From nobody Fri Apr 17 21:54:37 2026 Received: from BN1PR04CU002.outbound.protection.outlook.com (mail-eastus2azon11010014.outbound.protection.outlook.com [52.101.56.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A930031D372; Fri, 13 Feb 2026 13:02:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.56.14 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987767; cv=fail; b=taoU1deD0ZH9/VMAfq/VWBYkfbaQ9YKEA4/qQcwZOhZnXwtl9zzaMs8zBUBvnTrfxI75kpYZs/0FSrpFXR5ZgEpHGQDp0FdHvpD1zqQ1rojDvcmssYPNgERVWc17U1ut/Au5jIyr2ar5aixjGzKkoymHKN/Zx2vLtJQ0/J8TidQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987767; c=relaxed/simple; bh=u0jPLuwEnxS0g/hrLdPD+NVY5iCOCZ+OdUExg+JSHKU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gOsSSgD6bv70odgv9OIpLhB4hLBZTfejUJV9gD4ZOXWypsBQ4dJenlXTIJ4fg4kZxItKdDf08MqLXgzBrIZi1bL+z7LpC2JH6jy9T2eib+4lQvLaU9zCmfpeWOcc2Qs+Ys9OSvtwMaDM8mCtptmGhT6OfeaM/zrsmZ+4faBantk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com; spf=pass smtp.mailfrom=ti.com; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b=bvSlrC4a; arc=fail smtp.client-ip=52.101.56.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ti.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b="bvSlrC4a" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QpXHQ5O51ambL/vxclGkP83L2nvdfSL4FCALY9h3BKRW/iUb1rwfTzTJDJfKgdqjUUGGXXaQavcFqoMLQCyQVIHxVokFcmbsUdJ1QLqhdX5xi+IzMsqPYT4O5kOX+xeEJQEmrKOWrkzMr3b2bvOWI4+P+ZMW0y48Okp7tpLFDvqqR6nIE75Gl4gXHSN9udorEd02F8asKLKLHasEuivSF6ifJDxGec9SqrA2Vs8zofLluUkMDIl67d2SPUmgdxlmTSYZwxu+PqMmZQGDDRMIXm7bR7tWfNyXRAOGI6mwUxHqqPW3GpDqTa0m084C7IYy+D+E881ybE8ggdovMzn4WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jE73LBprdJ4c3c7H0zSJkZWK0AImkhoZcNSbuyJjacg=; b=nNrDfu2GA7HYotd2voFtYO2koCP6Hii6jnt3YN0aYg9NQbk0ng7EVYYtD2lKuZ3p8vlrjLOd1YRkMk/XZBkK6Cg6MYJWHnzF2lRBYZXsAmwVxf+x4v9GJFHKJcDOntVCJi0a+csxTr/YzfZRLeFDkZ0aB/Sk4QQ3F1qfh7aPEiPg+VF7NbWEr8R0hGGGST1PfcyqKeglGBhU2Jlw0OsYw9pVMVtFBrkPtinI43MEaNWeSo++SZj4BpedjJUAYihPnIqr4Zgs6gLC5S3gcmSL6GXvLJe+FcSDklZAAPC4yv7BMXZyVi6Qit9k+4gieFuJpkICvpGWApUUgM+5TEeVdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 198.47.21.194) smtp.rcpttodomain=gondor.apana.org.au smtp.mailfrom=ti.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=ti.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jE73LBprdJ4c3c7H0zSJkZWK0AImkhoZcNSbuyJjacg=; b=bvSlrC4aAIIuIGOlTkkDWp/bfnhTWKS5rSNom4mpVddlnCKgX6mo1aHHGjwHsQuB/Q5SuAgcohr/6QjEk0Atv06nes7+HX+sluY1Fy3KXMoWOU367kXouYK4nWQsQMp488yIrUB5XXIOSEG6FdNJ+Gdks2MLVVo75/sPRvWZ28Y= Received: from BN9PR03CA0355.namprd03.prod.outlook.com (2603:10b6:408:f6::30) by CH2PR10MB4296.namprd10.prod.outlook.com (2603:10b6:610:7a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.13; Fri, 13 Feb 2026 13:02:43 +0000 Received: from BN2PEPF00004FC0.namprd04.prod.outlook.com (2603:10b6:408:f6:cafe::ca) by BN9PR03CA0355.outlook.office365.com (2603:10b6:408:f6::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9611.13 via Frontend Transport; Fri, 13 Feb 2026 13:02:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 198.47.21.194) smtp.mailfrom=ti.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ti.com; Received-SPF: Pass (protection.outlook.com: domain of ti.com designates 198.47.21.194 as permitted sender) receiver=protection.outlook.com; client-ip=198.47.21.194; helo=flwvzet200.ext.ti.com; pr=C Received: from flwvzet200.ext.ti.com (198.47.21.194) by BN2PEPF00004FC0.mail.protection.outlook.com (10.167.243.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.8 via Frontend Transport; Fri, 13 Feb 2026 13:02:41 +0000 Received: from DFLE201.ent.ti.com (10.64.6.59) by flwvzet200.ext.ti.com (10.248.192.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:37 -0600 Received: from DFLE215.ent.ti.com (10.64.6.73) by DFLE201.ent.ti.com (10.64.6.59) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:37 -0600 Received: from lelvem-mr06.itg.ti.com (10.180.75.8) by DFLE215.ent.ti.com (10.64.6.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Fri, 13 Feb 2026 07:02:37 -0600 Received: from pratham-Workstation-PC (pratham-workstation-pc.dhcp.ti.com [10.24.69.191]) by lelvem-mr06.itg.ti.com (8.18.1/8.18.1) with ESMTP id 61DD2Z7E781789; Fri, 13 Feb 2026 07:02:36 -0600 From: T Pratham To: T Pratham , Herbert Xu , "David S. Miller" CC: Manorit Chawdhry , Kamlesh Gurudasani , Shiva Tripathi , Kavitha Malarvizhi , Vishal Mahaveer , Praneeth Bajjuri , , Subject: [PATCH v9 1/3] crypto: ti - Add support for AES-CTR in DTHEv2 driver Date: Fri, 13 Feb 2026 18:32:05 +0530 Message-ID: <20260213130207.209336-2-t-pratham@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260213130207.209336-1-t-pratham@ti.com> References: <20260213130207.209336-1-t-pratham@ti.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-C2ProcessedOrg: 333ef613-75bf-4e12-a4b1-8e3623f5dcea X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FC0:EE_|CH2PR10MB4296:EE_ X-MS-Office365-Filtering-Correlation-Id: 37370b3c-4827-4e84-6a75-08de6b002c4b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?fEp3pmtSbxnHT7KiK1eoOTsjY72FOXkPwFjfglmRFFTzECSLWTgGdLLGwXAQ?= =?us-ascii?Q?oykI/etDXXNcSJ8NVLp6SdRlxgU5ft9Sq24P6yOQjPyF30ufV28lq1D+Objz?= =?us-ascii?Q?8mw6UY5ygG/l54zDzgk2JUD1qj40fSs+ae4eelt2T9kHCWDM33lr6YQ7D7Ah?= =?us-ascii?Q?efEU4Ynz5BK1Uy3V6CjclNTAupw0rwOr6duSVOQC2r+6fAPLGaEXjx0DCYAT?= =?us-ascii?Q?0LUm9iJnZ1ZvB3tjqrd5D5inNXGqIjYRYlxJpKyybYfh6ubp4m9AqDl6Ry49?= =?us-ascii?Q?lgATuhNk/IDmTrm3q6goYiLbt0wewfX3JbdAdYDIDO8dQxmvwwns4tkPVPFQ?= =?us-ascii?Q?uUF8xmUufGbCP5a1XDohgNcnOPna00qNDVhH7Gp8VSpHjjVJ+umwfQEyqHyo?= =?us-ascii?Q?5648TCUCPkJs/ehMWxC37f/YWN3h6GtDDoK9GjoSCdssqYwZThZ1tsN8sjwa?= =?us-ascii?Q?6opBcSzlExhXmX99AvUqVYrf+Jt4rQQgQb7HV1+dBOlEG2ACmf8E688SujTF?= =?us-ascii?Q?jM7tZsE34U8H0nbyxfRoOgokze1RI60oTcippBS2g8Gp1NU7NDDuKQXxv4pR?= =?us-ascii?Q?jBGtYzq5cIdyAKHGOOScFoAaVwqtlGFzuGgemqXOFYOzvubFCrU/07Dd11Tu?= =?us-ascii?Q?wEaegeQ4zDP661ikLP7pCnKU3LBWvlMg7Mu8ZZJIHAb93bmPits0ayi8NnSW?= =?us-ascii?Q?qSK9akCZB34Voij3YDsHdUXGmJmVCO9l2abBv7ECGtpxSA/GMHq3Ht8GZiPO?= =?us-ascii?Q?CpLlTjCHIiS/RyEUbp9cPYgu9IwKaHmPInZO0Y2oR/PFS/baUWCbnbeayEpJ?= =?us-ascii?Q?eaOyv3E3hg3eWNxDvxMj4kSqfzPAq5ezatQmYNZNDgNYWhUvjxnYBdhn3pMh?= =?us-ascii?Q?8F0dTtANHBPl8CKd4dk8onWBPV3V3i8S8CrBp8nGrx/Nu2d/V9Yl5mxzLskt?= =?us-ascii?Q?w3jcS4tT9HUw+CvNdMhGZufdYwGnTO60BDPOUCc98w5dfo6ssa5xEJTOQ3jp?= =?us-ascii?Q?IRaQ7hkWxQFJ950S5yZaMc98bUkuQKe8eKukGwZahiu5eqg8cdsA+/SeJvON?= =?us-ascii?Q?SWwjIi0sokCu7arDV6sra8OGEDpw3HctjdiQVS1VFpfT9pceQIOpB5AVk8Ql?= =?us-ascii?Q?Fzjf+UqEIdf3f1inutIMy+jh0v9fMB/3tlyEDUljFMlMAgGFeqG6GSmEoIEr?= =?us-ascii?Q?/geJIVWxeZTpUaTI/nskvCj7oUbw8JoeEkPvPlVVaFytPVpSDTPhNDjtZnrh?= =?us-ascii?Q?b89D15Ciz9dvwkED4/9YReFMTCAVQmQBN4tDnbRgNv702gpDyiTtq8Lq+l0j?= =?us-ascii?Q?4jz/F6uDg7NFQbaG8AfVqXUYDey2ncpWDw4ldMNZvejZ5pigr6CC18neDyoo?= =?us-ascii?Q?ZWtPJMrrgpG8j0c/TDcDCGPL2eAD7QUANeVXf5A6OW69kzExTEfmThyV8hNy?= =?us-ascii?Q?+5eU3l3bdUBq8d180fY+eGumdg3GVX+AJQ545kRA+FkSGk9PPyInk0aMQ/T3?= =?us-ascii?Q?vv8qbYOplZedh//ufvFMi0sSoQOHTIH+hwfaGy5N3ozelzQf63ljTvEItNtj?= =?us-ascii?Q?Hd9Cu/ojsXmuX49AhR1i0u/hf2lUl2fkSphoulKKXWb+QsCMCL0f3ZPeO+XN?= =?us-ascii?Q?WE5DrKTGuIq5DXHFE3v0+6iApOlagEq2VOLz/X9qLeuVHEP2tHBs22ohJCNh?= =?us-ascii?Q?EPY3bg=3D=3D?= X-Forefront-Antispam-Report: CIP:198.47.21.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:flwvzet200.ext.ti.com;PTR:ErrorRetry;CAT:NONE;SFS:(13230040)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6o5GozLKgEOCGJdYmjr+0rwRTD1NmF3irETPRYaJ/inktOFAp2ixOqtwxYuBLH405Z0vK/sEt87GFRJLpuLEaHbnJaibvhtG2D5FSCDLn6Rgrwg3MA5vbuFiLBzt/2d8lpWlFEDSkdDd3g2pLQUmJS2GQHN3jP46Y0p8335K6VU3N2E98wVy7hybdYWIOP7GyG3+E5UkO8WmOsk1cLzSSbRFcA/bKQwYvT74AppfGu5eixALRW4JGkrl9cpvzVCJfwycTQKlC7aRRWz0h8AB+SZtphGuKhjw8xDw+pLIPHDyUTVPhEs9YC23r0w70L0gaez7uoD7r/hUlQhDu0NY/v68EsDv0d43DYiO0pUCDB461BYpS9iW2Q3OHlWEUMO1A66FPUjMl70bkQ93joBW3zxdM9MFi8Z5HlC272U8yZbXwahy2uBkXYolT2sWfCVH X-OriginatorOrg: ti.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2026 13:02:41.9384 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 37370b3c-4827-4e84-6a75-08de6b002c4b X-MS-Exchange-CrossTenant-Id: e5b49634-450b-4709-8abb-1e2b19b982b7 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e5b49634-450b-4709-8abb-1e2b19b982b7;Ip=[198.47.21.194];Helo=[flwvzet200.ext.ti.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FC0.