ENCRYPT) {
		scatterwalk_map_and_copy(req->iv, req->dst,
					 req->cryptlen - ivsize, ivsize, 0);
	} else {
		if (req->src == req->dst)
			memcpy(req->iv, rctx->lastc, ivsize);
		else
			scatterwalk_map_and_copy(req->iv, req->src,
						 req->cryptlen - ivsize,
						 ivsize, 0);
	}
}

static int asr_cipher_complete(struct asr_te200_cipher *dd, int err)
{
	struct asr_te200_dev *te200_dd = dev_get_drvdata(dd->dev);
	struct asr_te200_ops *te200_ops = te200_dd->te200_ops;

	dd->flags &= ~FLAGS_BUSY;

	asr_cipher_set_iv_as_last_ciphertext_block(dd);

	if (dd->is_async)
		dd->areq->complete(dd->areq, err);

	te200_ops->dev_put(te200_dd);

	tasklet_schedule(&dd->queue_task);

	return err;
}

static int asr_complete(struct asr_te200_cipher *dd)
{
	return asr_cipher_complete(dd, 0);
}

static inline size_t asr_cipher_padlen(size_t len, size_t block_size)
{
	len &= block_size - 1;
	return len ? block_size - len : 0;
}

static void get_sca_data_info(struct sca_data *psca_data, struct asr_te200_cipher *dd)
{

	psca_data->alg_type = (dd->flags & FLAGS_SM4) ? SM4 : NORMAL_AES;
	psca_data->encrypt = (dd->flags & FLAGS_ENCRYPT) ? 1 : 0;

	if ((dd->flags & FLAGS_OPMODE_MASK) == FLAGS_ECB)
		psca_data->mode = ECB;
	else if ((dd->flags & FLAGS_OPMODE_MASK) == FLAGS_CBC)
		psca_data->mode = CBC;
	else if ((dd->flags & FLAGS_OPMODE_MASK) == FLAGS_CTR)
		psca_data->mode = CTR;
}

static int asr_cipher_buff_init(struct asr_te200_cipher *dd, uint32_t len)
{
	dd->buf = (void *)__get_free_pages(GFP_KERNEL, get_order(len));

	if (!dd->buf) {
		dev_err(dd->dev, "unable to alloc pages.\n");
		return -ENOMEM;
	}

	dd->buflen = PAGE_SIZE << get_order(len);

	return 0;
}

static void asr_cipher_buff_cleanup(struct asr_te200_cipher *dd, uint32_t len)
{
	free_pages((unsigned long)dd->buf, get_order(len));
	dd->buflen = 0;
}

static inline void asr_cipher_get(struct asr_te200_cipher *dd)
{
	mutex_lock(&dd->cipher_lock);
}

static inline void asr_cipher_put(struct asr_te200_cipher *dd)
{
	if(mutex_is_locked(&dd->cipher_lock))
		mutex_unlock(&dd->cipher_lock);
}

static int asr_sca_cipher_process(struct asr_te200_cipher *dd, 
					struct skcipher_request *req, asr_cipher_fn_t resume)
{
	int ret;
	struct sca_data sca_data = {0};
	size_t padlen = asr_cipher_padlen(req->cryptlen, CIPHER_BLOCK_SIZE);
	struct asr_cipher_reqctx *rctx = skcipher_request_ctx(req);

	asr_cipher_get(dd);

	if (unlikely(req->cryptlen == 0)) {
		asr_cipher_put(dd);
		return -EINVAL;
	}

	dd->datalen = req->cryptlen + padlen;
	ret = asr_cipher_buff_init(dd, dd->datalen);
	if (ret) {
		asr_cipher_put(dd);
		return ret;
	}

	sg_copy_to_buffer(req->src, sg_nents(req->src), dd->buf, req->cryptlen);

	dd->total = req->cryptlen;
	dd->real_dst = req->dst;
	dd->resume = resume;
	dd->data = (u32 *)dd->buf;

	get_sca_data_info(&sca_data, dd);
	sca_data.use_rkek = rctx->use_rkek;
	ret = sca_cipher_handle(dd, &sca_data, req->iv, (uint8_t *)dd->ctx->key, 
						dd->ctx->keylen, dd->data, dd->datalen, dd->data);
	if (!sg_copy_from_buffer(dd->real_dst, sg_nents(dd->real_dst),
				 dd->buf, dd->total)) 
		ret = -EINVAL;

