drivers/crypto/ti/Kconfig | 3 + drivers/crypto/ti/dthev2-aes.c | 726 +++++++++++++++++++++++++++++- drivers/crypto/ti/dthev2-common.h | 12 +- 3 files changed, 738 insertions(+), 3 deletions(-)
DTHEv2 is a new cryptography engine introduced in TI AM62L SoC. The features of DTHEv2 and details of AES modes supported were detailed in [1]. Additional hardware details available in SoC TRM [2]. This patch series adds support for the following AES modes: - AES-GCM - AES-CCM The driver is tested using full kernel crypto selftests (CRYPTO_SELFTESTS_FULL) which all pass successfully [3]. Signed-off-by: T Pratham <t-pratham@ti.com> --- [1]: [PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto Engine Link: https://lore.kernel.org/all/20250820092710.3510788-1-t-pratham@ti.com/ [2]: Section 14.6.3 (DMA Control Registers -> DMASS_DTHE) Link: https://www.ti.com/lit/ug/sprujb4/sprujb4.pdf [3]: DTHEv2 AES Engine kernel self-tests logs Link: https://gist.github.com/Pratham-T/aaa499cf50d20310cb27266a645bfd60 Change log: v11: - Removed AES-CTR patch merged in v10 - Split scatterlists into AAD and crypt scatterlists to be sent in separate DMA transactions. In-place operations now have the modified crypt scatterlist same for src and dst. - Added correct handling of in-place operations which require scatterlists to be mapped with DMA_BIDIRECTIONAL dma direction. - Moved DMA callback registration to the last DMA transcriptor based on conditions (cryptlen = 0 or not). - Minor cleanup and added dev_err messages. v10: - Moved dthe_copy_sg() into AES-CTR patch as it is the first user. Thus maintaining bisectability. - Corrected padding array size in req_ctx to avoid buffer overflow bug. - Check for error in registration individually for AES and AEAD algos. - Fixed return value being overridden in AEAD tag calculation/verification. - Changed memcmp to crypto_memneq to enhance security. - Moved verifying AEAD keylen to before copying it in ctx to avoid any buffer overflow bug. v9: - Removed modifying scatterlist in AES-CTR. Replaced with allocating our own scatterlist for the same purpose to handle padding. v8: - Removed scatterlist chaining from AES-CTR, along with accompanying helper functions added in v6. Replaced with sending only complete blocks to hardware and handling the last partial block in software. v7: - Moved padding buffer to inside request ctx. - Removed already merged AES-XTS patch. - Moved dthe_copy_sg() helper from CTR patch to GCM patch, where it is being used for first time. v6: - Removed memory alloc calls on the data path (CTR padding in aes_run), replaced with scatterlist chaining for added a pad buffer. Added two accompanying helpers dthe_chain_pad_sg() and dthe_unchain_padded_sg(). - Replaced GFP_KERNEL to GFP_ATOMIC in AEAD src and dst scatterlist prep functions to avoid deadlock in data path. - Added fallback to software in AEADs on failure. v5: - Simplified AES-XTS fallback allocation, directly using xts(aes) for alg_name - Changed fallback to sync and allocated on stack v4: - Return -EINVAL in AES-XTS when cryptlen = 0 - Added software fallback for AES-XTS when ciphertext stealing is required (cryptlen is not multiple of AES_BLOCK_SIZE) - Changed DTHE_MAX_KEYSIZE definition to use AES_MAX_KEY_SIZE instead of AES_KEYSIZE_256 - In AES-CTR, also pad dst scatterlist when padding src scatterlist - Changed polling for TAG ready to use readl_relaxed_poll_timeout() - Used crypto API functions to access struct members instead of directly accessing them (crypto_aead_tfm and aead_request_flags) - Allocated padding buffers in AEAD algos on the stack. - Changed helper functions dthe_aead_prep_* to return ERR_PTR on error - Changed some error labels in dthe_aead_run to improve clarity - Moved iv_in[] declaration from middle of the function to the top - Corrected setting