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR10MB4296 Content-Type: text/plain; charset="utf-8" Add support for CTR mode of operation for AES algorithm in the AES Engine of the DTHEv2 hardware cryptographic engine. Signed-off-by: T Pratham --- drivers/crypto/ti/Kconfig | 1 + drivers/crypto/ti/dthev2-aes.c | 173 ++++++++++++++++++++++++------ drivers/crypto/ti/dthev2-common.h | 3 + 3 files changed, 147 insertions(+), 30 deletions(-) diff --git a/drivers/crypto/ti/Kconfig b/drivers/crypto/ti/Kconfig index a3692ceec49bc..6027e12de279d 100644 --- a/drivers/crypto/ti/Kconfig +++ b/drivers/crypto/ti/Kconfig @@ -6,6 +6,7 @@ config CRYPTO_DEV_TI_DTHEV2 select CRYPTO_SKCIPHER select CRYPTO_ECB select CRYPTO_CBC + select CRYPTO_CTR select CRYPTO_XTS help This enables support for the TI DTHE V2 hw cryptography engine diff --git a/drivers/crypto/ti/dthev2-aes.c b/drivers/crypto/ti/dthev2-aes.c index 156729ccc50ec..bf7d4dcb4cd7d 100644 --- a/drivers/crypto/ti/dthev2-aes.c +++ b/drivers/crypto/ti/dthev2-aes.c @@ -63,6 +63,7 @@ enum aes_ctrl_mode_masks { AES_CTRL_ECB_MASK =3D 0x00, AES_CTRL_CBC_MASK =3D BIT(5), + AES_CTRL_CTR_MASK =3D BIT(6), AES_CTRL_XTS_MASK =3D BIT(12) | BIT(11), }; =20 @@ -74,6 +75,8 @@ enum aes_ctrl_mode_masks { #define DTHE_AES_CTRL_KEYSIZE_24B BIT(4) #define DTHE_AES_CTRL_KEYSIZE_32B (BIT(3) | BIT(4)) =20 +#define DTHE_AES_CTRL_CTR_WIDTH_128B (BIT(7) | BIT(8)) + #define DTHE_AES_CTRL_SAVE_CTX_SET BIT(29) =20 #define DTHE_AES_CTRL_OUTPUT_READY BIT_MASK(0) @@ -100,25 +103,27 @@ static int dthe_cipher_init_tfm(struct crypto_skciphe= r *tfm) return 0; } =20 -static int dthe_cipher_xts_init_tfm(struct crypto_skcipher *tfm) +static int dthe_cipher_init_tfm_fallback(struct crypto_skcipher *tfm) { struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(tfm); struct dthe_data *dev_data =3D dthe_get_dev(ctx); + const char *alg_name =3D crypto_tfm_alg_name(crypto_skcipher_tfm(tfm)); =20 ctx->dev_data =3D dev_data; ctx->keylen =3D 0; =20 - ctx->skcipher_fb =3D crypto_alloc_sync_skcipher("xts(aes)", 0, + ctx->skcipher_fb =3D crypto_alloc_sync_skcipher(alg_name, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(ctx->skcipher_fb)) { - dev_err(dev_data->dev, "fallback driver xts(aes) couldn't be loaded\n"); + dev_err(dev_data->dev, "fallback driver %s couldn't be loaded\n", + alg_name); return PTR_ERR(ctx->skcipher_fb); } =20 return 0; } =20 -static void dthe_cipher_xts_exit_tfm(struct crypto_skcipher *tfm) +static void dthe_cipher_exit_tfm(struct crypto_skcipher *tfm) { struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(tfm); =20 @@ -156,6 +161,24 @@ static int dthe_aes_cbc_setkey(struct crypto_skcipher = *tfm, const u8 *key, unsig return dthe_aes_setkey(tfm, key, keylen); } =20 +static int dthe_aes_ctr_setkey(struct crypto_skcipher *tfm, const u8 *key,= unsigned int keylen) +{ + struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(tfm); + int ret =3D dthe_aes_setkey(tfm, key, keylen); + + if (ret) + return ret; + + ctx->aes_mode =3D DTHE_AES_CTR; + + crypto_sync_skcipher_clear_flags(ctx->skcipher_fb, CRYPTO_TFM_REQ_MASK); + crypto_sync_skcipher_set_flags(ctx->skcipher_fb, + crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + + return crypto_sync_skcipher_setkey(ctx->skcipher_fb, key, keylen); +} + static int dthe_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,= unsigned int keylen) { struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(tfm); @@ -171,8 +194,8 @@ static int dthe_aes_xts_setkey(struct crypto_skcipher *= tfm, const u8 *key, unsig =20 crypto_sync_skcipher_clear_flags(ctx->skcipher_fb, CRYPTO_TFM_REQ_MASK); crypto_sync_skcipher_set_flags(ctx->skcipher_fb, - crypto_skcipher_get_flags(tfm) & - CRYPTO_TFM_REQ_MASK); + crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); =20 return crypto_sync_skcipher_setkey(ctx->skcipher_fb, key, keylen); } @@ -236,6 +259,10 @@ static void dthe_aes_set_ctrl_key(struct dthe_tfm_ctx = *ctx, case DTHE_AES_CBC: ctrl_val |=3D AES_CTRL_CBC_MASK; break; + case DTHE_AES_CTR: + ctrl_val |=3D AES_CTRL_CTR_MASK; + ctrl_val |=3D DTHE_AES_CTRL_CTR_WIDTH_128B; + break; case DTHE_AES_XTS: ctrl_val |=3D AES_CTRL_XTS_MASK; break; @@ -251,6 +278,22 @@ static void dthe_aes_set_ctrl_key(struct dthe_tfm_ctx = *ctx, writel_relaxed(ctrl_val, aes_base_reg + DTHE_P_AES_CTRL); } =20 +static int dthe_aes_do_fallback(struct skcipher_request *req) +{ + struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(crypto_skcipher_reqtfm(r= eq)); + struct dthe_aes_req_ctx *rctx =3D skcipher_request_ctx(req); + + SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->skcipher_fb); + + skcipher_request_set_callback(subreq, skcipher_request_flags(req), + req->base.complete, req->base.data); + skcipher_request_set_crypt(subreq, req->src, req->dst, + req->cryptlen, req->iv); + + return rctx->enc ? crypto_skcipher_encrypt(subreq) : + crypto_skcipher_decrypt(subreq); +} + static void dthe_aes_dma_in_callback(void *data) { struct skcipher_request *req =3D (struct skcipher_request *)data; @@ -271,7 +314,7 @@ static int dthe_aes_run(struct crypto_engine *engine, v= oid *areq) struct scatterlist *dst =3D req->dst; =20 int src_nents =3D sg_nents_for_len(src, len); - int dst_nents; + int dst_nents =3D sg_nents_for_len(dst, len); =20 int src_mapped_nents; int dst_mapped_nents; @@ -305,25 +348,62 @@ static int dthe_aes_run(struct crypto_engine *engine,= void *areq) dst_dir =3D DMA_FROM_DEVICE; } =20 + /* + * CTR mode can operate on any input length, but the hardware + * requires input length to be a multiple of the block size. + * We need to handle the padding in the driver. + */ + if (ctx->aes_mode =3D=3D DTHE_AES_CTR && req->cryptlen % AES_BLOCK_SIZE) { + unsigned int pad_size =3D AES_BLOCK_SIZE - (req->cryptlen % AES_BLOCK_SI= ZE); + u8 *pad_buf =3D rctx->padding; + struct scatterlist *sg; + + len +=3D pad_size; + src_nents++; + dst_nents++; + + src =3D kmalloc_array(src_nents, sizeof(*src), GFP_ATOMIC); + if (!src) { + ret =3D -ENOMEM; + goto aes_ctr_src_alloc_err; + } + + sg_init_table(src, src_nents); + sg =3D dthe_copy_sg(src, req->src, req->cryptlen); + memzero_explicit(pad_buf, AES_BLOCK_SIZE); + sg_set_buf(sg, pad_buf, pad_size); + + if (diff_dst) { + dst =3D kmalloc_array(dst_nents, sizeof(*dst), GFP_ATOMIC); + if (!dst) { + ret =3D -ENOMEM; + goto aes_ctr_dst_alloc_err; + } + + sg_init_table(dst, dst_nents); + sg =3D dthe_copy_sg(dst, req->dst, req->cryptlen); + sg_set_buf(sg, pad_buf, pad_size); + } else { + dst =3D src; + } + } + tx_dev =3D dmaengine_get_dma_device(dev_data->dma_aes_tx); rx_dev =3D dmaengine_get_dma_device(dev_data->dma_aes_rx); =20 src_mapped_nents =3D dma_map_sg(tx_dev, src, src_nents, src_dir); if (src_mapped_nents =3D=3D 0) { ret =3D -EINVAL; - goto aes_err; + goto aes_map_src_err; } =20 if (!diff_dst) { - dst_nents =3D src_nents; dst_mapped_nents =3D src_mapped_nents; } else { - dst_nents =3D sg_nents_for_len(dst, len); dst_mapped_nents =3D dma_map_sg(rx_dev, dst, dst_nents, dst_dir); if (dst_mapped_nents =3D=3D 0) { - dma_unmap_sg(tx_dev, src, src_nents, src_dir); ret =3D -EINVAL; - goto aes_err; + goto aes_map_dst_err; } } =20 @@ -353,8 +433,8 @@ static int dthe_aes_run(struct crypto_engine *engine, v= oid *areq) else dthe_aes_set_ctrl_key(ctx, rctx, (u32 *)req->iv); =20 - writel_relaxed(lower_32_bits(req->cryptlen), aes_base_reg + DTHE_P_AES_C_= LENGTH_0); - writel_relaxed(upper_32_bits(req->cryptlen), aes_base_reg + DTHE_P_AES_C_= LENGTH_1); + writel_relaxed(lower_32_bits(len), aes_base_reg + DTHE_P_AES_C_LENGTH_0); + writel_relaxed(upper_32_bits(len), aes_base_reg + DTHE_P_AES_C_LENGTH_1); =20 dmaengine_submit(desc_in); dmaengine_submit(desc_out); @@ -386,11 +466,26 @@ static int dthe_aes_run(struct crypto_engine *engine,= void *areq) } =20 aes_prep_err: - dma_unmap_sg(tx_dev, src, src_nents, src_dir); if (dst_dir !=3D DMA_BIDIRECTIONAL) dma_unmap_sg(rx_dev, dst, dst_nents, dst_dir); +aes_map_dst_err: + dma_unmap_sg(tx_dev, src, src_nents, src_dir); + +aes_map_src_err: + if (ctx->aes_mode =3D=3D DTHE_AES_CTR && req->cryptlen % AES_BLOCK_SIZE) { + memzero_explicit(rctx->padding, AES_BLOCK_SIZE); + if (diff_dst) + kfree(dst); +aes_ctr_dst_alloc_err: + kfree(src); +aes_ctr_src_alloc_err: + /* + * Fallback to software if ENOMEM + */ + if (ret =3D=3D -ENOMEM) + ret =3D dthe_aes_do_fallback(req); + } =20 -aes_err: local_bh_disable(); crypto_finalize_skcipher_request(dev_data->engine, req, ret); local_bh_enable(); @@ -400,7 +495,6 @@ static int dthe_aes_run(struct crypto_engine *engine, v= oid *areq) static int dthe_aes_crypt(struct skcipher_request *req) { struct dthe_tfm_ctx *ctx =3D crypto_skcipher_ctx(crypto_skcipher_reqtfm(r= eq)); - struct dthe_aes_req_ctx *rctx =3D skcipher_request_ctx(req); struct dthe_data *dev_data =3D dthe_get_dev(ctx); struct crypto_engine *engine; =20 @@ -408,20 +502,14 @@ static int dthe_aes_crypt(struct skcipher_request *re= q) * If data is not a multiple of AES_BLOCK_SIZE: * - need to return -EINVAL for ECB, CBC as they are block ciphers * - need to fallback to software as H/W doesn't support Ciphertext Steal= ing for XTS + * - do nothing for CTR */ if (req->cryptlen % AES_BLOCK_SIZE) { - if (ctx->aes_mode =3D=3D DTHE_AES_XTS) { - SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, ctx->skcipher_fb); - - skcipher_request_set_callback(subreq, skcipher_request_flags(req), - req->base.complete, req->base.data); - skcipher_request_set_crypt(subreq, req->src, req->dst, - req->cryptlen, req->iv); + if (ctx->aes_mode =3D=3D DTHE_AES_XTS) + return dthe_aes_do_fallback(req); =20 - return rctx->enc ? crypto_skcipher_encrypt(subreq) : - crypto_skcipher_decrypt(subreq); - } - return -EINVAL; + if (ctx->aes_mode !