	asr_cipher_buff_cleanup(dd, dd->datalen);
	asr_cipher_put(dd);

	return asr_cipher_complete(dd, ret);
}

static inline void asr_cipher_set_mode(struct asr_te200_cipher *dd,
					  const struct asr_cipher_reqctx *rctx)
{
	/* Clear all but persistent flags and set request flags. */
	dd->flags = (dd->flags & CIPHER_FLAGS_PERSISTENT) | rctx->mode;
}

static int asr_cipher_start(struct asr_te200_cipher *dd)
{
	struct skcipher_request *req = skcipher_request_cast(dd->areq);
	struct asr_cipher_reqctx *rctx = skcipher_request_ctx(req);
	struct asr_te200_dev *te200_dd = dev_get_drvdata(dd->dev);
	struct asr_te200_ops *te200_ops = te200_dd->te200_ops;

	te200_ops->dev_get(te200_dd);

	asr_cipher_set_mode(dd, rctx);
	return asr_sca_cipher_process(dd, req, asr_complete);
}

static int asr_cipher_handle_queue(struct asr_te200_cipher *dd,
				  struct crypto_async_request *new_areq)
{
	struct crypto_async_request *areq, *backlog;
	struct asr_cipher_ctx *ctx;
	unsigned long flags;
	bool start_async;
	int err, ret = 0;

	spin_lock_irqsave(&dd->lock, flags);
	if (new_areq)
		ret = crypto_enqueue_request(&dd->queue, new_areq);
	if (dd->flags & FLAGS_BUSY) {
		spin_unlock_irqrestore(&dd->lock, flags);
		return ret;
	}

	backlog = crypto_get_backlog(&dd->queue);
	areq = crypto_dequeue_request(&dd->queue);
	if (areq) {
		dd->flags |= FLAGS_BUSY;
	}
	spin_unlock_irqrestore(&dd->lock, flags);
	if (!areq)
		return ret;

	if (backlog)
		backlog->complete(backlog, -EINPROGRESS);

	ctx = crypto_tfm_ctx(areq->tfm);
	dd->areq = areq;
	dd->ctx = ctx;
	start_async = (areq != new_areq);
	dd->is_async = start_async;

	/* WARNING: ctx->start() MAY change dd->is_async. */
	err = ctx->start(dd);
	return (start_async) ? ret : err;
}

static int asr_cipher(struct skcipher_request *req, unsigned long mode)
{
	int ret;
	struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(cipher);
	struct asr_cipher_reqctx *rctx;

	ctx->block_size = CIPHER_BLOCK_SIZE;
	rctx = skcipher_request_ctx(req);
	rctx->mode = mode;
	rctx->use_rkek = ctx->use_rkek;

	if (!(mode & FLAGS_ENCRYPT) && (req->src == req->dst)) {
		unsigned int ivsize = crypto_skcipher_ivsize(cipher);
		if (req->cryptlen >= ivsize) {
			scatterwalk_map_and_copy(rctx->lastc, req->src,
						 req->cryptlen - ivsize,
						 ivsize, 0);
		}
	}

	ret = asr_cipher_handle_queue(ctx->dd, &req->base);

	asr_cipher_put(ctx->dd);
	return ret;
}

static int asr_cipher_setkey(struct crypto_skcipher *cipher, const u8 *key,
			   unsigned int keylen)
{
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(cipher);
	struct asr_te200_cipher *dd = asr_cipher_local;
	
	ctx->dd = dd;
	ctx->use_rkek = false;

	if (keylen != AES_KEYSIZE_128 &&
		keylen != AES_KEYSIZE_192 &&
		keylen != AES_KEYSIZE_256) {
		crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
		return -EINVAL;
	}

	memcpy(ctx->key, key, keylen);
	ctx->keylen = keylen;

	return 0;
}

static int asr_cipher_set_hwkey(struct crypto_skcipher *cipher, const u8 *key,
			   unsigned int keylen)
{
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(cipher);
	struct asr_te200_cipher *dd = asr_cipher_local;
	
	ctx->dd = dd;
	if (!dd->rkek_burned)
		return -EPERM;

	ctx->use_rkek = true;

	if (keylen != AES_KEYSIZE_128 &&
		keylen != AES_KEYSIZE_192 &&
		keylen != AES_KEYSIZE_256) {
		crypto_skcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
		return -EINVAL;
	}

	memcpy(ctx->key, key, keylen);
	ctx->keylen = keylen;

	return 0;
}

static int asr_cipher_rkek_fused(struct asr_te200_cipher *dd)
{
#define GEU_FUSE_VAL_APCFG2					(0x0408)
#define GEU_SECURE_KEY_ACCESS_DISABLED		(1 << 29)

    uint32_t value;
	struct device_node *np;
	struct resource res;
	void __iomem *io_base;