CCM M value in the hardware register - Added checks for CCM L value input in the algorithm from IV. - Added more fallback cases for CCM where hardware has limitations v3: - Added header files to remove implicit declaration error. - Corrected assignment of src_nents and dst_nents in dthe_aead_run (Ran the lkp kernel test bot script locally to ensure no more such errors are present) v2: - Corrected assignment of variable unpadded_cryptlen in dthe_aead_run. - Removed some if conditions which are always false, and documented the cases in comments. - Moved polling of TAG ready register to a separate function and returning -ETIMEDOUT on poll timeout. - Corrected comments to adhere to kernel coding guidelines. Link to previous version: v10: https://lore.kernel.org/all/20260226125441.3559664-1-t-pratham@ti.com/ v9: https://lore.kernel.org/all/20260213130207.209336-1-t-pratham@ti.com/ v8: https://lore.kernel.org/all/20260120144408.606911-1-t-pratham@ti.com/ v7: https://lore.kernel.org/all/20251126112207.4033971-1-t-pratham@ti.com/ v6: https://lore.kernel.org/all/20251111112137.976121-1-t-pratham@ti.com/ v5: https://lore.kernel.org/all/20251022180302.729728-1-t-pratham@ti.com/ v4: https://lore.kernel.org/all/20251009111727.911738-1-t-pratham@ti.com/ v3: https://lore.kernel.org/all/20250910100742.3747614-1-t-pratham@ti.com/ v2: https://lore.kernel.org/all/20250908140928.2801062-1-t-pratham@ti.com/ v1: https://lore.kernel.org/all/20250905133504.2348972-4-t-pratham@ti.com/ --- T Pratham (2): crypto: ti - Add support for AES-GCM in DTHEv2 driver crypto: ti - Add support for AES-CCM in DTHEv2 driver drivers/crypto/ti/Kconfig | 3 + drivers/crypto/ti/dthev2-aes.c | 726 +++++++++++++++++++++++++++++- drivers/crypto/ti/dthev2-common.h | 12 +- 3 files changed, 738 insertions(+), 3 deletions(-) -- 2.34.1
On Fri, Mar 20, 2026 at 04:20:50PM +0530, T Pratham wrote: > DTHEv2 is a new cryptography engine introduced in TI AM62L SoC. The > features of DTHEv2 and details of AES modes supported were detailed in > [1]. Additional hardware details available in SoC TRM [2]. > > This patch series adds support for the following AES modes: > - AES-GCM > - AES-CCM > > The driver is tested using full kernel crypto selftests > (CRYPTO_SELFTESTS_FULL) which all pass successfully [3]. > > Signed-off-by: T Pratham <t-pratham@ti.com> > --- > [1]: [PATCH v7 0/2] Add support for Texas Instruments DTHEv2 Crypto Engine > Link: https://lore.kernel.org/all/20250820092710.3510788-1-t-pratham@ti.com/ > > [2]: Section 14.6.3 (DMA Control Registers -> DMASS_DTHE) > Link: https://www.ti.com/lit/ug/sprujb4/sprujb4.pdf > > [3]: DTHEv2 AES Engine kernel self-tests logs > Link: https://gist.github.com/Pratham-T/aaa499cf50d20310cb27266a645bfd60 > > Change log: > v11: > - Removed AES-CTR patch merged in v10 > - Split scatterlists into AAD and crypt scatterlists to be sent in > separate DMA transactions. In-place operations now have the modified > crypt scatterlist same for src and dst. > - Added correct handling of in-place operations which require > scatterlists to be mapped with DMA_BIDIRECTIONAL dma direction. > - Moved DMA callback registration to the last DMA transcriptor based on > conditions (cryptlen = 0 or not). > - Minor cleanup and added dev_err messages. > v10: > - Moved dthe_copy_sg() into AES-CTR patch as it is the first user. Thus > maintaining bisectability. > - Corrected padding array size in req_ctx to avoid buffer overflow bug. > - Check for error in registration individually for AES and AEAD algos. > - Fixed return value being overridden in AEAD tag > calculation/verification. > - Changed memcmp to crypto_memneq to enhance security. > - Moved verifying AEAD keylen to before copying it in ctx to avoid any > buffer overflow bug. > v9: > - Removed modifying scatterlist in AES-CTR. Replaced with allocating > our own scatterlist for the same purpose to handle padding. > v8: > - Removed scatterlist chaining from AES-CTR, along with accompanying > helper functions added in v6. Replaced with sending only complete > blocks to hardware and handling the last partial block in software. > v7: > - Moved padding buffer to inside request ctx. > - Removed already merged AES-XTS patch. > - Moved dthe_copy_sg() helper from CTR patch to GCM patch, where it is > being used for first time. > v6: > - Removed memory alloc calls on the data path (CTR padding in aes_run), > replaced with scatterlist chaining for added a pad buffer. Added two > accompanying helpers dthe_chain_pad_sg() and > dthe_unchain_padded_sg(). > - Replaced GFP_KERNEL to GFP_ATOMIC in AEAD src and dst scatterlist > prep functions to avoid deadlock in data path. > - Added fallback to software in AEADs on failure. > v5: > - Simplified AES-XTS fallback allocation, directly using xts(aes) for > alg_name > - Changed fallback to sync and allocated on stack > v4: > - Return -EINVAL in AES-XTS when cryptlen = 0 > - Added software fallback for AES-XTS when ciphertext stealing is > required (cryptlen is not multiple of AES_BLOCK_SIZE) > - Changed DTHE_MAX_KEYSIZE definition to use AES_MAX_KEY_SIZE instead > of AES_KEYSIZE_256 > - In AES-CTR, also pad dst scatterlist when padding src scatterlist > - Changed polling for TAG ready to use readl_relaxed_poll_timeout() > - Used crypto API functions to access struct members instead of > directly accessing them (crypto_aead_tfm and aead_request_flags) > - Allocated padding buffers in AEAD algos on the stack. > - Changed helper functions dthe_aead_prep_* to return ERR_PTR on error > - Changed some error labels in dthe_aead_run to improve clarity > - Moved iv_in[] declaration from middle of the function to the top > - Corrected setting CCM M value in the hardware register > - Added checks for CCM L value input in the algorithm from IV. > - Added more fallback cases for CCM where hardware has limitations > v3: > - Added header files to remove implicit declaration error. > - Corrected assignment of src_nents and dst_nents in dthe_aead_run > (Ran the lkp kernel test bot script locally to ensure no more such > errors are present) > v2: > - Corrected assignment of variable unpadded_cryptlen in dthe_aead_run. > - Removed some if conditions which are always false, and documented the > cases in comments. > - Moved polling of TAG ready register to a separate function and > returning -ETIMEDOUT on poll timeout. > - Corrected comments to adhere to kernel coding guidelines. > > Link to previous version: > > v10: https://lore.kernel.org/all/20260226125441.3559664-1-t-pratham@ti.com/ > v9: https://lore.kernel.org/all/20260213130207.209336-1-t-pratham@ti.com/ > v8: https://lore.kernel.org/all/20260120144408.606911-1-t-pratham@ti.com/ > v7: https://lore.kernel.org/all/20251126112207.4033971-1-t-pratham@ti.com/ > v6: https://lore.kernel.org/all/20251111112137.976121-1-t-pratham@ti.com/ > v5: https://lore.kernel.org/all/20251022180302.729728-1-t-pratham@ti.com/ > v4: https://lore.kernel.org/all/20251009111727.911738-1-t-pratham@ti.com/ > v3: https://lore.kernel.org/all/20250910100742.3747614-1-t-pratham@ti.com/ > v2: https://lore.kernel.org/all/20250908140928.2801062-1-t-pratham@ti.com/ > v1: https://lore.kernel.org/all/20250905133504.2348972-4-t-pratham@ti.com/ > --- > > T Pratham (2): > crypto: ti - Add support for AES-GCM in DTHEv2 driver > crypto: ti - Add support for AES-CCM in DTHEv2 driver > > drivers/crypto/ti/Kconfig | 3 + > drivers/crypto/ti/dthev2-aes.c | 726 +++++++++++++++++++++++++++++- > drivers/crypto/ti/dthev2-common.h | 12 +- > 3 files changed, 738 insertions(+), 3 deletions(-) > > -- > 2.34.1 All applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
© 2016 - 2026 Red Hat, Inc.