=3D DTHE_AES_CTR) + return -EINVAL; } =20 /* @@ -501,8 +589,33 @@ static struct skcipher_engine_alg cipher_algs[] =3D { .op.do_one_request =3D dthe_aes_run, }, /* CBC AES */ { - .base.init =3D dthe_cipher_xts_init_tfm, - .base.exit =3D dthe_cipher_xts_exit_tfm, + .base.init =3D dthe_cipher_init_tfm_fallback, + .base.exit =3D dthe_cipher_exit_tfm, + .base.setkey =3D dthe_aes_ctr_setkey, + .base.encrypt =3D dthe_aes_encrypt, + .base.decrypt =3D dthe_aes_decrypt, + .base.min_keysize =3D AES_MIN_KEY_SIZE, + .base.max_keysize =3D AES_MAX_KEY_SIZE, + .base.ivsize =3D AES_IV_SIZE, + .base.chunksize =3D AES_BLOCK_SIZE, + .base.base =3D { + .cra_name =3D "ctr(aes)", + .cra_driver_name =3D "ctr-aes-dthev2", + .cra_priority =3D 299, + .cra_flags =3D CRYPTO_ALG_TYPE_SKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize =3D 1, + .cra_ctxsize =3D sizeof(struct dthe_tfm_ctx), + .cra_reqsize =3D sizeof(struct dthe_aes_req_ctx), + .cra_module =3D THIS_MODULE, + }, + .op.do_one_request =3D dthe_aes_run, + }, /* CTR AES */ + { + .base.init =3D dthe_cipher_init_tfm_fallback, + .base.exit =3D dthe_cipher_exit_tfm, .base.setkey =3D dthe_aes_xts_setkey, .base.encrypt =3D dthe_aes_encrypt, .base.decrypt =3D dthe_aes_decrypt, diff --git a/drivers/crypto/ti/dthev2-common.h b/drivers/crypto/ti/dthev2-c= ommon.h index c7a06a4c353ff..efbcbbb741a14 100644 --- a/drivers/crypto/ti/dthev2-common.h +++ b/drivers/crypto/ti/dthev2-common.h @@ -36,6 +36,7 @@ enum dthe_aes_mode { DTHE_AES_ECB =3D 0, DTHE_AES_CBC, + DTHE_AES_CTR, DTHE_AES_XTS, }; =20 @@ -92,10 +93,12 @@ struct dthe_tfm_ctx { /** * struct dthe_aes_req_ctx - AES engine req ctx struct * @enc: flag indicating encryption or decryption operation + * @padding: padding buffer for handling unaligned data * @aes_compl: Completion variable for use in manual completion in case of= DMA callback failure */ struct dthe_aes_req_ctx { int enc; + u8 padding[AES_BLOCK_SIZE]; struct completion aes_compl; }; =20 --=20 2.34.1 From nobody Fri Apr 17 21:54:37 2026 Received: from SN4PR0501CU005.outbound.protection.outlook.com (mail-southcentralusazon11011059.outbound.protection.outlook.com [40.93.194.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4B6C2DC76F; Fri, 13 Feb 2026 13:02:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.93.194.59 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987771; cv=fail; b=UINPlKy6n0fMyVnVx5az9FsHL0mzUvR9VUMQKv+xzpoHySVifD8EzSWNwycQAHE+KekWC2GarR3bv2EcrAWblnxgr0LtlLOIcnZmBT4Ms8euZOQ7dSiFj3QiPdVWiO1he6rk1dC8xE7O2Q+d5WxHEIO1t2T0MmayxNPteiEMML0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987771; c=relaxed/simple; bh=rG6nn0UTEYCIAuwn1FLsveK/GwsqxaPLZswt7mUSI+g=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oT+rxzoQVtZeSnIPWnGXfhAXKL+WwuGrL7bOFbB7zVepr0OkfJtt7Pb4PNIa3powkiRchS6+54vEAMFY0ID9qIvmhg3cVP+wY/0+5DJAyznPaOt2BFSkMjEUyLgyakjwiq6/y+CROUfhbvtd0NXNXTK2F4Ef/W13h7l4cpd6vWU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com; spf=pass smtp.mailfrom=ti.com; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b=vwOME1Mv; arc=fail smtp.client-ip=40.93.194.59 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ti.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b="vwOME1Mv" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Wuu0K1PUzS0uxP4vct/DvPD9A4bGDBJcS3XoFyOccmSqHO8/Pd9Kk0F2ppviCsdvxuChJZq4fPHkFUjvYq/WlIjNhw5QLcn4BCPzj/2nynA0qIhDBZo9z6VLDl0YSXuZl8RXra0jYhdHLSi45XBoRt/7sJdP7DvwDNwLeA5/xHW/0iGUe9euPqYyYmDguxKPTB7MqR1d+wcA3cVMMtgMcHTCn5PGpfgRmToK0/CWninLCaY0uEb9CSbg6AZwPu94Aogx4au1ypIxdxk/Ocq0vom9b3RmnpRbq4ulyL+zgK3hFmbadFxwEIaB8D32UAYPz2+6H8XvCleNl852Td/+ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=widC28vyrQt7e7l/vcQO20qPGVctIH7Fw6dJTOSiBqM=; b=VGpkonqgHDPAVfJs3kC5pP3s3yrBNToIaJpt44a6O+d5m8WLJOf2t2H9F39lWREYYS1VCXC0RWBqMFLuJgsJpVfjIK5e6l4dlsiyAQJepAVIYvIH5JBTDioIyNG+1tSG4aa+IHBdso8tBoBuoaliHSFOjGY4uWwc1Rhj3fybsHcUOKj4JcxDFJsSyvFu8NINJl6K1Cp9mvUdkU37xJ8B6SWUHUngLPW21bMUJX5RrFpVE8mKwqjycDS1yXVxnhRJMgc76H0Q249fICmjB72HAoOd8cf50xscVHD/iaePZB4znV0zJ8AIgInpvhOkaNzsRtlJbArWpF0MZ20g5jVdww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 198.47.21.194) smtp.rcpttodomain=gondor.apana.org.au smtp.mailfrom=ti.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=ti.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=widC28vyrQt7e7l/vcQO20qPGVctIH7Fw6dJTOSiBqM=; b=vwOME1Mvvog3yUQsnUpsMHzJna46RqOFNl1NoffWB7iSRH0sFtpptAuZcDSpn4hiyxyaA8y37D2s2vasZhbwhOmThk/rksAAnaAzPfOytEarU7hlOXVhTUdagRRo6iXRKoSJ7QSaQTkL1yWlJJ8GcVZh7uRIqc7i0NY7zQssAoU= Received: from BN9P222CA0024.NAMP222.PROD.OUTLOOK.COM (2603:10b6:408:10c::29) by CYYPR10MB7567.namprd10.prod.outlook.com (2603:10b6:930:be::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.13; Fri, 13 Feb 2026 13:02:47 +0000 Received: from BN2PEPF00004FBF.namprd04.prod.outlook.com (2603:10b6:408:10c:cafe::5c) by BN9P222CA0024.outlook.office365.com (2603:10b6:408:10c::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9611.13 via Frontend Transport; Fri, 13 Feb 2026 13:02:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 198.47.21.194) smtp.mailfrom=ti.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ti.com; Received-SPF: Pass (protection.outlook.com: domain of ti.com designates 198.47.21.194 as permitted sender) receiver=protection.outlook.com; client-ip=198.47.21.194; helo=flwvzet200.ext.ti.com; pr=C Received: from flwvzet200.ext.ti.com (198.47.21.194) by BN2PEPF00004FBF.mail.protection.outlook.com (10.167.243.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.8 via Frontend Transport; Fri, 13 Feb 2026 13:02:45 +0000 Received: from DFLE208.ent.ti.com (10.64.6.66) by flwvzet200.ext.ti.com (10.248.192.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:44 -0600 Received: from DFLE204.ent.ti.com (10.64.6.62) by DFLE208.ent.ti.com (10.64.6.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:43 -0600 Received: from lelvem-mr05.itg.ti.com (10.180.75.9) by DFLE204.ent.ti.com (10.64.6.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Fri, 13 Feb 2026 07:02:43 -0600 Received: from pratham-Workstation-PC (pratham-workstation-pc.dhcp.ti.com [10.24.69.191]) by lelvem-mr05.itg.ti.com (8.18.1/8.18.1) with ESMTP id 61DD2ggG1230184; Fri, 13 Feb 2026 07:02:43 -0600 From: T Pratham To: T Pratham , Herbert Xu , "David S. Miller" CC: Manorit Chawdhry , Kamlesh Gurudasani , Shiva Tripathi , Kavitha Malarvizhi , Vishal Mahaveer , Praneeth Bajjuri , , Subject: [PATCH v9 2/3] crypto: ti - Add support for AES-GCM in DTHEv2 driver Date: Fri, 13 Feb 2026 18:32:06 +0530 Message-ID: <20260213130207.209336-3-t-pratham@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260213130207.209336-1-t-pratham@ti.com> References: <20260213130207.209336-1-t-pratham@ti.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-C2ProcessedOrg: 333ef613-75bf-4e12-a4b1-8e3623f5dcea X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBF:EE_|CYYPR10MB7567:EE_ X-MS-Office365-Filtering-Correlation-Id: 9c93c2a2-212b-4dae-d8e6-08de6b002e95 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?oMPyVIXrp6Rw0RCQCxy0B3s9HD4n/zbFutt2jk9dnFYnbncqjODJ3f8Svqst?= =?us-ascii?Q?sZZaEOA7hJAO26QvVxz4oObnr7Ffm8WnGjRyKxC8dMaG8y92UfqhNW+QKaO+?= =?us-ascii?Q?/seh08ctlvLGV2Pi1Mp6uAAe14/K22pDBuiuDmA1S+u80DtOytST1pRBt23e?= =?us-ascii?Q?qOPQiZ8rtRt2fC1kNNpZVcF3e4Jg6MVvxJva5TI1I8Seemw7wdfZZuYoolse?= =?us-ascii?Q?mWTMRch2pjHd5DN44qHmIcq4GVvSisM5MqeqpK1dZJCXaZY1KtudI/+YX6Aq?= =?us-ascii?Q?tTBvTzRanRdXIH451csh5iNvuoln1/R+Z0zVNHAYhoYj0yhNGu6dBfWsds9N?= =?us-ascii?Q?7JTZdXo/2KhRfLa33iInV6LzSi48I2WZNNDyIlkz0i421oZovsNhjvdby4ij?= =?us-ascii?Q?4vgkN2zoxqkqODaA1wXVUwmhIpkQ1g03GxFLysaCZ/nPNOsdybc/VyMY1P/9?= =?us-ascii?Q?hEm4Jmz0puXEp8bgsDy5KkKmCw40TH0maLcMiAOqhn2Hj2ZoZMo4fUPJ223x?= =?us-ascii?Q?3JMVxookXHTgmMedW/jjPrGubWIeMpO67zrHBuoi0zSTNZ1wZozqhbWBbfm4?= =?us-ascii?Q?6IZHQZmyYpU2fEHON3WnQAoPkwwtlhsK+VKrDgUCDL7KYLJ3qS6zrBwUFa6O?= =?us-ascii?Q?bUIvfniEFpmcq+zUiRc+Ojj2Y3PShUZaaB+8ASRnRdJEmw7V70YiUw7mmyEN?