	/* get geu node */
	np = of_find_compatible_node(NULL, NULL, "asr,asr-geu");
	if (!np) {
		dev_err(dd->dev, "can't find geu node to check rkek burned");
		return 0;
	}

	if (of_address_to_resource(np, 0, &res)) {
		dev_err(dd->dev, "can't find geu address");
		return 0;
	}

	io_base = ioremap(res.start, res.end - res.start);
	if (!io_base) {
		dev_err(dd->dev, "geu regs can't remap");
		return 0;
	}

	value = readl_relaxed(io_base + GEU_FUSE_VAL_APCFG2);
	if (value & GEU_SECURE_KEY_ACCESS_DISABLED) {
		iounmap(io_base);
		return 1;
	}

	iounmap(io_base);
	return 0;
}

static int asr_aes_ecb_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_ECB | FLAGS_ENCRYPT);
}

static int asr_aes_ecb_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_ECB);
}

static int asr_aes_cbc_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_CBC | FLAGS_ENCRYPT);
}

static int asr_aes_cbc_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_CBC);
}

static int asr_aes_ctr_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_CTR | FLAGS_ENCRYPT);
}

static int asr_aes_ctr_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_AES | FLAGS_CTR);
}

static int asr_sm4_ecb_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_ECB | FLAGS_ENCRYPT);
}

static int asr_sm4_ecb_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_ECB);
}

static int asr_sm4_cbc_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_CBC | FLAGS_ENCRYPT);
}

static int asr_sm4_cbc_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_CBC);
}

static int asr_sm4_ctr_encrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_CTR | FLAGS_ENCRYPT);
}

static int asr_sm4_ctr_decrypt(struct skcipher_request *req)
{
	return asr_cipher(req, FLAGS_SM4 | FLAGS_CTR);
}

static int asr_cipher_init(struct crypto_skcipher *tfm)
{
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);

	tfm->reqsize = sizeof(struct asr_cipher_reqctx);
	ctx->start = asr_cipher_start;

	return 0;
}

static int asr_cipher_hwkey_init(struct crypto_skcipher *tfm)
{
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);
	struct asr_te200_cipher *dd = asr_cipher_local;

	if (!dd->rkek_burned)
		return -EPERM;

	tfm->reqsize = sizeof(struct asr_cipher_reqctx);
	ctx->start = asr_cipher_start;

	return 0;
}

static void asr_cipher_exit(struct crypto_skcipher *tfm)
{
	struct asr_cipher_ctx *ctx = crypto_skcipher_ctx(tfm);

	memset(ctx, 0, sizeof(*ctx));
}

static struct skcipher_alg cipher_algs[] = {
	/* AES - ECB */
	{
		.base = {
			.cra_name = "ecb(aes)",
			.cra_driver_name = "asr-ecb-aes",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = AES_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_aes_ecb_encrypt,
		.decrypt = asr_aes_ecb_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
	},
	/* AES - CBC */
	{
		.base = {
			.cra_name = "cbc(aes)",
			.cra_driver_name = "asr-cbc-aes",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = AES_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_aes_cbc_encrypt,
		.decrypt = asr_aes_cbc_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
		.ivsize = AES_BLOCK_SIZE,
	},
	/* AES - CTR */
	{
		.base = {
			.cra_name = "ctr(aes)",
			.cra_driver_name = "asr-ctr-aes",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = AES_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_aes_ctr_encrypt,
		.decrypt = asr_aes_ctr_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
		.ivsize = AES_BLOCK_SIZE,
	},

	/* SM4 - ECB */
	{
		.base = {
			.cra_name = "ecb(sm4)",
			.cra_driver_name = "asr-ecb-sm4",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = SM4_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_sm4_ecb_encrypt,
		.decrypt = asr_sm4_ecb_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
	},
	/* SM4 - CBC */
	{
		.base = {
			.cra_name = "cbc(sm4)",
			.cra_driver_name = "asr-cbc-sm4",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = SM4_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_sm4_cbc_encrypt,
		.decrypt = asr_sm4_cbc_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
		.ivsize = SM4_BLOCK_SIZE,
	},
	/* SM4 - CTR */
	{
		.base = {
			.cra_name = "ctr(sm4)",
			.cra_driver_name = "asr-ctr-sm4",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = SM4_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_setkey,
		.encrypt = asr_sm4_ctr_encrypt,
		.decrypt = asr_sm4_ctr_decrypt,
		.init = asr_cipher_init,
		.exit = asr_cipher_exit,
		.ivsize = SM4_BLOCK_SIZE,
	},