= =?us-ascii?Q?jnM+hF+q9ANFPaM40JLo1oUr+xt6ns+3dZhhAYINqaAWZtMnAtB3uWLudXpF?= =?us-ascii?Q?pGcBeo7MlBl0BiUrYwmkj/H2lq/UE7nfhVO+rune4W/IxHd6fqzORN87iLRZ?= =?us-ascii?Q?iH32j54ejvJP+6ygoLNiTAIuPkI7G+vF49G7YbbZ35EJSoM4yh3puDoNOU76?= =?us-ascii?Q?sqSDhuH7R/Seg8KXnEvFekWwOslL2WQdXa6DntCdIu8LNxx0Hx7a1eXFpC9k?= =?us-ascii?Q?Qr6o2weE/mLi/hiiYpe/4VlWK+oNUOxD5jVjYPrQFNgN7XoZaNGqftZs5An0?= =?us-ascii?Q?3fP/qw8Qqe7PWR2T9JMBHK+ddkr/hBWH6U0vhIlJxh2K7JZ88kFW9kYHqhzU?= =?us-ascii?Q?I8C2rjQxoV24KUC7mINLOqTbCB1DgKP4Y/gSJ2hiUCiHoRjphyhxAVC7J1OP?= =?us-ascii?Q?X8cnK4SyzYSpyDJktTt+s/s8Jy1Ii54yqaCQFsrOdniBvE1kZwOj8JETPwnJ?= =?us-ascii?Q?4YZloLGfnYiTl7mZ9DBwGJfUoaJ2Wkb+m1eydBaDMbo17lmG02fR4CUUnGy4?= =?us-ascii?Q?Gb6gx9U1W+B0yv3IuTMnD/47sqBwYFzT5P3+pHzfb+unLUPu3g0jSNiDQqd7?= =?us-ascii?Q?+QrRPhySsQpPiv0sIdaJOUQrhs4MIeq0hiu4fU8g7c6V2MePNytkWj7O7oNa?= =?us-ascii?Q?Ol1Z4rlE9vsGotcw9MtlHTyVTgejlEyzvyGPZwu01aQlZXv6AGveiPQmtBiQ?= =?us-ascii?Q?YwSIMFgzJ3CG4xQg7SwXMDQXcL9St1u66qlswosVFSFnj4GTkz47F9m6D2e+?= =?us-ascii?Q?EFJJpE3YhnBeLj57oupJA7Z3dAlFkkbnhqCzm/PWPgvAXlrbfYdr+Ne2yiHo?= =?us-ascii?Q?iy/0Cb+GunPTY+fv1UVpji/RXZcQv/vrQxaoOtAtTR8IsjRzCB00syJJ+kRZ?= =?us-ascii?Q?iSkTG8v4eB44j0lL8fCgitm6l5HBZZuOKy9wkCeeOkyqAgvjNXIBN7jkQnEB?= =?us-ascii?Q?1Ut8yQ=3D=3D?= X-Forefront-Antispam-Report: CIP:198.47.21.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:flwvzet200.ext.ti.com;PTR:ErrorRetry;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ILOwUk8SYNkcLxtAtUYEK8K18gJR9SKnlnyw447Pqh80b1OGeemxKcJG/uswFkHk/aeBXvjzokF7QkfINlAC/U+qxxNw7obSY1NRWkjUVxxOWutOeHbixS04KYFW78b5+bV4IDEp2KrFVnw6ggPs3OIW0O8v+nr7QVMHcAxoTvq603Mt0ZVcB+SC/hZHpq3Zrk9Vv5A27py3+L5ZmzR9Rq6ikQXJiImZcqwTK0pljLc5ZFhTjtxlPaQ55MC0IuroVCKLSgnp8kAbGdzq9n7H7ZOHQjoIEE6tU1QF2c3Fd8Mx1A/SR9xUZvdlbvAd5YyYi4hK4laXIhsf9qwF9fzOiA1yTkbFviZ2tpFIxBv8TUWpA9YjsG7/v7GBVR8jowh5HReYZauJSYjC/CB4OPzAx+qf1aZplrSGQOI+p2EGu0LGqjS0LwL/ue3fJcsIsrMW X-OriginatorOrg: ti.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2026 13:02:45.7807 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9c93c2a2-212b-4dae-d8e6-08de6b002e95 X-MS-Exchange-CrossTenant-Id: e5b49634-450b-4709-8abb-1e2b19b982b7 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e5b49634-450b-4709-8abb-1e2b19b982b7;Ip=[198.47.21.194];Helo=[flwvzet200.ext.ti.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR10MB7567 Content-Type: text/plain; charset="utf-8" AES-GCM is an AEAD algorithm supporting both encryption and authentication of data. This patch introduces support for AES-GCM as the first AEAD algorithm supported by the DTHEv2 driver. Signed-off-by: T Pratham --- drivers/crypto/ti/Kconfig | 2 + drivers/crypto/ti/dthev2-aes.c | 595 +++++++++++++++++++++++++++++- drivers/crypto/ti/dthev2-common.c | 19 + drivers/crypto/ti/dthev2-common.h | 23 +- 4 files changed, 637 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ti/Kconfig b/drivers/crypto/ti/Kconfig index 6027e12de279d..221e483737439 100644 --- a/drivers/crypto/ti/Kconfig +++ b/drivers/crypto/ti/Kconfig @@ -8,6 +8,8 @@ config CRYPTO_DEV_TI_DTHEV2 select CRYPTO_CBC select CRYPTO_CTR select CRYPTO_XTS + select CRYPTO_GCM + select SG_SPLIT help This enables support for the TI DTHE V2 hw cryptography engine which can be found on TI K3 SOCs. Selecting this enables use diff --git a/drivers/crypto/ti/dthev2-aes.c b/drivers/crypto/ti/dthev2-aes.c index bf7d4dcb4cd7d..90cdd7c431149 100644 --- a/drivers/crypto/ti/dthev2-aes.c +++ b/drivers/crypto/ti/dthev2-aes.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include =20 @@ -19,6 +20,7 @@ #include #include #include +#include #include =20 /* Registers */ @@ -53,6 +55,7 @@ #define DTHE_P_AES_C_LENGTH_1 0x0058 #define DTHE_P_AES_AUTH_LENGTH 0x005C #define DTHE_P_AES_DATA_IN_OUT 0x0060 +#define DTHE_P_AES_TAG_OUT 0x0070 =20 #define DTHE_P_AES_SYSCONFIG 0x0084 #define DTHE_P_AES_IRQSTATUS 0x008C @@ -65,6 +68,7 @@ enum aes_ctrl_mode_masks { AES_CTRL_CBC_MASK =3D BIT(5), AES_CTRL_CTR_MASK =3D BIT(6), AES_CTRL_XTS_MASK =3D BIT(12) | BIT(11), + AES_CTRL_GCM_MASK =3D BIT(17) | BIT(16) | BIT(6), }; =20 #define DTHE_AES_CTRL_MODE_CLEAR_MASK ~GENMASK(28, 5) @@ -91,6 +95,8 @@ enum aes_ctrl_mode_masks { #define AES_IV_SIZE AES_BLOCK_SIZE #define AES_BLOCK_WORDS (AES_BLOCK_SIZE / sizeof(u32)) #define AES_IV_WORDS AES_BLOCK_WORDS +#define DTHE_AES_GCM_AAD_MAXLEN (BIT_ULL(32) - 1) +#define POLL_TIMEOUT_INTERVAL HZ =20 static int dthe_cipher_init_tfm(struct crypto_skcipher *tfm) { @@ -266,6 +272,9 @@ static void dthe_aes_set_ctrl_key(struct dthe_tfm_ctx *= ctx, case DTHE_AES_XTS: ctrl_val |=3D AES_CTRL_XTS_MASK; break; + case DTHE_AES_GCM: + ctrl_val |=3D AES_CTRL_GCM_MASK; + break; } =20 if (iv_in) { @@ -542,6 +551,556 @@ static int dthe_aes_decrypt(struct skcipher_request *= req) return dthe_aes_crypt(req); } =20 +static int dthe_aead_init_tfm(struct crypto_aead *tfm) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + struct dthe_data *dev_data =3D dthe_get_dev(ctx); + + ctx->dev_data =3D dev_data; + + const char *alg_name =3D crypto_tfm_alg_name(crypto_aead_tfm(tfm)); + + ctx->aead_fb =3D crypto_alloc_sync_aead(alg_name, 0, + CRYPTO_ALG_NEED_FALLBACK); + if (IS_ERR(ctx->aead_fb)) { + dev_err(dev_data->dev, "fallback driver %s couldn't be loaded\n", + alg_name); + return PTR_ERR(ctx->aead_fb); + } + + return 0; +} + +static void dthe_aead_exit_tfm(struct crypto_aead *tfm) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + + crypto_free_sync_aead(ctx->aead_fb); +} + +/** + * dthe_aead_prep_src - Prepare source scatterlist for AEAD from input req= ->src + * @sg: Input req->src scatterlist + * @assoclen: Input req->assoclen + * @cryptlen: Input req->cryptlen (minus the size of TAG in decryption) + * @assoc_pad_buf: Buffer to hold AAD padding if needed + * @crypt_pad_buf: Buffer to hold ciphertext/plaintext padding if needed + * + * Description: + * For modes with authentication, DTHEv2 hardware requires the input AAD= and + * plaintext/ciphertext to be individually aligned to AES_BLOCK_SIZE. If= either is not + * aligned, it needs to be padded with zeros by the software before pass= ing the data to + * the hardware. However, linux crypto's aead_request provides the input= with AAD and + * plaintext/ciphertext contiguously appended together in a single scatt= erlist. + * + * This helper function takes the input scatterlist and splits it into s= eparate + * scatterlists for AAD and plaintext/ciphertext, ensuring each is align= ed to + * AES_BLOCK_SIZE by adding necessary padding, and then merges the align= ed scatterlists + * back into a single scatterlist for processing. + * + * Return: + * Pointer to the merged scatterlist, or ERR_PTR(error) on failure. + * The calling function needs to free the returned scatterlist when done. + **/ +static struct scatterlist *dthe_aead_prep_src(struct scatterlist *sg, + unsigned int assoclen, + unsigned int cryptlen, + u8 *assoc_pad_buf, + u8 *crypt_pad_buf) +{ + struct scatterlist *in_sg[2]; + struct scatterlist *to_sg; + struct scatterlist *src; + size_t split_sizes[2] =3D {assoclen, cryptlen}; + int out_mapped_nents[2]; + int crypt_nents =3D 0, assoc_nents =3D 0, src_nents =3D 0; + int err =3D 0; + + /* sg_split does not work properly if one of the split_sizes is 0 */ + if (cryptlen =3D=3D 0 || assoclen =3D=3D 0) { + /* + * Assigning both to sg does not matter as assoclen =3D 0 or cryptlen = =3D 0 + * being passed to dthe_copy_sg will take care to copy the sg correctly + */ + in_sg[0] =3D sg; + in_sg[1] =3D sg; + + src_nents =3D sg_nents_for_len(sg, assoclen + cryptlen); + } else { + err =3D sg_split(sg, 0, 0, 2, split_sizes, in_sg, out_mapped_nents, GFP_= ATOMIC); + if (err) + goto dthe_aead_prep_src_split_err; + assoc_nents =3D sg_nents_for_len(in_sg[0], assoclen); + crypt_nents =3D sg_nents_for_len(in_sg[1], cryptlen); + + src_nents =3D assoc_nents + crypt_nents; + } + + if (assoclen % AES_BLOCK_SIZE) + src_nents++; + if (cryptlen % AES_BLOCK_SIZE) + src_nents++; + + src =3D kmalloc_array(src_nents, sizeof(struct scatterlist), GFP_ATOMIC); + if (!src) { + err =3D -ENOMEM; + goto dthe_aead_prep_src_mem_err; + } + + sg_init_table(src, src_nents); + to_sg =3D src; + + to_sg =3D dthe_copy_sg(to_sg, in_sg[0], assoclen); + if (assoclen % AES_BLOCK_SIZE) { + unsigned int pad_len =3D AES_BLOCK_SIZE - (assoclen % AES_BLOCK_SIZE); + + sg_set_buf(to_sg, assoc_pad_buf, pad_len); + to_sg =3D sg_next(to_sg); + } + + to_sg =3D dthe_copy_sg(to_sg, in_sg[1], cryptlen); + if (cryptlen % AES_BLOCK_SIZE) { + unsigned int pad_len =3D AES_BLOCK_SIZE - (cryptlen % AES_BLOCK_SIZE); + + sg_set_buf(to_sg, crypt_pad_buf, pad_len); + to_sg =3D sg_next(to_sg); + } + +dthe_aead_prep_src_mem_err: + if (cryptlen !