	/* hardware key AES - ECB */
	{
		.base = {
			.cra_name = "ecb(aes-hwkey)",
			.cra_driver_name = "asr-ecb-aes",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = AES_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_set_hwkey,
		.encrypt = asr_aes_ecb_encrypt,
		.decrypt = asr_aes_ecb_decrypt,
		.init = asr_cipher_hwkey_init,
		.exit = asr_cipher_exit,
	},
	/* AES - CBC */
	{
		.base = {
			.cra_name = "cbc(aes-hwkey)",
			.cra_driver_name = "asr-cbc-aes",
			.cra_priority = 300,
			.cra_flags = CRYPTO_ALG_ASYNC,
			.cra_blocksize = AES_BLOCK_SIZE,
			.cra_ctxsize = sizeof(struct asr_cipher_ctx),
			.cra_alignmask = 0xf,
			.cra_module = THIS_MODULE,
		},
		.min_keysize = CIPHER_MIN_KEY_SIZE,
		.max_keysize = CIPHER_MAX_KEY_SIZE,
		.setkey = asr_cipher_set_hwkey,
		.encrypt = asr_aes_cbc_encrypt,
		.decrypt = asr_aes_cbc_decrypt,
		.init = asr_cipher_hwkey_init,
		.exit = asr_cipher_exit,
		.ivsize = AES_BLOCK_SIZE,
	},
};

static void asr_cipher_queue_task(unsigned long data)
{
	struct asr_te200_cipher *dd = (struct asr_te200_cipher *)data;

	asr_cipher_handle_queue(dd, NULL);
}

static void asr_cipher_done_task(unsigned long data)
{
	struct asr_te200_cipher *dd = (struct asr_te200_cipher *)data;

	dd->is_async = true;
	(void)dd->resume(dd);
}

int asr_te200_cipher_register(struct asr_te200_dev *te200_dd)
{
	int err, i, j;
	struct device_node *np = NULL;
	struct asr_te200_cipher *cipher_dd;

	cipher_dd = &te200_dd->asr_cipher;
	cipher_dd->dev = te200_dd->dev;
	cipher_dd->io_base = te200_dd->io_base;
	cipher_dd->phys_base = te200_dd->phys_base;

	np = cipher_dd->dev->of_node;


	cipher_dd->rkek_burned = asr_cipher_rkek_fused(cipher_dd);

	asr_cipher_local = cipher_dd;

	spin_lock_init(&cipher_dd->lock);
	mutex_init(&cipher_dd->cipher_lock);
	tasklet_init(&cipher_dd->done_task, asr_cipher_done_task,
					(unsigned long)cipher_dd);
	tasklet_init(&cipher_dd->queue_task, asr_cipher_queue_task,
					(unsigned long)cipher_dd);
	crypto_init_queue(&cipher_dd->queue, ASR_CIPHER_QUEUE_LENGTH);

	for (i = 0; i < ARRAY_SIZE(cipher_algs); i++) {
		err = crypto_register_skcipher(&cipher_algs[i]);
		if (err){
			for (j = 0; j < i; j++)
				crypto_unregister_skcipher(&cipher_algs[j]);
			return err;
		}
	}

	return 0;
}
EXPORT_SYMBOL_GPL(asr_te200_cipher_register);

int asr_te200_cipher_unregister(struct asr_te200_dev *te200_dd)
{
	int i;
	struct asr_te200_cipher *cipher_dd = &te200_dd->asr_cipher;

	for (i = 0; i < ARRAY_SIZE(cipher_algs); i++)
		crypto_unregister_skcipher(&cipher_algs[i]);

	tasklet_kill(&cipher_dd->done_task);
	tasklet_kill(&cipher_dd->queue_task);

	return 0;
}
EXPORT_SYMBOL_GPL(asr_te200_cipher_unregister);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("wangyonggan <yongganwang@asrmicro.com>");
MODULE_DESCRIPTION("ASR te200 cipher driver");