=3D 0 && assoclen !=3D 0) { + kfree(in_sg[0]); + kfree(in_sg[1]); + } + +dthe_aead_prep_src_split_err: + if (err) + return ERR_PTR(err); + return src; +} + +/** + * dthe_aead_prep_dst - Prepare destination scatterlist for AEAD from inpu= t req->dst + * @sg: Input req->dst scatterlist + * @assoclen: Input req->assoclen + * @cryptlen: Input req->cryptlen (minus the size of TAG in decryption) + * @pad_buf: Buffer to hold ciphertext/plaintext padding if needed + * + * Description: + * For modes with authentication, DTHEv2 hardware returns encrypted ciph= ertext/decrypted + * plaintext through DMA and TAG through MMRs. However, the dst scatterl= ist in linux + * crypto's aead_request is allocated same as input req->src scatterlist= . That is, it + * contains space for AAD in the beginning and ciphertext/plaintext at t= he end, with no + * alignment padding. This causes issues with DMA engine and DTHEv2 hard= ware. + * + * This helper function takes the output scatterlist and maps the part o= f the buffer + * which holds only the ciphertext/plaintext to a new scatterlist. It al= so adds a padding + * to align it with AES_BLOCK_SIZE. + * + * Return: + * Pointer to the trimmed scatterlist, or ERR_PTR(error) on failure. + * The calling function needs to free the returned scatterlist when done. + **/ +static struct scatterlist *dthe_aead_prep_dst(struct scatterlist *sg, + unsigned int assoclen, + unsigned int cryptlen, + u8 *pad_buf) +{ + struct scatterlist *out_sg[1]; + struct scatterlist *dst; + struct scatterlist *to_sg; + size_t split_sizes[1] =3D {cryptlen}; + int out_mapped_nents[1]; + int dst_nents =3D 0; + int err =3D 0; + + err =3D sg_split(sg, 0, assoclen, 1, split_sizes, out_sg, out_mapped_nent= s, GFP_ATOMIC); + if (err) + goto dthe_aead_prep_dst_split_err; + + dst_nents =3D sg_nents_for_len(out_sg[0], cryptlen); + if (cryptlen % AES_BLOCK_SIZE) + dst_nents++; + + dst =3D kmalloc_array(dst_nents, sizeof(struct scatterlist), GFP_ATOMIC); + if (!dst) { + err =3D -ENOMEM; + goto dthe_aead_prep_dst_mem_err; + } + sg_init_table(dst, dst_nents); + + to_sg =3D dthe_copy_sg(dst, out_sg[0], cryptlen); + if (cryptlen % AES_BLOCK_SIZE) { + unsigned int pad_len =3D AES_BLOCK_SIZE - (cryptlen % AES_BLOCK_SIZE); + + sg_set_buf(to_sg, pad_buf, pad_len); + to_sg =3D sg_next(to_sg); + } + +dthe_aead_prep_dst_mem_err: + kfree(out_sg[0]); + +dthe_aead_prep_dst_split_err: + if (err) + return ERR_PTR(err); + return dst; +} + +static int dthe_aead_read_tag(struct dthe_tfm_ctx *ctx, u32 *tag) +{ + struct dthe_data *dev_data =3D dthe_get_dev(ctx); + void __iomem *aes_base_reg =3D dev_data->regs + DTHE_P_AES_BASE; + u32 val; + int ret; + + ret =3D readl_relaxed_poll_timeout(aes_base_reg + DTHE_P_AES_CTRL, val, + (val & DTHE_AES_CTRL_SAVED_CTX_READY), + 0, POLL_TIMEOUT_INTERVAL); + if (ret) + return ret; + + for (int i =3D 0; i < AES_BLOCK_WORDS; ++i) + tag[i] =3D readl_relaxed(aes_base_reg + + DTHE_P_AES_TAG_OUT + + DTHE_REG_SIZE * i); + return 0; +} + +static int dthe_aead_enc_get_tag(struct aead_request *req) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(crypto_aead_reqtfm(req)); + u32 tag[AES_BLOCK_WORDS]; + int nents; + int ret; + + ret =3D dthe_aead_read_tag(ctx, tag); + if (ret) + return ret; + + nents =3D sg_nents_for_len(req->dst, req->cryptlen + req->assoclen + ctx-= >authsize); + + sg_pcopy_from_buffer(req->dst, nents, tag, ctx->authsize, + req->assoclen + req->cryptlen); + + return 0; +} + +static int dthe_aead_dec_verify_tag(struct aead_request *req) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(crypto_aead_reqtfm(req)); + u32 tag_out[AES_BLOCK_WORDS]; + u32 tag_in[AES_BLOCK_WORDS]; + int nents; + int ret; + + ret =3D dthe_aead_read_tag(ctx, tag_out); + if (ret) + return ret; + + nents =3D sg_nents_for_len(req->src, req->assoclen + req->cryptlen); + + sg_pcopy_to_buffer(req->src, nents, tag_in, ctx->authsize, + req->assoclen + req->cryptlen - ctx->authsize); + + if (memcmp(tag_in, tag_out, ctx->authsize)) + return -EBADMSG; + else + return 0; +} + +static int dthe_aead_setkey(struct crypto_aead *tfm, const u8 *key, unsign= ed int keylen) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + + if (keylen !=3D AES_KEYSIZE_128 && keylen !=3D AES_KEYSIZE_192 && keylen = !=3D AES_KEYSIZE_256) + return -EINVAL; + + ctx->aes_mode =3D DTHE_AES_GCM; + ctx->keylen =3D keylen; + memcpy(ctx->key, key, keylen); + + crypto_sync_aead_clear_flags(ctx->aead_fb, CRYPTO_TFM_REQ_MASK); + crypto_sync_aead_set_flags(ctx->aead_fb, + crypto_aead_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + + return crypto_sync_aead_setkey(ctx->aead_fb, key, keylen); +} + +static int dthe_aead_setauthsize(struct crypto_aead *tfm, unsigned int aut= hsize) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + + /* Invalid auth size will be handled by crypto_aead_setauthsize() */ + ctx->authsize =3D authsize; + + return crypto_sync_aead_setauthsize(ctx->aead_fb, authsize); +} + +static int dthe_aead_do_fallback(struct aead_request *req) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(crypto_aead_reqtfm(req)); + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + + SYNC_AEAD_REQUEST_ON_STACK(subreq, ctx->aead_fb); + + aead_request_set_callback(subreq, req->base.flags, + req->base.complete, req->base.data); + aead_request_set_crypt(subreq, req->src, req->dst, req->cryptlen, req->iv= ); + aead_request_set_ad(subreq, req->assoclen); + + return rctx->enc ? crypto_aead_encrypt(subreq) : + crypto_aead_decrypt(subreq); +} + +static void dthe_aead_dma_in_callback(void *data) +{ + struct aead_request *req =3D (struct aead_request *)data; + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + + complete(&rctx->aes_compl); +} + +static int dthe_aead_run(struct crypto_engine *engine, void *areq) +{ + struct aead_request *req =3D container_of(areq, struct aead_request, base= ); + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(crypto_aead_reqtfm(req)); + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + struct dthe_data *dev_data =3D dthe_get_dev(ctx); + + unsigned int cryptlen =3D req->cryptlen; + unsigned int assoclen =3D req->assoclen; + unsigned int authsize =3D ctx->authsize; + unsigned int unpadded_cryptlen; + struct scatterlist *src =3D req->src; + struct scatterlist *dst =3D req->dst; + u32 iv_in[AES_IV_WORDS]; + + int src_nents; + int dst_nents; + int src_mapped_nents, dst_mapped_nents; + + u8 *src_assoc_padbuf =3D rctx->padding; + u8 *src_crypt_padbuf =3D rctx->padding + AES_BLOCK_SIZE; + u8 *dst_crypt_padbuf =3D rctx->padding + (2 * AES_BLOCK_SIZE); + + enum dma_data_direction src_dir, dst_dir; + + struct device *tx_dev, *rx_dev; + struct dma_async_tx_descriptor *desc_in, *desc_out; + + int ret; + + void __iomem *aes_base_reg =3D dev_data->regs + DTHE_P_AES_BASE; + + u32 aes_irqenable_val =3D readl_relaxed(aes_base_reg + DTHE_P_AES_IRQENAB= LE); + u32 aes_sysconfig_val =3D readl_relaxed(aes_base_reg + DTHE_P_AES_SYSCONF= IG); + + aes_sysconfig_val |=3D DTHE_AES_SYSCONFIG_DMA_DATA_IN_OUT_EN; + writel_relaxed(aes_sysconfig_val, aes_base_reg + DTHE_P_AES_SYSCONFIG); + + aes_irqenable_val |=3D DTHE_AES_IRQENABLE_EN_ALL; + writel_relaxed(aes_irqenable_val, aes_base_reg + DTHE_P_AES_IRQENABLE); + + /* In decryption, the last authsize bytes are the TAG */ + if (!rctx->enc) + cryptlen -=3D authsize; + unpadded_cryptlen =3D cryptlen; + + /* Prep src and dst scatterlists */ + memset(src_assoc_padbuf, 0, AES_BLOCK_SIZE); + memset(src_crypt_padbuf, 0, AES_BLOCK_SIZE); + memset(dst_crypt_padbuf, 0, AES_BLOCK_SIZE); + + src =3D dthe_aead_prep_src(req->src, req->assoclen, cryptlen, + src_assoc_padbuf, src_crypt_padbuf); + if (IS_ERR(src)) { + ret =3D PTR_ERR(src); + goto aead_prep_src_err; + } + + if (req->assoclen % AES_BLOCK_SIZE) + assoclen +=3D AES_BLOCK_SIZE - (req->assoclen % AES_BLOCK_SIZE); + if (cryptlen % AES_BLOCK_SIZE) + cryptlen +=3D AES_BLOCK_SIZE - (cryptlen % AES_BLOCK_SIZE); + + src_nents =3D sg_nents_for_len(src, assoclen + cryptlen); + + if (cryptlen !=3D 0) { + dst =3D dthe_aead_prep_dst(req->dst, req->assoclen, unpadded_cryptlen, + dst_crypt_padbuf); + if (IS_ERR(dst)) { + ret =3D PTR_ERR(dst); + goto aead_prep_dst_err; + } + + dst_nents =3D sg_nents_for_len(dst, cryptlen); + } + /* Prep finished */ + + src_dir =3D DMA_TO_DEVICE; + dst_dir =3D DMA_FROM_DEVICE; + + tx_dev =3D dmaengine_get_dma_device(dev_data->dma_aes_tx); + rx_dev =3D dmaengine_get_dma_device(dev_data->dma_aes_rx); + + src_mapped_nents =3D dma_map_sg(tx_dev, src, src_nents, src_dir); + if (src_mapped_nents =3D=3D 0) { + ret =3D -EINVAL; + goto aead_dma_map_src_err; + } + + desc_out =3D dmaengine_prep_slave_sg(dev_data->dma_aes_tx, src, src_mappe= d_nents, + DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT | DMA_CTRL_ACK); + if (!desc_out) { + ret =3D -EINVAL; + goto aead_dma_prep_src_err; + } + + desc_out->callback =3D dthe_aead_dma_in_callback; + desc_out->callback_param =3D req; + + if (cryptlen !=3D 0) { + dst_mapped_nents =3D dma_map_sg(rx_dev, dst, dst_nents, dst_dir); + if (dst_mapped_nents =3D=3D 0) { + ret =3D -EINVAL; + goto aead_dma_prep_src_err; + } + + desc_in =3D dmaengine_prep_slave_sg(dev_data->dma_aes_rx, dst, + dst_mapped_nents, DMA_DEV_TO_MEM, + DMA_PREP_INTERRUPT | DMA_CTRL_ACK); + if (!desc_in) { + ret =3D -EINVAL; + goto aead_dma_prep_dst_err; + } + } + + init_completion(&rctx->aes_compl); + + /* + * HACK: There is an unknown hw issue where if the previous operation had= alen =3D 0 and + * plen !=3D 0, the current operation's tag calculation is incorrect in t= he case where + * plen =3D 0 and alen !=3D 0 currently. This is a workaround for now whi= ch somehow works; + * by resetting the context by writing a 1 to the C_LENGTH_0 and AUTH_LEN= GTH registers. + */ + if (cryptlen =3D=3D 0) { + writel_relaxed(1, aes_base_reg + DTHE_P_AES_C_LENGTH_0); + writel_relaxed(1, aes_base_reg + DTHE_P_AES_AUTH_LENGTH); + } + + if (req->iv) { + memcpy(iv_in, req->iv, GCM_AES_IV_SIZE); + } else { + iv_in[0] =3D 0; + iv_in[1] =3D 0; + iv_in[2] =3D 0; + } + iv_in[3] =3D 0x01000000; + + /* Clear key2 to reset previous GHASH intermediate data */ + for (int i =3D 0; i < AES_KEYSIZE_256 / sizeof(u32); ++i) + writel_relaxed(0, aes_base_reg + DTHE_P_AES_KEY2_6 + DTHE_REG_SIZE * i); + + dthe_aes_set_ctrl_key(ctx, rctx, iv_in); + + writel_relaxed(lower_32_bits(unpadded_cryptlen), aes_base_reg + DTHE_P_AE= S_C_LENGTH_0); + writel_relaxed(upper_32_bits(unpadded_cryptlen), aes_base_reg + DTHE_P_AE= S_C_LENGTH_1); + writel_relaxed(req->assoclen, aes_base_reg + DTHE_P_AES_AUTH_LENGTH); + + if (cryptlen !=3D 0) + dmaengine_submit(desc_in); + dmaengine_submit(desc_out); + + if (cryptlen !=3D 0) + dma_async_issue_pending(dev_data->dma_aes_rx); + dma_async_issue_pending(dev_data->dma_aes_tx); + + /* Need to do timeout to ensure finalise gets called if DMA callback fail= s for any reason */ + ret =3D wait_for_completion_timeout(&rctx->aes_compl, msecs_to_jiffies(DT= HE_DMA_TIMEOUT_MS)); + if (!ret) { + ret =3D -ETIMEDOUT; + if (cryptlen !=3D 0) + dmaengine_terminate_sync(dev_data->dma_aes_rx); + dmaengine_terminate_sync(dev_data->dma_aes_tx); + + for (int i =3D 0; i < AES_BLOCK_WORDS; ++i) + readl_relaxed(aes_base_reg + DTHE_P_AES_DATA_IN_OUT + DTHE_REG_SIZE * i= ); + } else { + ret =3D 0; + } + + if (cryptlen !=3D 0) + dma_sync_sg_for_cpu(rx_dev, dst, dst_nents, dst_dir); + if (rctx->enc) + ret =3D dthe_aead_enc_get_tag(req); + else + ret =3D dthe_aead_dec_verify_tag(req); + +aead_dma_prep_dst_err: + if (cryptlen !=3D 0) + dma_unmap_sg(rx_dev, dst, dst_nents, dst_dir); +aead_dma_prep_src_err: + dma_unmap_sg(tx_dev, src, src_nents, src_dir); + +aead_dma_map_src_err: + if (cryptlen !=3D 0) + kfree(dst); + +aead_prep_dst_err: + kfree(src); + +aead_prep_src_err: + if (ret) + ret =3D dthe_aead_do_fallback(req); + local_bh_disable(); + crypto_finalize_aead_request(engine, req, ret); + local_bh_enable(); + return 0; +} + +static int dthe_aead_crypt(struct aead_request *req) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(crypto_aead_reqtfm(req)); + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + struct dthe_data *dev_data =3D dthe_get_dev(ctx); + struct crypto_engine *engine; + unsigned int cryptlen =3D req->cryptlen; + + /* In decryption, last authsize bytes are the TAG */ + if (!rctx->enc) + cryptlen -=3D ctx->authsize; + + /* + * Need to fallback to software in the following cases due to HW restrict= ions: + * - Both AAD and plaintext/ciphertext are zero length + * - AAD length is more than 2^32 - 1 bytes + * PS: req->cryptlen is currently unsigned int type, which causes the abo= ve condition + * tautologically false. If req->cryptlen were to be changed to a 64-bit = type, + * the check for this would need to be added below. + */ + if (req->assoclen =3D=3D 0 && cryptlen =3D=3D 0) + return dthe_aead_do_fallback(req); + + engine =3D dev_data->engine; + return crypto_transfer_aead_request_to_engine(engine, req); +} + +static int dthe_aead_encrypt(struct aead_request *req) +{ + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + + rctx->enc =3D 1; + return dthe_aead_crypt(req); +} + +static int dthe_aead_decrypt(struct aead_request *req) +{ + struct dthe_aes_req_ctx *rctx =3D aead_request_ctx(req); + + rctx->enc =3D 0; + return dthe_aead_crypt(req); +} + static struct skcipher_engine_alg cipher_algs[] =3D { { .base.init =3D dthe_cipher_init_tfm, @@ -640,12 +1199,46 @@ static struct skcipher_engine_alg cipher_algs[] =3D { }, /* XTS AES */ }; =20 +static struct aead_engine_alg aead_algs[] =3D { + { + .base.init =3D dthe_aead_init_tfm, + .base.exit =3D dthe_aead_exit_tfm, + .base.setkey =3D dthe_aead_setkey, + .base.setauthsize =3D dthe_aead_setauthsize, + .base.maxauthsize =3D AES_BLOCK_SIZE, + .base.encrypt =3D dthe_aead_encrypt, + .base.decrypt =3D dthe_aead_decrypt, + .base.chunksize =3D AES_BLOCK_SIZE, + .base.ivsize =3D GCM_AES_IV_SIZE, + .base.base =3D { + .cra_name =3D "gcm(aes)", + .cra_driver_name =3D "gcm-aes-dthev2", + .cra_priority =3D 299, + .cra_flags =3D CRYPTO_ALG_TYPE_AEAD | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize =3D 1, + .cra_ctxsize =3D sizeof(struct dthe_tfm_ctx), + .cra_reqsize =3D sizeof(struct dthe_aes_req_ctx), + .cra_module =3D THIS_MODULE, + }, + .op.do_one_request =3D dthe_aead_run, + }, /* GCM AES */ +}; + int dthe_register_aes_algs(void) { - return crypto_engine_register_skciphers(cipher_algs, ARRAY_SIZE(cipher_al= gs)); + int ret =3D 0; + + ret |=3D crypto_engine_register_skciphers(cipher_algs, ARRAY_SIZE(cipher_= algs)); + ret |=3D crypto_engine_register_aeads(aead_algs, ARRAY_SIZE(aead_algs)); + + return ret; } =20 void dthe_unregister_aes_algs(void) { crypto_engine_unregister_skciphers(cipher_algs, ARRAY_SIZE(cipher_algs)); + crypto_engine_unregister_aeads(aead_algs, ARRAY_SIZE(aead_algs)); } diff --git a/drivers/crypto/ti/dthev2-common.c b/drivers/crypto/ti/dthev2-c= ommon.c index c39d37933b9ee..a2ad79bec105a 100644 --- a/drivers/crypto/ti/dthev2-common.c +++ b/drivers/crypto/ti/dthev2-common.c @@ -48,6 +48,25 @@ struct dthe_data *dthe_get_dev(struct dthe_tfm_ctx *ctx) return dev_data; } =20 +struct scatterlist *dthe_copy_sg(struct scatterlist *dst, + struct scatterlist *src, + int buflen) +{ + struct scatterlist *from_sg, *to_sg; + int sglen; + + for (to_sg =3D dst, from_sg =3D src; buflen && from_sg; buflen -=3D sglen= ) { + sglen =3D from_sg->length; + if (sglen > buflen) + sglen =3D buflen; + sg_set_buf(to_sg, sg_virt(from_sg), sglen); + from_sg =3D sg_next(from_sg); + to_sg =3D sg_next(to_sg); + } + + return to_sg; +} + static int dthe_dma_init(struct dthe_data *dev_data) { int ret; diff --git a/drivers/crypto/ti/dthev2-common.h b/drivers/crypto/ti/dthev2-c= ommon.h index efbcbbb741a14..0aaecf02258e0 100644 --- a/drivers/crypto/ti/dthev2-common.h +++ b/drivers/crypto/ti/dthev2-common.h @@ -38,6 +38,7 @@ enum dthe_aes_mode { DTHE_AES_CBC, DTHE_AES_CTR, DTHE_AES_XTS, + DTHE_AES_GCM, }; =20 /* Driver specific struct definitions */ @@ -78,16 +79,22 @@ struct dthe_list { * struct dthe_tfm_ctx - Transform ctx struct containing ctx for all sub-c= omponents of DTHE V2 * @dev_data: Device data struct pointer * @keylen: AES key length + * @authsize: Authentication size for modes with authentication * @key: AES key * @aes_mode: AES mode + * @aead_fb: Fallback crypto aead handle * @skcipher_fb: Fallback crypto skcipher handle for AES-XTS mode */ struct dthe_tfm_ctx { struct dthe_data *dev_data; unsigned int keylen; + unsigned int authsize; u32 key[DTHE_MAX_KEYSIZE / sizeof(u32)]; enum dthe_aes_mode aes_mode; - struct crypto_sync_skcipher *skcipher_fb; + union { + struct crypto_sync_aead *aead_fb; + struct crypto_sync_skcipher *skcipher_fb; + }; }; =20 /** @@ -106,6 +113,20 @@ struct dthe_aes_req_ctx { =20 struct dthe_data *dthe_get_dev(struct dthe_tfm_ctx *ctx); =20 +/** + * dthe_copy_sg - Copy sg entries from src to dst + * @dst: Destination sg to be filled + * @src: Source sg to be copied from + * @buflen: Number of bytes to be copied + * + * Description: + * Copy buflen bytes of data from src to dst. + * + **/ +struct scatterlist *dthe_copy_sg(struct scatterlist *dst, + struct scatterlist *src, + int buflen); + int dthe_register_aes_algs(void); void dthe_unregister_aes_algs(void); =20 --=20 2.34.1 From nobody Fri Apr 17 21:54:37 2026 Received: from MW6PR02CU001.outbound.protection.outlook.com (mail-westus2azon11012028.outbound.protection.outlook.com [52.101.48.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 281CC35F8CF; Fri, 13 Feb 2026 13:02:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.48.28 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987774; cv=fail; b=RML9/cH09dqH2qjeXRtRcAe/Av9odneM4k+LVMeR/90E2/vMhubSIQrCyTTI84jhbOMF/sFh/4vpYUzWwUSUy4jlDABQ6q42FL5yia4vC71lHWA2xYmKXyKlTDn9slA+/sikDfhk9nRX+kUyJ05Xqno4ZbsNM6t8GbjkMXwX8Z0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770987774; c=relaxed/simple; bh=ms3zbeZFFawifCoaVgGUjt7OPkeXRm9DSMgozRstm0U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=d1O/OGwfHIUrMIe+ODT5IxqaeoDuJjjwXYWAnUAUMvQP3O5suy4iWOAe6E+h7tR5eVZm+UCwy5J0jRHzszDOV/jWpDe02WZCcPQxG0Ahdx4vzYQRXDOY7VP1rnqPNXqqobyWkWutom8Pbnzf+1KuokgUJld2SKjckvptk/UAi7Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com; spf=pass smtp.mailfrom=ti.com; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b=N/9WcIT5; arc=fail smtp.client-ip=52.101.48.28 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ti.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ti.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ti.com header.i=@ti.com header.b="N/9WcIT5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RZyfz7tX9UdW4zZ7wPT36d9Wy6ziKEcfC4f2+WapA/XY0ligupeVhJIPw69EcWdKJs5ZN2r3NY9njOT+YurmDUxeKTS2aLDwH1I+OnBWZa2SXlwn9XD1AQaFTEVuYRr73e0oPTPLrEORNW3oNXTacsg5Il8pLtU/GDKJnT5hpnp7nrkv6v9yUM81EGoXFjvK6oeL1A1erOzwlauciRNhYYEMK+g2TQXaAHFyW9tb2EW3f+fcXUmPv8Vg87nZinCYrRoOiJS3Coa6ofFkmhzj3z0yhKWc7ytL5LP/7ZqkLnsOcc/MjBrBMEbnNBvzF7c7NHYHKc3yDnVm13Il5NZRCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HWK5/9pkOcFTYzmVo3/QJ9jsy7jIaoJvta8+PCi3Bx4=; b=E2aCUDTCQ1DRqITU0fllx8ZDUqdTeZrDrzaJ5k/OeubMl9ErjXbG9Mb8nQYAfx5nytp7PEsNDVP1iKzgtligN9qeEdTom7RhTzRBM2FZsX96QXj5WzLTHd02KMWlmLpWROKBgUb6/Ujvq6LVWCAJ043GO1kTrZICvvPOC4B+EzoEuuhgNu/2U/9wIX648+qPyY2WQOQ/VYZquCUre/ZOY2VDbClBzX9rV3uFfExTMMrsD0BhixoDU11ibSHEHFLZqOSpPEOWJ0qX7/zJdiTMsz3LwKigZFP24hZSGmy6llfnNHCFzN+TuSAgYt6zd5L7G4xBLO1F7RE6FBDVm1j+/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 198.47.21.194) smtp.rcpttodomain=gondor.apana.org.au smtp.mailfrom=ti.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=ti.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HWK5/9pkOcFTYzmVo3/QJ9jsy7jIaoJvta8+PCi3Bx4=; b=N/9WcIT5UwK40MqyKTQAQzzn4GkOTuRav8iHmC56eK5gUMEHXbC3WpF0tIN5zVbdV1/9/zGS6wJ11KvElD+pIekCr4cPgywVhH+QwtuqZXVGD2mcCHmhmLhB2YiLpqUHUd7AqmdfPWyHGjXcQSUF/boDJbXNHMidUHBW0DsndME= Received: from BN9P222CA0024.NAMP222.PROD.OUTLOOK.COM (2603:10b6:408:10c::29) by CY8PR10MB7340.namprd10.prod.outlook.com (2603:10b6:930:7f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.11; Fri, 13 Feb 2026 13:02:51 +0000 Received: from BN2PEPF00004FBF.namprd04.prod.outlook.com (2603:10b6:408:10c:cafe::96) by BN9P222CA0024.outlook.office365.com (2603:10b6:408:10c::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9611.13 via Frontend Transport; Fri, 13 Feb 2026 13:02:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 198.47.21.194) smtp.mailfrom=ti.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ti.com; Received-SPF: Pass (protection.outlook.com: domain of ti.com designates 198.47.21.194 as permitted sender) receiver=protection.outlook.com; client-ip=198.47.21.194; helo=flwvzet200.ext.ti.com; pr=C Received: from flwvzet200.ext.ti.com (198.47.21.194) by BN2PEPF00004FBF.mail.protection.outlook.com (10.167.243.185) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.8 via Frontend Transport; Fri, 13 Feb 2026 13:02:50 +0000 Received: from DFLE211.ent.ti.com (10.64.6.69) by flwvzet200.ext.ti.com (10.248.192.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:48 -0600 Received: from DFLE205.ent.ti.com (10.64.6.63) by DFLE211.ent.ti.com (10.64.6.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20; Fri, 13 Feb 2026 07:02:48 -0600 Received: from lelvem-mr06.itg.ti.com (10.180.75.8) by DFLE205.ent.ti.com (10.64.6.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.20 via Frontend Transport; Fri, 13 Feb 2026 07:02:48 -0600 Received: from pratham-Workstation-PC (pratham-workstation-pc.dhcp.ti.com [10.24.69.191]) by lelvem-mr06.itg.ti.com (8.18.1/8.18.1) with ESMTP id 61DD2k1V781914; Fri, 13 Feb 2026 07:02:47 -0600 From: T Pratham To: T Pratham , Herbert Xu , "David S. Miller" CC: Manorit Chawdhry , Kamlesh Gurudasani , Shiva Tripathi , Kavitha Malarvizhi , Vishal Mahaveer , Praneeth Bajjuri , , Subject: [PATCH v9 3/3] crypto: ti - Add support for AES-CCM in DTHEv2 driver Date: Fri, 13 Feb 2026 18:32:07 +0530 Message-ID: <20260213130207.209336-4-t-pratham@ti.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260213130207.209336-1-t-pratham@ti.com> References: <20260213130207.209336-1-t-pratham@ti.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-C2ProcessedOrg: 333ef613-75bf-4e12-a4b1-8e3623f5dcea X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF00004FBF:EE_|CY8PR10MB7340:EE_ X-MS-Office365-Filtering-Correlation-Id: f33fd99d-1012-4012-90ee-08de6b003125 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?GqYaoJis233WXIag6nSh9InCazBTAdrkSRH3mGxJ/LPgX7SEaTACsP6ZnbzB?= =?us-ascii?Q?fTL/4rHUgHRaYnLcPIe6bYu2JTiEfrHBw9nI3ZJMxE8XbDSMXdltrg14kidr?= =?us-ascii?Q?uyyDWare3gjLgbl8xGW5/BnRuz5KXi4VbXbnd7R8ToaMMNcjFhzYKVZh0R3O?= =?us-ascii?Q?b1HQ8KznJ5hNn5e7Ft7xh1y7Md51jrNKmbNLNG0Tju3OeNZzsy8BUE6B15ic?= =?us-ascii?Q?qvbLjAG3GNq1T2IruqJAiUtMuxFOl1jGPyL89eFDVqorU5XhRoiZilNoW8xb?= =?us-ascii?Q?EAD6NeHGi1UAGnESyB0GC10IOlYNjSHdYFzsxZUhBMHlS1a6kYeX/xbisccl?= =?us-ascii?Q?7CUDmJMz9qMYFe7tR9Hk/IR3stu6lymEUWmZprs3CkxNKcQRDN9JQmfLeaUu?= =?us-ascii?Q?FXgQxRMKgqQZPkNAaiW+q8cXZ3REMtu8WOLpIdFrIceLZXiKwpPQKw4Kp0Wn?= =?us-ascii?Q?HAwI5Z4Mf1KUoDRgADo+tjXyjIvbE6HR1rc+H1klM1jB8z2ZYdNH7W6KBv+o?= =?us-ascii?Q?GPCcai5dng8WThZ0DNnPSGlRV7y21oKmt3Aiu/IKVzqxu4nWlga6fEa6c2fH?= =?us-ascii?Q?Gy2iCk+YZRB2714wfxpKLvRq1TDzJt7BdulGRV/RagegfZ6cr0HSKueQqVtn?= =?us-ascii?Q?vEVax+PA+uC4GOSUnJPqPLCKpr/oS2qF5UjG279t73ysFEoZCAYY3ZG+cf6g?= =?us-ascii?Q?+4ILi0Av0j5iPaKdPpAEBBqFDrE+0yGU3VG+zrOr/i1NhAWmZt0RXRkVDQC/?= =?us-ascii?Q?iOCNo500U6Sc0MkvDxh2SMSuEa/X93gT1HEEfVzN3w7sCJ1I7hWi5n0LPd3+?= =?us-ascii?Q?lxCPtRTrDppEJXdzeq6U+qrCoCH/69lfVm5ZuC7q2BeBJyIiCY5LTGJd1Tlj?= =?us-ascii?Q?OAGyci3HiiM4+Uq+M4j+BxH29wQfn3/8X9GG/Bqb1aOX2c0xLwBrEHL6DPZq?= =?us-ascii?Q?hhoVcBNWtzcBzDRrSSYuSnTQnHx/k3JXdt06K3rdKjB5pF0U14ggPQyOLGZZ?= =?us-ascii?Q?NSDAgoyuP4R/Sc+UbBTVUP/vWi+eTXqoDZxj+Zh+LLAL+O+ItvmeT8/vvZMI?= =?us-ascii?Q?au8Xr/QW7q6jjHDVMfAHFq6qMzoG2uwf1Bw92U2wftGO3BRefSuvlp6qHwyE?= =?us-ascii?Q?4WQzENMw4TXNBmm/dO4ynhAqesJWEsVu0d2kWgpILT4yyTqcUBaqkdnE/0qY?= =?us-ascii?Q?CEoURbJr/ThtZLhAROgvF6VER0vLylXRrvWd+UcEyGXHtBUIAVVdv82c8wdQ?= =?us-ascii?Q?jmti7IVZJn72JAvWOdYcVOUEGMGyr1cB1h4BVI0o2MxF6MABaWvCloLE+fCR?= =?us-ascii?Q?kjO3M/drTJdOLEnLfXKKj7LnnMugQ6hwbihArOFPm8fQyd15ZoBAjUv7p/Gu?= =?us-ascii?Q?kqUnvm0i/ibC2YgKrqNZw/O/GV5ITa4NcMnwqYrBBOXnhJf6hzmQWsBsdIov?= =?us-ascii?Q?0RdRu5Qcy/fxYslaDsclokPoBMkZL2DorxDezBLVJpryZbm1+ogArOXOWHDS?= =?us-ascii?Q?xB9nA5hLH6xYyRrSZ81dMZPxtIguk1VT4IzrNaDzWLks7aO0LkAS3BPiAbM5?= =?us-ascii?Q?DEvYKgWOGthJHuQJSLBOa2HECoXuQdIasSMRlHEUKeV1g2hPQHmRYUb4l6/B?= =?us-ascii?Q?UnofIEsP10iTnK7q42qEmzwjwXMyognXZCgeqHY7p/Ba2VFoUm67EG5GVico?= =?us-ascii?Q?AoE3dQ=3D=3D?= X-Forefront-Antispam-Report: CIP:198.47.21.194;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:flwvzet200.ext.ti.com;PTR:ErrorRetry;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 5NK5Ncvbutf80WLZeF82iCsrx6+p+x4KkzUFvpWgMvtc1PKdRfGatb/KWZbQHvhjVzJfRYSb9CEUbuLw6vAxq+9tOt/1rxafoKv6lkBJKQBIXFSMtznRQwhjyTKrFINHVmCGRPiitkUqL/vc/kaWlbKVQJIdkpcq3eU02Y+sOq2++MyD787w75E9R7xU/KDpiD6oGwPi8xWxYWV92pfRMN3INvao33s76h2hORQWMfrMj5ZdGgd4pX3BRv6Mi0f5FUFh1TkMqrEv3Dl4GdQONNVPVSQ6pmepORC6L8K1deNkXaJMnCPtr7OyLq9M78DWIb30Mo2min1UwCkFCwryOx7IvkGoD3DBr2sqAROcQUFcuKfNul52REvaoHJQ3wyDJfSUjiOkA1/UqNwdLj1py8R/HOL7VOcCsYAfRvlxqWyi+WXcnJaBq13coSTsAwvS X-OriginatorOrg: ti.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Feb 2026 13:02:50.0789 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f33fd99d-1012-4012-90ee-08de6b003125 X-MS-Exchange-CrossTenant-Id: e5b49634-450b-4709-8abb-1e2b19b982b7 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e5b49634-450b-4709-8abb-1e2b19b982b7;Ip=[198.47.21.194];Helo=[flwvzet200.ext.ti.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF00004FBF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR10MB7340 Content-Type: text/plain; charset="utf-8" AES-CCM is an AEAD algorithm supporting both encryption and authentication of data. This patch introduces support for AES-CCM AEAD algorithm in the DTHEv2 driver. Signed-off-by: T Pratham --- drivers/crypto/ti/Kconfig | 1 + drivers/crypto/ti/dthev2-aes.c | 129 ++++++++++++++++++++++++++---- drivers/crypto/ti/dthev2-common.h | 1 + 3 files changed, 115 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/ti/Kconfig b/drivers/crypto/ti/Kconfig index 221e483737439..1a3a571ac8cef 100644 --- a/drivers/crypto/ti/Kconfig +++ b/drivers/crypto/ti/Kconfig @@ -9,6 +9,7 @@ config CRYPTO_DEV_TI_DTHEV2 select CRYPTO_CTR select CRYPTO_XTS select CRYPTO_GCM + select CRYPTO_CCM select SG_SPLIT help This enables support for the TI DTHE V2 hw cryptography engine diff --git a/drivers/crypto/ti/dthev2-aes.c b/drivers/crypto/ti/dthev2-aes.c index 90cdd7c431149..06098d6768eb3 100644 --- a/drivers/crypto/ti/dthev2-aes.c +++ b/drivers/crypto/ti/dthev2-aes.c @@ -16,6 +16,7 @@ =20 #include "dthev2-common.h" =20 +#include #include #include #include @@ -69,6 +70,7 @@ enum aes_ctrl_mode_masks { AES_CTRL_CTR_MASK =3D BIT(6), AES_CTRL_XTS_MASK =3D BIT(12) | BIT(11), AES_CTRL_GCM_MASK =3D BIT(17) | BIT(16) | BIT(6), + AES_CTRL_CCM_MASK =3D BIT(18) | BIT(6), }; =20 #define DTHE_AES_CTRL_MODE_CLEAR_MASK ~GENMASK(28, 5) @@ -81,6 +83,11 @@ enum aes_ctrl_mode_masks { =20 #define DTHE_AES_CTRL_CTR_WIDTH_128B (BIT(7) | BIT(8)) =20 +#define DTHE_AES_CCM_L_FROM_IV_MASK GENMASK(2, 0) +#define DTHE_AES_CCM_M_BITS GENMASK(2, 0) +#define DTHE_AES_CTRL_CCM_L_FIELD_MASK GENMASK(21, 19) +#define DTHE_AES_CTRL_CCM_M_FIELD_MASK GENMASK(24, 22) + #define DTHE_AES_CTRL_SAVE_CTX_SET BIT(29) =20 #define DTHE_AES_CTRL_OUTPUT_READY BIT_MASK(0) @@ -96,6 +103,8 @@ enum aes_ctrl_mode_masks { #define AES_BLOCK_WORDS (AES_BLOCK_SIZE / sizeof(u32)) #define AES_IV_WORDS AES_BLOCK_WORDS #define DTHE_AES_GCM_AAD_MAXLEN (BIT_ULL(32) - 1) +#define DTHE_AES_CCM_AAD_MAXLEN (BIT(16) - BIT(8)) +#define DTHE_AES_CCM_CRYPT_MAXLEN (BIT_ULL(61) - 1) #define POLL_TIMEOUT_INTERVAL HZ =20 static int dthe_cipher_init_tfm(struct crypto_skcipher *tfm) @@ -275,6 +284,13 @@ static void dthe_aes_set_ctrl_key(struct dthe_tfm_ctx = *ctx, case DTHE_AES_GCM: ctrl_val |=3D AES_CTRL_GCM_MASK; break; + case DTHE_AES_CCM: + ctrl_val |=3D AES_CTRL_CCM_MASK; + ctrl_val |=3D FIELD_PREP(DTHE_AES_CTRL_CCM_L_FIELD_MASK, + (iv_in[0] & DTHE_AES_CCM_L_FROM_IV_MASK)); + ctrl_val |=3D FIELD_PREP(DTHE_AES_CTRL_CCM_M_FIELD_MASK, + ((ctx->authsize - 2) >> 1) & DTHE_AES_CCM_M_BITS); + break; } =20 if (iv_in) { @@ -814,10 +830,6 @@ static int dthe_aead_setkey(struct crypto_aead *tfm, c= onst u8 *key, unsigned int if (keylen !=3D AES_KEYSIZE_128 && keylen !=3D AES_KEYSIZE_192 && keylen = !=3D AES_KEYSIZE_256) return -EINVAL; =20 - ctx->aes_mode =3D DTHE_AES_GCM; - ctx->keylen =3D keylen; - memcpy(ctx->key, key, keylen); - crypto_sync_aead_clear_flags(ctx->aead_fb, CRYPTO_TFM_REQ_MASK); crypto_sync_aead_set_flags(ctx->aead_fb, crypto_aead_get_flags(tfm) & @@ -826,6 +838,28 @@ static int dthe_aead_setkey(struct crypto_aead *tfm, c= onst u8 *key, unsigned int return crypto_sync_aead_setkey(ctx->aead_fb, key, keylen); } =20 +static int dthe_gcm_aes_setkey(struct crypto_aead *tfm, const u8 *key, uns= igned int keylen) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + + ctx->aes_mode =3D DTHE_AES_GCM; + ctx->keylen =3D keylen; + memcpy(ctx->key, key, keylen); + + return dthe_aead_setkey(tfm, key, keylen); +} + +static int dthe_ccm_aes_setkey(struct crypto_aead *tfm, const u8 *key, uns= igned int keylen) +{ + struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); + + ctx->aes_mode =3D DTHE_AES_CCM; + ctx->keylen =3D keylen; + memcpy(ctx->key, key, keylen); + + return dthe_aead_setkey(tfm, key, keylen); +} + static int dthe_aead_setauthsize(struct crypto_aead *tfm, unsigned int aut= hsize) { struct dthe_tfm_ctx *ctx =3D crypto_aead_ctx(tfm); @@ -988,14 +1022,18 @@ static int dthe_aead_run(struct crypto_engine *engin= e, void *areq) writel_relaxed(1, aes_base_reg + DTHE_P_AES_AUTH_LENGTH); } =20 - if (req->iv) { - memcpy(iv_in, req->iv, GCM_AES_IV_SIZE); + if (ctx->aes_mode =3D=3D DTHE_AES_GCM) { + if (req->iv) { + memcpy(iv_in, req->iv, GCM_AES_IV_SIZE); + } else { + iv_in[0] =3D 0; + iv_in[1] =3D 0; + iv_in[2] =3D 0; + } + iv_in[3] =3D 0x01000000; } else { - iv_in[0] =3D 0; - iv_in[1] =3D 0; - iv_in[2] =3D 0; + memcpy(iv_in, req->iv, AES_IV_SIZE); } - iv_in[3] =3D 0x01000000; =20 /* Clear key2 to reset previous GHASH intermediate data */ for (int i =3D 0; i < AES_KEYSIZE_256 / sizeof(u32); ++i) @@ -1065,20 +1103,54 @@ static int dthe_aead_crypt(struct aead_request *req) struct dthe_data *dev_data =3D dthe_get_dev(ctx); struct crypto_engine *engine; unsigned int cryptlen =3D req->cryptlen; + bool is_zero_ctr =3D true; =20 /* In decryption, last authsize bytes are the TAG */ if (!rctx->enc) cryptlen -=3D ctx->authsize; =20 + if (ctx->aes_mode =3D=3D DTHE_AES_CCM) { + /* + * For CCM Mode, the 128-bit IV contains the following: + * | 0 .. 2 | 3 .. 7 | 8 .. (127-8*L) | (128-8*L) .. 127 | + * | L-1 | Zero | Nonce | Counter | + * L needs to be between 2-8 (inclusive), i.e. 1 <=3D (L-1) <=3D 7 + * and the next 5 bits need to be zeroes. Else return -EINVAL + */ + u8 *iv =3D req->iv; + u8 L =3D iv[0]; + + if (L < 1 || L > 7) + return -EINVAL; + /* + * DTHEv2 HW can only work with zero initial counter in CCM mode. + * Check if the initial counter value is zero or not + */ + for (int i =3D 0; i < L + 1; ++i) { + if (iv[AES_IV_SIZE - 1 - i] !=3D 0) { + is_zero_ctr =3D false; + break; + } + } + } + /* * Need to fallback to software in the following cases due to HW restrict= ions: * - Both AAD and plaintext/ciphertext are zero length - * - AAD length is more than 2^32 - 1 bytes - * PS: req->cryptlen is currently unsigned int type, which causes the abo= ve condition - * tautologically false. If req->cryptlen were to be changed to a 64-bit = type, - * the check for this would need to be added below. + * - For AES-GCM, AAD length is more than 2^32 - 1 bytes + * - For AES-CCM, AAD length is more than 2^16 - 2^8 bytes + * - For AES-CCM, plaintext/ciphertext length is more than 2^61 - 1 bytes + * - For AES-CCM, AAD length is non-zero but plaintext/ciphertext length = is zero + * - For AES-CCM, the initial counter (last L+1 bytes of IV) is not all z= eroes + * + * PS: req->cryptlen is currently unsigned int type, which causes the sec= ond and fourth + * cases above tautologically false. If req->cryptlen is to be changed to= a 64-bit + * type, the check for these would also need to be added below. */ - if (req->assoclen =3D=3D 0 && cryptlen =3D=3D 0) + if ((req->assoclen =3D=3D 0 && cryptlen =3D=3D 0) || + (ctx->aes_mode =3D=3D DTHE_AES_CCM && req->assoclen > DTHE_AES_CCM_AA= D_MAXLEN) || + (ctx->aes_mode =3D=3D DTHE_AES_CCM && cryptlen =3D=3D 0) || + (ctx->aes_mode =3D=3D DTHE_AES_CCM && !is_zero_ctr)) return dthe_aead_do_fallback(req); =20 engine =3D dev_data->engine; @@ -1203,7 +1275,7 @@ static struct aead_engine_alg aead_algs[] =3D { { .base.init =3D dthe_aead_init_tfm, .base.exit =3D dthe_aead_exit_tfm, - .base.setkey =3D dthe_aead_setkey, + .base.setkey =3D dthe_gcm_aes_setkey, .base.setauthsize =3D dthe_aead_setauthsize, .base.maxauthsize =3D AES_BLOCK_SIZE, .base.encrypt =3D dthe_aead_encrypt, @@ -1225,6 +1297,31 @@ static struct aead_engine_alg aead_algs[] =3D { }, .op.do_one_request =3D dthe_aead_run, }, /* GCM AES */ + { + .base.init =3D dthe_aead_init_tfm, + .base.exit =3D dthe_aead_exit_tfm, + .base.setkey =3D dthe_ccm_aes_setkey, + .base.setauthsize =3D dthe_aead_setauthsize, + .base.maxauthsize =3D AES_BLOCK_SIZE, + .base.encrypt =3D dthe_aead_encrypt, + .base.decrypt =3D dthe_aead_decrypt, + .base.chunksize =3D AES_BLOCK_SIZE, + .base.ivsize =3D AES_IV_SIZE, + .base.base =3D { + .cra_name =3D "ccm(aes)", + .cra_driver_name =3D "ccm-aes-dthev2", + .cra_priority =3D 299, + .cra_flags =3D CRYPTO_ALG_TYPE_AEAD | + CRYPTO_ALG_KERN_DRIVER_ONLY | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize =3D 1, + .cra_ctxsize =3D sizeof(struct dthe_tfm_ctx), + .cra_reqsize =3D sizeof(struct dthe_aes_req_ctx), + .cra_module =3D THIS_MODULE, + }, + .op.do_one_request =3D dthe_aead_run, + }, /* CCM AES */ }; =20 int dthe_register_aes_algs(void) diff --git a/drivers/crypto/ti/dthev2-common.h b/drivers/crypto/ti/dthev2-c= ommon.h index 0aaecf02258e0..3b6f97356e1b3 100644 --- a/drivers/crypto/ti/dthev2-common.h +++ b/drivers/crypto/ti/dthev2-common.h @@ -39,6 +39,7 @@ enum dthe_aes_mode { DTHE_AES_CTR, DTHE_AES_XTS, DTHE_AES_GCM, + DTHE_AES_CCM, }; =20 /* Driver specific struct definitions */ --=20 2.34.1